Grouper Users - Open Discussion List

["Hyzer, Chris" <>]

Yes please for pull request

 

From: [mailto:] On Behalf Of Redman, Chad Eric
Sent: Tuesday, January 24, 2017 3:34 PM
To: grouper-users <>
Subject: [grouper-users] LDAP Loader and AD ranged attributes

 

Hi,

 

We have some LDAP loader jobs that query AD for subjects. An issue we found when going to production was that our AD source returns a ranged attribute for a membership fields when there are over 1500 members. What this means is that the attribute returned from the query is not "member" but "member;range=0-1499". The client is then expected to do further queries to get the rest of the members, e.g. "member;range=1500-*" and so on.

 

The closest mention I could find for this problem was a 2009 post mentioning a custom result handler for LDAPPC that could handle ranged results. We applied a similar solution to the LDAP Loader. We created a custom RangeSearchResultHandler class (based on the one from https://code.google.com/archive/p/vt-middleware/wikis/vtldapAD.wiki#Range_Attributes) to handle the non-standard attribute label and the loop to get the results. The vt-ldap config has an option (searchResultHandlers) for a multi-valued list of search result handler classes. However, we needed to patch the Grouper code so that it could handle a new ldap.*.searchResultHandlers property in the grouper-loader.properties file and pass it on the LDAP config.

 

Has anyone come across the same issue in getting large result sets from AD? Has this already been solved? I tried the other recommended methods of setting pagedResultsSize, referral, and/or batchSize, with no success. From a debug session, it looks like they all fail to account for "member;range=0-1499" really being the member field.

 

I can put a pull request together, if this is something useful outside of our own installation.

 

-Chad