Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Dec 2006
    Posts
    23
    Thanks
    1
    Thanked 0 Times in 0 Posts

    ldap queries return only 2000 ad users

    Hello,

    I have a problem in a large domain, it seems like php ldap is limited to search / progress 2000 users, is this something related to php upload limit or something?
    Last edited by ravin; 03-19-2007 at 11:01 PM.

  • #2
    Senior Coder
    Join Date
    Aug 2003
    Location
    One step ahead of you.
    Posts
    2,815
    Thanks
    0
    Thanked 3 Times in 3 Posts
    It shouldn't be limited. There are no php.ioni settings that would limit it unless you would be running out memory or reaching the maximum execution time. If you are sure you don't reach them (and you know how reproduce it) you might consider reporting it as a bug.
    I'm not sure if this was any help, but I hope it didn't make you stupider.

    Experience is something you get just after you really need it.
    PHP Installation Guide Feedback welcome.

  • #3
    New Coder
    Join Date
    Dec 2006
    Posts
    23
    Thanks
    1
    Thanked 0 Times in 0 Posts
    It always returns 2000 users, so im missing alot of users.. I wonder where the limit is...mysql limit? php.ini limit? apache limit?

    PHP Version 4.4.4
    PHP API 20020918
    PHP Extension 20020429
    Zend Extension 20050606

    ldap
    LDAP Support enabled
    RCS Version $Id: ldap.c,v 1.130.2.13.2.1 2006/01/01 13:46:54 sniper Exp $
    Total Links 0/unlimited
    API Version 2004
    Vendor Name OpenLDAP
    Vendor Version 0


    Code:
    $ldap_server = "ldap://sms.test.local";
    $auth_user = "administrator@test.local";
    $auth_pass = "test";
    
    // Set the base dn to search the entire directory.
    
    $base_dn = "DC=test, DC=local";
    
    // Show only user persons
    $filter = "(&(objectClass=user)(objectCategory=person)(cn=*))";
    
    // Enable to show only users
    // $filter = "(&(objectClass=user)(cn=$*))";
    
    // Enable to show everything
    //$filter = "(cn=*)";
    
    // connect to server
    
    if (!($connect=@ldap_connect($ldap_server))) {
         die("Could not connect to ldap server");
    }
    ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION,3);
    ldap_set_option($connect, LDAP_OPT_REFERRALS,0);
    
    // bind to server
    
    if (!($bind=@ldap_bind($connect, $auth_user, $auth_pass))) {
         die("Unable to bind to server");
    }
    
    //if (!($bind=@ldap_bind($connect))) {
    //    die("Unable to bind to server");
    //}
    
    // search active directory
    
    if (!($search=@ldap_search($connect, $base_dn, $filter))) {
         die("Unable to search ldap server");
    }
    
    $number_returned = ldap_count_entries($connect,$search);
    $info = ldap_get_entries($connect, $search);
    
    echo "Selected number of users in AD : ". $number_returned."<p>";
    	
    
    // Now start doing the data display and import.
    
    logwrite($fp, " >>>>>> Starting Import of Data");
    
    for ($i=0; $i<$info["count"]; $i++) {
    echo "<b>Company :</b> ". $info[$i]["company"][0]."<br>";
    echo "<b>Title :</b> ". $info[$i]["title"][0]."<br>";
    echo "<b>Department :</b> ". $info[$i]["department"][0]."<br>";
    echo "<b>Username :</b> ". $info[$i]["samaccountname"][0]."<br>";
    echo "<b>Firstname :</b> ". $info[$i]["givenname"][0]."<br>";
    echo "<b>Lastname :</b> ". $info[$i]["sn"][0]."<br>";
    echo "<b>Fullname :</b> ". $info[$i]["cn"][0]."<br>";
    echo "<b>Display name :</b> ". $info[$i]["displayname"][0]."<br>";
    echo "<b>Email :</b> ". $info[$i]["mail"][0]."<br>";
    echo "<b>Telephone number :</b> ". $info[$i]["telephonenumber"][0]."<br>";
    echo "<b>Home number :</b> ". $info[$i]["homephone"][0]."<br>";
    echo "<b>Mobile number :</b> ". $info[$i]["mobile"][0]."<br>";
    echo "<b>Street :</b> ". $info[$i]["streetaddress"][0]."<br>";
    echo "<b>Postalcode :</b>". $info[$i]["postalcode"][0]."<br>";
    echo "<b>City :</b> ". $info[$i]["l"][0]."<br>";
    echo "<b>Country :</b> ". $info[$i]["co"][0]."<br>";
    echo "<b>Member of :</b> ". $info[$i]["memberof"][0]."<br>";
    echo "<b>Last Change :</b> ". $info[$i]["whenchanged"][0]."<p>";
    }

    Apache limits

    Code:
    # MaxKeepAliveRequests: The maximum number of requests to allow
    # during a persistent connection. Set to 0 to allow an unlimited amount.
    # We recommend you leave this number high, for maximum performance.
    #
    MaxKeepAliveRequests 100
    
    #
    # KeepAliveTimeout: Number of seconds to wait for the next request from the
    # same client on the same connection.
    #
    KeepAliveTimeout 15
    PHP limit

    Code:
    max_execution_time = 60 ; Maximum execution time of each script, in seconds
    max_input_time = 60	; Maximum amount of time each script may spend parsing request data
    memory_limit = 8M       ; Maximum amount of memory a script may consume (8MB)
    
    ; Valid range 0 - 2147483647.  Default = 4096.
    ;mssql.textlimit = 4096
    
    ; Valid range 0 - 2147483647.  Default = 4096.
    ;mssql.textsize = 4096
    The script is running on local network, and it takes about 20 seconds to complete 2000 user accounts and all stuff into mysql database.
    Last edited by ravin; 03-20-2007 at 10:08 AM.

  • #4
    Senior Coder
    Join Date
    Aug 2003
    Location
    One step ahead of you.
    Posts
    2,815
    Thanks
    0
    Thanked 3 Times in 3 Posts
    The ldap server has it's own limit (in it's configuration) aswell. PHP can only fetch as many rows as the limit or to a lower limit you set.
    I'm not sure if this was any help, but I hope it didn't make you stupider.

    Experience is something you get just after you really need it.
    PHP Installation Guide Feedback welcome.

  • #5
    New Coder
    Join Date
    Dec 2006
    Posts
    23
    Thanks
    1
    Thanked 0 Times in 0 Posts
    so...what of these values need to change then?

    Windows 2000 and Windows Server 2003 LDAP administration limits

    The LDAP administration limits are: • InitRecvTimeout - This value defines the maximum time in seconds that a domain controller waits for the client to send the first request after the domain controller receives a new connection. If the client does not send the first request in this amount of time, the server disconnects the client.

    Default value: 120 seconds
    • MaxActiveQueries - The maximum number of concurrent LDAP search operations that are permitted to run at the same time on a domain controller. When this limit is reached, the LDAP server returns a "busy" error.

    Default value: 20

    Note This control has an incorrect interaction with the MaxPoolThreads value. MaxPoolThreads is a per-processor control, while MaxActiveQueries defines an absolute number. Starting with Windows Server 2003, MaxActiveQueries is no longer enforced. Additionally, MaxActiveQueries does not appear in the Windows Server 2003 version of NTDSUTIL.

    Default value: 20
    • MaxConnections - The maximum number of simultaneous LDAP connections that a domain controller will accept. If a connection comes in after the domain controller reaches this limit, the domain controller drops another connection.

    Default value: 5000
    • MaxConnIdleTime - The maximum time in seconds that the client can be idle before the LDAP server closes the connection. If a connection is idle for more than this time, the LDAP server returns an LDAP disconnect notification.

    Default value: 900 seconds
    • MaxDatagramRecv - The maximum size of a datagram request that a domain controller will process. Requests that are larger than the value for MaxDatagramRecv are ignored.

    Default: 1,024 bytes
    • MaxNotificationPerConnection - The Maximum number of outstanding notification requests that are permitted on a single connection. When this limit is reached the server returns a "busy" error to any new notification searches that are performed on that connection.

    Default value: 5
    • MaxPageSize - This value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSize value. To summarize, MaxPageSize controls the number of objects that are returned in a single search result.

    Default value: 1,000
    • MaxPoolThreads - The maximum number of threads per-processor that a domain controller dedicates to listening for network input or output (I/O). This value also determines the maximum number of threads per-processor that can work on LDAP requests at the same time.

    Default value: 4 threads per-processor
    • MaxResultSetSize - Between the individual searches that make up a paged result search, the domain controller may store intermediate data for the client. The domain controller stores this data to speed up the next part of the paged result search. The MaxResultSize value controls the total amount of data that the domain controller stores for this kind of search. When this limit is reached, the domain controller discards the oldest of these intermediate results to make room to store new intermediate results.

    Default value: 262,144 bytes
    • MaxQueryDuration - The maximum time in seconds that a domain controller will spend on a single search. When this limit is reached, the domain controller returns a " timeLimitExceeded" error. Searches that require more time must specify the paged results control.

    Default value: 120 seconds
    • MaxTempTableSize - While a query is processed, the dblayer may try to create a temporary database table to sort and select intermediate results from. The MaxTempTableSize limit controls how large this temporary database table can be. If the temporary database table would contain more objects than the value for MaxTempTableSize, the dblayer performs a much less efficient parsing of the complete DS database and of all the objects in the DS database.

    Default value: 10,000 records
    • MaxValRange - This value controls the number of values that are returned for an attribute of an object, independent of how many attributes that object has, or of how many objects were in the search result. In Windows 2000 this control is "hard" coded at 1,000. If an attribute has more than the number of values that are specified by the MaxValRange value, you must use value range controls in LDAP to retrieve values that exceed the MaxValRange value. MaxValueRange controls the number of values that are returned on a single attribute on a single object.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •