The mailing list for listmasters using Sympa

[Steve Shipway <address@concealed>]

I created a script here that synchronises the list of mailing list addresses with Contacts in the AD LDAP.  This hit the sizelimit error when I pulled the list of contacts out for comparison.

 

In my script, I could use a paged ldap read rather than a straight one, so managed to retrieve all the values that way.  Unfortunately, Sympa (at least in 6.1.x) does not have the option to use a paged read in its LDAP.

 

You can raise the sizelimit on your AD server, but that’s a bad idea as it is global and there to protect your server.  Your other option is to use the filter to limit the retrieved objects by another means – for example, have one LDAP lookup that retrieves people with an email address starting with a, then one for b, and so on… and then you have 26 LDAP datasources that between them cover the whole set but individually do not break the sizelimit.  Yes, this is very ugly, but it works (and the config can be generated by a simple script or copy/paste).

 

Your final option is to make a patch for Sympa and add a ‘use paged’ option to the LDAP datasource.  This would not be all that difficult to do and submit back to the project, but it does mean you’re running a non-standard build.

 

Steve

 

How to do a paged LDAP read:

use Net::LDAP::Control::Paged;

use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED );

$ldap = Net::LDAP->new( %ldapargs );

$page = Net::LDAP::Control::Paged->new( size => $PAGESIZE );

while(1) {

        $rv = $ldap->search(control=>[$page], %args );

        if( $rv->code ) { last; }

        foreach my $entry ( $rv->entries ) {

                push @entries, $entry;

        }

        $resp = $rv->control( LDAP_CONTROL_PAGED ) or last;

        $cookie = $resp->cookie or last;

        $page->cookie($cookie);

}

 

Steve Shipway

address@concealed

(GNU Terry Pratchett)

 

From: address@concealed [mailto:address@concealed] On Behalf Of Etan Weintraub
Sent: Tuesday, 19 May 2015 1:57 a.m.
To: address@concealed
Subject: [sympa-users] Groups and Active Directory

 

Hi all-

I’m wondering if anyone else has run into the size limit problem with groups in Active Directory. Basically, if you have a group with more than 1500 members, it seems that if you do a search against your user container for people with the memberof attribute you get a sizelimit error, and if you do a two-step LDAP search, the initial search returns no members, as it puts them in a ranged attribute instead. I ran into a similar issue when I was developing a group management tool, and had to write some special code into my Perl software to handle that case (which I’d be happy to share with the project if someone wants to implement it in the base code for Sympa) but I was wondering if others had run into this issue, and if so, how they had handled it.

 

-Etan E. Weintraub

Information Security Architect

IT@Johns Hopkins

Johns Hopkins at Mt. Washington

5801 Smith Ave.

Suite 3110B

Baltimore, MD 21209

Phone: 667-208-6309

E-mail: address@concealed

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature