The mailing list for listmasters using Sympa

["Ward, Michael" <address@concealed>]

Hi Serge,

Actually, it's not a security limit - more a performance limit:

"MaxPageSize - Maximum Page Size. The largest page size allowed by the server 
(in number of rows). The server returns the number of rows that are specified 
by MaxPageSize. If paged results are requested, the client can retrieve 
additional pages until all results are returned."

I knew you can get around this in vbscript by specifying a page size limit, 
so I assumed (correctly) it would be simple enough to do in Perl as well. The 
following code works well (adapted from 
http://eldapo.blogspot.com/2007/03/simple-paged-results-with-netldap.html):

=============================================
#!/usr/bin/perl
use Net::LDAP;
use Net::LDAP::Entry;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED );

my $adHost = "its-dc1.massey.ac.nz";
my $adUsr = "CN=joindomain,OU=System,OU=Clients,DC=massey,DC=ac,DC=nz";
my $adPass = "massey";
my $base = "OU=Palmerston North,OU=Staff,OU=Clients,DC=massey,DC=ac,DC=nz";
my $query = "(mail=*)";
my @attrs = qw(cn displayname mail);
my $ldap = Net::LDAP->new($adHost) or die $!;
my $mesg = $ldap->bind($adUsr, password =>$adPass);
my $page = Net::LDAP::Control::Paged->new( size => 1000 ) or die $!;

my @args = ( base => $base,
             scope => 'sub',
             filter => $query,
             attrs => \@attrs,
             control => [ $page ],
           );

my $cookie;
my $resultcount = 0;

while (1) {

     $mesg = $ldap->search ( @args ) or die $!;

     while (my $entry = $mesg->shift_entry()) {

         my $entrydn = $entry->dn();
         my $mail = $entry->get_value('mail');
         my $displayname = $entry->get_value('displayname');
         my $cn = $entry->get_value('cn');

         print "\"$displayname\",\"$mail\"\n";
         $resultcount++;

     } # while


 my ($resp) = $mesg->control(LDAP_CONTROL_PAGED) or last;
 $cookie = $resp->cookie or last;
 $page->cookie($cookie);

} # while (1)

print "Results Returned:$resultcount\n";

if ($cookie) {
 $page->cookie($cookie);
 $page->size(0);
 $ldap->search( @args );
}
=============================================

Would it be possible to get this incorporated into Sympa? In the meantime I 
can use this code to generate a text file to be included by the Sympa list as 
you've suggested, or look at using the two level search as suggested by 
Thomas.

Regards,
Michael Ward


-----Original Message-----
From: address@concealed [mailto:address@concealed]
Sent: Monday, 12 November 2007 9:05 p.m.
To: Ward, Michael
Cc: sympa-users
Subject: Re: [sympa-users] Overcoming AD query limit

Ward, Michael wrote:
>
> Hi,
>
> Sympa 5.2.2 on RHEL 5.
>
> I've set up a list using an ldap query to update the group members,
> however I've struck the following problem:
>
> Nov 12 11:47:12 tur-lists1 wwsympa[14181]: List::_include_users_ldap()
> Ldap search failed : Sizelimit exceeded (searching on server
> dc.massey.ac.nz:389 ; suffix OU=Clients,DC=massey,DC=ac,DC=nz ; filter
> (&(mailnickname=*)(Description=Staff User)) ; attrs: mail)
>
> I believe the query limit for our domain is 2,000. Is there currently
> any way to get around the ldap query limit?
>
> I do have a number of other smaller lists already using ldap queries,
> so I know there's nothing wrong with my current config.
>
> Regards,
> Michael Ward
>
There is no solution because this limit is a security limit comming from
you LDAP server. May be it wouild dangerous to modify this limit. The
only solution i can see is a dirty solution : use multiple include LDAP
queries into your list configuration with deferent filters in a way each
query retreive less than 2000 answers and all queries togother cover the
original filter.

You may also dump periodically the LDAP category you are looking for on
a file served by an httpd server. Then include this remote file from Sympa.

No one of thoses solutions is clean...
Serge