QuickStart Manager does not display entire list of users on LDAP server

0 Likes

Problem:

QuickStart Manager does not display entire list of users on LDAP server

Resolution:

  • Product Name: StarTeam
  • Product Version: All
  • Product Component: LDAP QuickStart Manager
  • Platform/OS Version: All Supported OS

Description:
The LDAP QuickStart Manager only displays about the first 1000 users on the LDAP server




Answer/Solution:
This behavior may occur due to either of these two possible reasons, or both:

Profile settings: An LDAP Browser profile you have created for the server has settings which are responsible for the request timeout and the search result size limit. Those restrictions are sent to the server with each request and if the size limit is less than the number of subentries in a certain entry, the application won"t be able to get all of them.
LDAP Server settings: An LDAP server can be configured to return a certain number of entries that is not greater than the one defined. This can be done by modifying the server configuration files or the source code prior to compilation. In most cases such a configuration is made in order to optimize server load and prevent hacker attacks.

The workaround for these are as follows:

Profile settings: To edit a server property, select a server item in the left-hand side TreeView panel and press the Properties button on the toolbar or press Alt-Enter. Then select the "LDAP Settings" tab, where the Entry count limit input will be displayed. Enter a new value that better meets your requirements. A Zero for this parameter means that the server is asked to return all the entries found in process of search.

LDAP Server settings: There isn"t a universal way of solving this problem, for it depends on a number of reasons: what kind of server you are working with, whom the server belongs to, whether or not you enjoy administrator rights and physical access to the server. If your server is absent in the list of solutions recommended for well-known servers, we suggest you ask your system administrator or consult the server documentation. Workaround for well-known servers

Microsoft Active Directory: By default, Microsoft Active Directory which is a part of Windows 2000 Server, allows fetching only 1000 entries per one search request. In terms of this system such a restriction is called MaxPageSize. This parameter can be changed using the ntdsutil.exe file which is a command line tool supplied with Windows 2000 Server. Another way to change this parameter is to edit it directly inside the CN=Default Query Policy, CN=Query-Policies, CN=Directory Service, CN=Windows NT, CN=Services, CN=Configuration, DC=YOUR_COMPANY, DC=YOUR_COMPANY_TLD entry by using LDAP Administrator. In both cases you must have administrator rights.

OpenLDAP: The size limit for the OpenLDAP server can be changed in the config file (which can usually be found at /etc/openldap/slapd.conf). The parameter is called sizelimit. For more information please consult the slapd.conf Manual page or the OpenLDAP documentation.




Author: Levi Bowman

Old KB# 28647
Comment List
Related
Recommended