Grouper Users - Open Discussion List

[Tom Zeller <>]

Not sure it plays here, but keep in mind that AD may return attributes
in a "special" way when there are a large number of values, where
large is >1500 or so.

Scroll down to "Range Attributes" on

 http://code.google.com/p/vt-middleware/wiki/vtldapAD

That particular impl is not-so-great ;-)

Google "active directory range retrieval" for more info.





On Mon, Apr 29, 2013 at 3:47 PM, Bryan E. Wooten 
<>
 wrote:
> Here I go again. I am trying to create a groups from attributes. (we have an
> attribute called uuemployee and I want to create a group of
> uuCurrentEmployee).
>
>
>
> This group definition works fine against LDAP but when I point
> grouper-loader.properties at AD I only get 859 members, but the result
> should be over 30k.
>
>
>
> I have tried changing this:
>
>
>
> ldap.personLdap.batchSize = 800
>
> ldap.personlLdap.pagedResultsSize=800
>
> ldap.personLdap.countLimit = 600000
>
>
>
> ldap.personLdap.timeLimit = 600000
>
>
>
> But it has no effect on the results.
>
>
>
> Can someone send me their sanitized grouper-loader.properties and
> ldap.properties that actually work with large AD datasets?
>
>
>
> When I use same AD account in my Softterra LDAP browser I can read
> everything, so I don’t think it is an AD configuration issue.
>
>
>
> Thanks,
>
>
>
> Bryan