+ Post New Thread
Results 1 to 9 of 9
Coding Thread, PHP LDAP returning only some results in Coding and Web Development; Hi, I am trying to pull information on all our student account from LDAP. The issue i'm having is i ...
  1. #1
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    985
    Thank Post
    58
    Thanked 165 Times in 117 Posts
    Rep Power
    68

    PHP LDAP returning only some results

    Hi,

    I am trying to pull information on all our student account from LDAP.

    The issue i'm having is i can only get 2500 accounts but Active Directory holds 3500ish.

    Is there way to increase the ldap result cache, you can do this in vbs by setting "pagesize" but i can't find how to do it in php.

    Or is there a way to page the results by getting 2500 then the remainder in two calls?
    Last edited by penfold_99; 9th February 2009 at 09:56 AM. Reason: Added: Its an AD Domain

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,132
    Thank Post
    522
    Thanked 2,542 Times in 1,976 Posts
    Blog Entries
    24
    Rep Power
    876
    Active Directory has a page limit size by default. (I always thought it was 1000 objects, so I'm not sure how you're getting 2500). You can change this using How to view and set LDAP policy in Active Directory by using Ntdsutil.exe

  3. #3

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,157
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    Set PHP to use paging (not the same as setting the maxpagesize)

    the code below is vbscript rather than PHP but I hope it's reasonably obvious what's going on. Key thing is that you specify how many results you want returning at a time (page size is set to 100 here). That doesn't mean you only get 100 results; magic stuff just happens in the background so that when you do a "movenext" it either takes a record from the 100 it just got or it fetches another 100 from the server.

    In general, it's a bad idea to change the maxpagesize because it doesn't scale - you're potentially putting a huge load on the server (think about what happens when there are 10,000 or 100,000 records to return) for no real benefit.

    Code:
    Set oRootDSE = GetObject("LDAP://RootDSE")
    sDNSDomain = oRootDSE.Get("defaultNamingContext")
    Set ocommand = CreateObject("ADODB.Command")
    Set oConn = CreateObject("ADODB.Connection")
    oConn.Provider = "ADsDSOObject"
    oConn.Open
    ocommand.ActiveConnection = oConn
    sBase = "<LDAP://"  & sDNSDomain & ">"
    'find users with email
    'sFilter="(&(objectClass=user)(mail=*))"
    
    sAttributes="distinguishedname"
    
    sQuery = sBase & ";" & sFilter & ";" & sAttributes & ";subtree"
    
    ocommand.CommandText = sQuery
    
    'return records in groups of 100 - user doesn't see anything but it avoids stressing server.
    'by default won't get more than 1000 records back so if more than 1000 records must set this
    ocommand.Properties("Page Size") = 100
    'how long to wait for results; if not returned in this time then script will give up
    ocommand.Properties("Timeout") = 60
    'don't store data locally; if query run again then will re-visit server
    ocommand.Properties("Cache Results") = False
    oCommand.properties("sort on")="samaccountname"
    'execute the query against AD and get a recordset
    Set oRS = ocommand.Execute
    'check - did we get any results
    if not oRS.eof then
      'yes, so process all of them
        Do Until oRS.EOF
        'code like this means you can have any number of fields; process each in turn
        for each sField in oRS.fields
        'write the returned value
          wscript.echo oRS.Fields(sField.name)
        next
        'next record
        oRS.MoveNext
      Loop
    else
      'we didn't get any records so just give warning
       wscript.echo "No records found"
    end if
    ors.close

  4. #4
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    985
    Thank Post
    58
    Thanked 165 Times in 117 Posts
    Rep Power
    68
    Quote Originally Posted by localzuk View Post
    Active Directory has a page limit size by default. (I always thought it was 1000 objects, so I'm not sure how you're getting 2500). You can change this using How to view and set LDAP policy in Active Directory by using Ntdsutil.exe
    Thanks,

    I think the limit was increased ages ago before i started here.

  5. #5

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,132
    Thank Post
    522
    Thanked 2,542 Times in 1,976 Posts
    Blog Entries
    24
    Rep Power
    876
    Quote Originally Posted by srochford View Post
    Set PHP to use paging (not the same as setting the maxpagesize)
    I would have suggested it, but have not been able to figure out how to do such a thing with PHP...

  6. #6
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    985
    Thank Post
    58
    Thanked 165 Times in 117 Posts
    Rep Power
    68
    @srochford

    i trying to convert a vbs to php, but i think php doesn't have the ability to page like perl and pear can.

  7. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,812
    Thank Post
    110
    Thanked 585 Times in 506 Posts
    Blog Entries
    1
    Rep Power
    225
    It doesn't on it's own. However the API gives you the necessary tools to page through results yourself.

    PHP Code:
    $continue true;
    while (
    $continue) {
         
    $paged_control = array(
                             array(
                                 
    'oid' => PAGED_CONTROL_OID,
                                 
    'iscritical' => true,
                                 
    'value' => ldap_ber_printf ('{iO}',
                                                             
    PAGE_SIZE$cookie)
                             )
                          );
         if (!
    ldap_set_option($lLDAP_OPT_SERVER_CONTROLS$paged_control)) {
             echo 
    "Not OK: ldap_set_option (controls)\n";
             exit;
         }

         
    $sr ldap_search($l$query$query_filter$query_attribs000,
                           
    LDAP_DEREF_NEVER);

         if (
    $sr === FALSE) {
             echo 
    "Not OK: ldap_search\n";
             exit;
         }

         if (!
    ldap_parse_result ($l$sr, &$errcode, &$matcheddn, &$errmsg,
                                 &
    $referrals, &$serverctrls)) {
             echo 
    "Not OK: ldap_parse_result\n";
             exit;
         }

         
    $paged_control_found FALSE;
         if (isset(
    $serverctrls)) {
             foreach (
    $serverctrls as $i) {
                 if (
    $i['oid'] == PAGED_CONTROL_OID) {
                     
    ldap_ber_scanf($i['value'], '{iO}', &$pagesize, &$cookie);
                     
    $paged_control_found TRUE;
                     break;
                 }
             }
         }
         if (!
    $paged_control_found) {
             echo 
    "Not OK: paged control not found in response \n";
             exit;
         }

         
    // process entries as usual here ...

         
    if ($cookie == '') {
             
    $continue false;
         }

    Last edited by Geoff; 9th February 2009 at 11:36 AM.

  8. 2 Thanks to Geoff:

    localzuk (9th February 2009), penfold_99 (9th February 2009)

  9. #8
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    985
    Thank Post
    58
    Thanked 165 Times in 117 Posts
    Rep Power
    68
    @Geoff,

    Thanks for the script, i have tried to implement but when i do var_dump(ldap_count_entries($l,$sr); nothing is returned.

    I have set $cookie to a value of 1000, so in theory it should loop three times to get all results.

    or an i doing this all wrong?

  10. #9

    Join Date
    Dec 2009
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hello.

    Did you find any solution?
    See Reading paged LDAP results with PHP is a show-stopper <?php. Seems this is the only article that shed light on that problem.
    Hopefully the answers (still waiting for them) on my questions will help to solve the issue without patching PHP.

    Thanks,
    Igor

SHARE:
+ Post New Thread

Similar Threads

  1. PHP ldap and mysql results merge
    By localzuk in forum Web Development
    Replies: 3
    Last Post: 24th July 2009, 11:12 PM
  2. FreeBSD, PHP, Moodle + LDAP
    By Marci in forum Web Development
    Replies: 4
    Last Post: 25th June 2008, 08:20 AM
  3. Machines returning same IP address
    By tomscaper in forum Wireless Networks
    Replies: 16
    Last Post: 1st May 2008, 02:29 PM
  4. PHP and LDAP on IIS
    By srochford in forum Windows
    Replies: 2
    Last Post: 31st October 2007, 09:05 AM
  5. ldap on php
    By browolf in forum Web Development
    Replies: 11
    Last Post: 8th May 2007, 09:33 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •