tags:

views:

97

answers:

2

I am using the python LDAP module to (amongst other things) search for groups, and am running into the server's size limit and getting a SIZELIMIT_EXCEEDED exception. I have tried both synchronous and asynchronous searches and hit the problem both ways.

You are supposed to be able to work round this by setting a paging control on the search, but according to the python-ldap docs controls are not implemented yet for search_ext. Is there a way to do this in Python? If the python-ldap library does not support it, is there another Python library that does?

+2  A: 

After some discussion on the python-ldap-dev mailing list, I can answer my own question.

Page controls ARE supported by the Python lDAP module, but the docs had not been updated for search_ext to show that. The example linked by Gorgapor shows how to use the ldap.controls.SimplePagedResultsControl to read the results in pages.

However there is a gotcha. This will work with Microsoft Active Directory servers, but not with OpenLDAP servers (and possibly others, such as Sun's). The LDAP controls RFC is ambiguous as to whether paged controls should be allowed to override the server's sizelimit setting. On ActiveDirectory servers they can by default while on OpenLDAP they cannot, but I think there is a server setting that will allow them to.

So even if you implement the paged control, there is still no guarantee that it will get all the objects that you want. Sigh

Also paged controls are only available with LDAP v3, but I doubt that there are many v2 servers in use.

Dave Kirby
The python-based ldap browser, Luma, seems to be working around this limitation somehow. I've been trying to look through its source code to figure it out, but have had no luck. Also, Could you link to the python-ldap-dev thread you mentioned?
Christian Oudard