Grouper Users - Open Discussion List

[Rob Gorrell <>]

Yes, I can across this same problem with the PSP not along ago in this thread:
https://lists.internet2.edu/sympa/arc/grouper-users/2017-01/msg00010.html

-Rob

On Tue, Jan 24, 2017 at 3:33 PM, Redman, Chad Eric <> wrote:

Hi,

 

We have some LDAP loader jobs that query AD for subjects. An issue we found when going to production was that our AD source returns a ranged attribute for a membership fields when there are over 1500 members. What this means is that the attribute returned from the query is not "member" but "member;range=0-1499". The client is then expected to do further queries to get the rest of the members, e.g. "member;range=1500-*" and so on.

 

The closest mention I could find for this problem was a 2009 post mentioning a custom result handler for LDAPPC that could handle ranged results. We applied a similar solution to the LDAP Loader. We created a custom RangeSearchResultHandler class (based on the one from https://code.google.com/archive/p/vt-middleware/wikis/vtldapAD.wiki#Range_Attributes) to handle the non-standard attribute label and the loop to get the results. The vt-ldap config has an option (searchResultHandlers) for a multi-valued list of search result handler classes. However, we needed to patch the Grouper code so that it could handle a new ldap.*.searchResultHandlers property in the grouper-loader.properties file and pass it on the LDAP config.

 

Has anyone come across the same issue in getting large result sets from AD? Has this already been solved? I tried the other recommended methods of setting pagedResultsSize, referral, and/or batchSize, with no success. From a debug session, it looks like they all fail to account for "member;range=0-1499" really being the member field.

 

I can put a pull request together, if this is something useful outside of our own installation.

 

-Chad

 

--

Robert W. Gorrell
Systems Architect, Identity and Access Management

University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA