October 28th, 2009, 10:39 PM
How to get all objects from ldap when size limit exceeded is generated?
I'm trying to figure out how I get all objects of a certain type from my ldap server. For example, I would like to get all aliases with a command like this:
ldapsearch -LLL -x -b "dc=xyz,dc=com" -h <my_ldap_server> "(&(objectclass=group))" dn
However I get a size limit exceeded error. What is the approach one uses to get all data when it's a lot and exceeds the size limit?
I could use a really bone headed approach like get all that start with "A", all that start with "B", etc, but then I run into the problem where there even might be too many that start with a particular letter. Is there some general solution to this problem other than writing a fairly complex program to solve this?
October 31st, 2009, 05:10 PM
based on the -x in the ldapsearch it appears you using openLDAP, so you need the SA to setup the sizelimit so you can retrieves all the entries
The sizelimit directive specifies the number of entries to return to a search request. There are two forms of this command, first form:
sizelimit integer | unlimited
Where integer is value between 1 and 65435. unlimited (or -1) places no limits on the number of returned results.
The second form provides more control over the number of returned results and has the following format:
Where integer is the maximum number of entries slapd will return answering a search request. The behaviour of the directive depends on the optional qualifier soft, hard or unchecked as follows:
1. If no size limit is explicitly requested by the client, the soft limit is used.
2. If the requested size limit exceeds the hard limit, an "Administrative limit exceeded" is returned.
3. If the hard limit is set to 0 or to the keyword "soft", the soft limit is used in either case.
4. If the hard limit is set to -1 or to the keyword "none", no hard limit is enforced.
5. Explicit requests for size limits smaller or equal to the hard limit are honored.
6. The unchecked qualifier sets a limit on the number of candidates a search request is allowed to examine. If the selected candidates exceed the unchecked limit, the search will abort with LDAP_UNWILLING_TO_PERFORM (53, x'35). If unchecked is set to -1 or to the keyword "none", no limit is applied (the default).
7. If no qualifier is present, the value is assigned to the soft limit, and the hard limit is set to zero, to preserve the original behavior.
If no sizelimit directive is defined the default is 500. Examples: