grouper-users - [grouper-users] LDAP Loader and AD ranged attributes
Subject: Grouper Users - Open Discussion List
List archive
- From: "Redman, Chad Eric" <>
- To: grouper-users <>
- Subject: [grouper-users] LDAP Loader and AD ranged attributes
- Date: Tue, 24 Jan 2017 20:33:43 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:FsyP/ReVj4KeNoyEZk2IKisXlGMj4u6mDksu8pMizoh2WeGdxcS9YR7h7PlgxGXEQZ/co6odzbGH7+a9ACdZusbJmUtBWaQEbwUCh8QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYdFRrlKAV6OPn+FJLMgMSrzeCy/IDYbxlViDanb75/KBq7oR/Ru8ULjoduN6g8xxjUqXZUZupawn9lK0iOlBjm/Mew+5Bj8yVUu/0/8sNLTLv3caclQ7FGFToqK2866tHluhnFVguP+2ATUn4KnRpSAgjK9w/1U5HsuSbnrOV92S2aPcrrTbAoXDmp8qlmRAP0hCoBKjU09nzchM5tg6JBuB+vpwJxzZPIYI+bN/R+f7/SctwBSGVbQspdSzZMDp+gY4cRCecKIOZWr5P6p1sLtRayCxWiC/3yxT9NnHD227U22Pk/HAHGxgMvAs8FvnvOrNX0KKgeX/2+wa7UwjXDdfxZxC/y6JLWfR88pPGDR7RwfNHMyUkpCwzJlEufppH4Pz6M0OkGrmaV7+1lVe21im4nrRl8ojeoxscrhYnJgpwaxkrY+iV+xYY4I8CzRk1jYdO8DZdcqy6XO5F5T84gWW1ltzs2xqcJtJKnZCQG1ZQqywDFZ/CZaYSE/w7vWPiLLTtli39oe7SyjAuo/0e60O3zTMy03U5KriVbltnMsWgA2QTP58aAVvdw8F6t1ziI2Q3d8+1EJls7mrTBJ54m374wioEcsUPeHi/whUr6lreWdl8j+ui09evofqnmpp6bN49ykA3+NbkumtC7AeQ/NQgOXHKX9vi71L3m5UH5QbNKgeMqkqTBrZzWOcsWqrS2DgJXyIou5AuzAy2p3dgEhXUHKUhKeBODj4jnIVHOJ/X4AO+jjFSsijhk2ujJPqf/DZrQK3jMirHhcK1g605a1AU/185Q6I9JCr0ZOvL8RlfxtMDEDh8+KwG0zPznCNJg1oMGR22PGLaVML7JsVCW/OIvOPKBZIsUuDbmN/gl/ODigWU4mV8bYammw4EXaHamEfR6PUmVe2TjjcocETRCgg1rQ/btlUWPS3tOfHuoROpo6Ss8FZqrF8LeXY23m5SA2ju2BJtbejoAB1yRRyTGbYKBDr02ZS6XK8kl2hcEXLTpZpUg3lvm4AT6wrZQNOfY/yQenY/l35546/CFxkJ6ziB9E8nIizLFdGpzhG5dHzI=
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Hi, We have some LDAP loader jobs that query AD for subjects. An issue we found when going to production was that our AD source returns a ranged attribute for a membership fields when there are over 1500 members. What this means is that the
attribute returned from the query is not "member" but "member;range=0-1499". The client is then expected to do further queries to get the rest of the members, e.g. "member;range=1500-*" and so on. The closest mention I could find for this problem was a 2009 post mentioning a custom result handler for LDAPPC that could handle ranged results. We applied a similar solution to the LDAP Loader. We created a custom RangeSearchResultHandler
class (based on the one from https://code.google.com/archive/p/vt-middleware/wikis/vtldapAD.wiki#Range_Attributes) to handle the non-standard attribute label and the loop to get the results. The vt-ldap config has an option (searchResultHandlers) for a multi-valued
list of search result handler classes. However, we needed to patch the Grouper code so that it could handle a new ldap.*.searchResultHandlers property in the grouper-loader.properties file and pass it on the LDAP config. Has anyone come across the same issue in getting large result sets from AD? Has this already been solved? I tried the other recommended methods of setting pagedResultsSize, referral, and/or batchSize, with no success. From a debug session,
it looks like they all fail to account for "member;range=0-1499" really being the member field. I can put a pull request together, if this is something useful outside of our own installation. -Chad |
- [grouper-users] LDAP Loader and AD ranged attributes, Redman, Chad Eric, 01/24/2017
- Re: [grouper-users] LDAP Loader and AD ranged attributes, Rob Gorrell, 01/24/2017
- [grouper-users] RE: LDAP Loader and AD ranged attributes, Hyzer, Chris, 01/24/2017
- [grouper-users] RE: LDAP Loader and AD ranged attributes, Hyzer, Chris, 01/26/2017
- [grouper-users] RE: LDAP Loader and AD ranged attributes, Redman, Chad Eric, 01/26/2017
- [grouper-users] RE: LDAP Loader and AD ranged attributes, Redman, Chad Eric, 01/26/2017
- [grouper-users] RE: LDAP Loader and AD ranged attributes, Hyzer, Chris, 01/26/2017
- [grouper-users] RE: LDAP Loader and AD ranged attributes, Redman, Chad Eric, 01/26/2017
- [grouper-users] RE: LDAP Loader and AD ranged attributes, Hyzer, Chris, 01/26/2017
Archive powered by MHonArc 2.6.19.