grouper-users - Re: [grouper-users] LDAP Loader and AD ranged attributes
Subject: Grouper Users - Open Discussion List
List archive
- From: Rob Gorrell <>
- To: "Redman, Chad Eric" <>
- Cc: grouper-users <>
- Subject: Re: [grouper-users] LDAP Loader and AD ranged attributes
- Date: Tue, 24 Jan 2017 15:47:23 -0500
- Ironport-phdr: 9a23:MqAiYxEI3s2dYqMTMmxnYp1GYnF86YWxBRYc798ds5kLTJ7zr8ywAkXT6L1XgUPTWs2DsrQf2raQ7vmrADBZqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjSwbLd9IRmsrQjdq8YajZZtJ6os1xDEvmZGd+NKyG1yOFmdhQz85sC+/J5i9yRfpfcs/NNeXKv5Yqo1U6VWACwpPG4p6sLrswLDTRaU6XsHTmoWiBtIDBPb4xz8Q5z8rzH1tut52CmdIM32UbU5Uims4qt3VBPljjoMOiUn+2/LlMN/kKNboAqgpxNhxY7UfJqVP+d6cq/EYN8WWXZNUsNXWidcAI2zcpEPAvIDMuZWr4fzqVgAowagCwawH+7g0CNEi2Xs0KEmz+gsEwfL1xEgEdIUt3TUqc34OrsVUe+u0aLGzDLDb+lM2Tjj7IjIdg0qrPaWXbN+fsrRzlMvFxnbgVWUsoHlIjWV2fgCs2SB8eVvSP+vhnchpgpsrDavwcIshZPIhoIT0l3E+iJ5wIE6Jd28VkF3e8KrEJxVty2CNot2RN8iTH9yuCY81LIGpYC3cDIUx5s62h7SbeGMfYuQ4h/7SuqcICt0iXBgdbKxhBu96lSsx+jzW8WozFpFsi9IncXQun0N0hHe79aLRuVn8UqnxD2BzRrc6vteLkAxjafbK4Auwro3lpcLtETMBC72mEHvgK+IdUUo5vGk6uv5brn4vJCQLYB0igb5MqQhnsywH/40PRQJX2ie4ei81bvj8lPlQLhSkPE7k7XVvZLfKMQVpaO2GBNZ34Ms5hqjEzupzNEVkmUbIF9FfR+KipblN0/UL/zgCPewmVWskDNlx/DcOb3hB43ALmLNkbfuerZ98VRcxxQ3zd1E+pJUDK0OIP3pVkDvqdPYEwc1MxaozOb/FNV9yoQeVHqAAq+DN6PSrEeI6fw1I+WVeY8VoyjyK+I+5/P1iX85mEQdfbWy3ZcJcny4H/JmI1mHbnr2hNcOD3sKshQkQOP0lVKCTG0bW3HnFZgx6jQyDsbuJofKSsiAmr2Klm/vFZ1faldcB1yJGHHAaoOPHfoAdXTBDNVml2k+UrLpZIg7zxyqsEeu0aVoKfDO9ykwqJTo25546/CFxkJ6ziB9E8nIizLFdGpzhG5dAmZuhK0=
https://lists.internet2.edu/sympa/arc/grouper-users/2017-01/msg00010.html
Hi,
We have some LDAP loader jobs that query AD for subjects. An issue we found when going to production was that our AD source returns a ranged attribute for a membership fields when there are over 1500 members. What this means is that the attribute returned from the query is not "member" but "member;range=0-1499". The client is then expected to do further queries to get the rest of the members, e.g. "member;range=1500-*" and so on.
The closest mention I could find for this problem was a 2009 post mentioning a custom result handler for LDAPPC that could handle ranged results. We applied a similar solution to the LDAP Loader. We created a custom RangeSearchResultHandler class (based on the one from https://code.google.com/
archive/p/vt-middleware/wikis/ vtldapAD.wiki#Range_Attributes ) to handle the non-standard attribute label and the loop to get the results. The vt-ldap config has an option (searchResultHandlers) for a multi-valued list of search result handler classes. However, we needed to patch the Grouper code so that it could handle a new ldap.*.searchResultHandlers property in the grouper-loader.properties file and pass it on the LDAP config.
Has anyone come across the same issue in getting large result sets from AD? Has this already been solved? I tried the other recommended methods of setting pagedResultsSize, referral, and/or batchSize, with no success. From a debug session, it looks like they all fail to account for "member;range=0-1499" really being the member field.
I can put a pull request together, if this is something useful outside of our own installation.
-Chad
--
Systems Architect, Identity and Access Management
336-334-5954
PGP Key ID B36DB0CA
- [grouper-users] LDAP Loader and AD ranged attributes, Redman, Chad Eric, 01/24/2017
- Re: [grouper-users] LDAP Loader and AD ranged attributes, Rob Gorrell, 01/24/2017
- [grouper-users] RE: LDAP Loader and AD ranged attributes, Hyzer, Chris, 01/24/2017
- [grouper-users] RE: LDAP Loader and AD ranged attributes, Hyzer, Chris, 01/26/2017
- [grouper-users] RE: LDAP Loader and AD ranged attributes, Redman, Chad Eric, 01/26/2017
- [grouper-users] RE: LDAP Loader and AD ranged attributes, Redman, Chad Eric, 01/26/2017
- [grouper-users] RE: LDAP Loader and AD ranged attributes, Hyzer, Chris, 01/26/2017
- [grouper-users] RE: LDAP Loader and AD ranged attributes, Redman, Chad Eric, 01/26/2017
- [grouper-users] RE: LDAP Loader and AD ranged attributes, Hyzer, Chris, 01/26/2017
Archive powered by MHonArc 2.6.19.