Anonymous_User Absent Member.
Absent Member.
1061 views

Helpdesk Profile Match


Hi!
Is there anyone knowing if there is a highest value for the ldap
search.
LDAP Profile "LDAP Search Filter LDAP Base DN (Optional)"

We use this Helpdesk module for our teachers to set password on our
pupils.
It is great. but now we have more than 1000 teachers and it seems like
it is an upper value of 1000 users and now I would like to set it
higher.
Any one know of this or have an idea of where to set the value.

Runs on Windows 2012r2 and the SSPR v3.2.0.3 b40

Kindly wishes for answers
Niclas Winsa


--
nicwin
------------------------------------------------------------------------
nicwin's Profile: https://forums.netiq.com/member.php?userid=533
View this thread: https://forums.netiq.com/showthread.php?t=54115

0 Likes
11 Replies
EricVeysey1 Absent Member.
Absent Member.

Re: Helpdesk Profile Match


nicwin;260095 Wrote:
> Hi!
> Is there anyone knowing if there is a highest value for the ldap
> search.
> LDAP Profile "LDAP Search Filter LDAP Base DN (Optional)"
>
> We use this Helpdesk module for our teachers to set password on our
> pupils.
> It is great. but now we have more than 1000 teachers and it seems like
> it is an upper value of 1000 users and now I would like to set it
> higher.
> Any one know of this or have an idea of where to set the value.
>
> Runs on Windows 2012r2 and the SSPR v3.2.0.3 b40
>
> Kindly wishes for answers
> Niclas Winsa


I was able to include all users in a very large user base (100K+) and
all the accounts I tested seemed to work. I'm unsure if there is an
upper limit.

What are you using for the LDAP filter? If you had an attribute which
would identify teachers you could easily add all of them. For example:

LDAP Profile
All (attribute=teacher)

Thanks. Eric.


--
EricVeysey
------------------------------------------------------------------------
EricVeysey's Profile: https://forums.netiq.com/member.php?userid=493
View this thread: https://forums.netiq.com/showthread.php?t=54115


0 Likes
nicwin
New Member.

Re: Helpdesk Profile Match


EricVeysey;260122 Wrote:
> I was able to include all users in a very large user base (100K+) and
> all the accounts I tested seemed to work. I'm unsure if there is an
> upper limit.
>
> What are you using for the LDAP filter? If you had an attribute which
> would identify teachers you could easily add all of them. For example:
>
> LDAP Profile
> All (attribute=teacher)
>
> Thanks. Eric.


Hi Eric!

Thanks for input, but I still only can get the first 1000 users.
I don´t know if u set it up like I have.

We use this product for teachers and they are in a helpdesk mode so to
speak.
And it seems like the ldap attribute if it contains more than 1000 users
it just stop.
And I would like to know if there is a place where I can set a value of
ex. 10 000 instead.

Anyone know of this.

Kind regards
Niclas Winsa


--
nicwin
------------------------------------------------------------------------
nicwin's Profile: https://forums.netiq.com/member.php?userid=533
View this thread: https://forums.netiq.com/showthread.php?t=54115

0 Likes
Knowledge Partner
Knowledge Partner

Re: Helpdesk Profile Match

Hitting 1,000 exactly sounds like you're hitting some kind of
timeout/limit on the search itself. If you are pointing to microsoft
active directory (MAD) then the default limit may be there, in which case
the limit needs to be increased or the client (SSPR) needs to use paging.
I do not have MAD configured, but are there options within those
configuration settings that can control the client side?

SSPR has options to enable LDAP wire tracing (warning, can show sensitive
stuff) so that may be the ultimate way to see what is happening.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
nicwin
New Member.

Re: Helpdesk Profile Match


Hi

I think I was a little diffuse.
Our LDAP is a NetIQ eDir and when we use a LDAP program we get all
people from the query.
When the same LDAP query runs, only 1000 answers are shown in SSPR.
Seems to me that there is a limit in SSPR and I hope it could be set
somewhere.

It´s possible that no one uses this function as a Helpdesk and that the
Helpdesk is more than 1000 people. 😄

But we like the function as it is very simpel för our teachers

Regards
Niclas Winsa


--
nicwin
------------------------------------------------------------------------
nicwin's Profile: https://forums.netiq.com/member.php?userid=533
View this thread: https://forums.netiq.com/showthread.php?t=54115

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Helpdesk Profile Match

On 2015-08-24 10:34, nicwin wrote:
>
> Hi!
> Is there anyone knowing if there is a highest value for the ldap
> search.
> LDAP Profile "LDAP Search Filter LDAP Base DN (Optional)"
>
> We use this Helpdesk module for our teachers to set password on our
> pupils.
> It is great. but now we have more than 1000 teachers and it seems like
> it is an upper value of 1000 users and now I would like to set it
> higher.
> Any one know of this or have an idea of where to set the value.
>
> Runs on Windows 2012r2 and the SSPR v3.2.0.3 b40
>
> Kindly wishes for answers
> Niclas Winsa
>
>

Check your servers ldap policy, it probably limits the maximum page size to 1000 records.
https://technet.microsoft.com/en-us/library/cc770976.aspx

If a LDAP server has a server limit for search results the client can't do anything to go beyond that value (without using
extensions). A client can set a limit lower than the server to make sure it doesn't go beyond it's own resources if the server
allows a large or unlimited search result.

Best regards,
Tobias
0 Likes
nicwin
New Member.

Re: Helpdesk Profile Match


Tobias Ljunggren;260154 Wrote:
> On 2015-08-24 10:34, nicwin wrote:
> >
> > Hi!
> > Is there anyone knowing if there is a highest value for the ldap
> > search.
> > LDAP Profile "LDAP Search Filter LDAP Base DN (Optional)"
> >
> > We use this Helpdesk module for our teachers to set password on our
> > pupils.
> > It is great. but now we have more than 1000 teachers and it seems

> like
> > it is an upper value of 1000 users and now I would like to set it
> > higher.
> > Any one know of this or have an idea of where to set the value.
> >
> > Runs on Windows 2012r2 and the SSPR v3.2.0.3 b40
> >
> > Kindly wishes for answers
> > Niclas Winsa
> >
> >

> Check your servers ldap policy, it probably limits the maximum page size
> to 1000 records.
> https://technet.microsoft.com/en-us/library/cc770976.aspx
>
> If a LDAP server has a server limit for search results the client can't
> do anything to go beyond that value (without using
> extensions). A client can set a limit lower than the server to make sure
> it doesn't go beyond it's own resources if the server
> allows a large or unlimited search result.
>
> Best regards,
> Tobias


Hi

I think I was a little diffuse.
Our LDAP is a NetIQ eDir and when we use a LDAP program we get all
people from the query.
When the same LDAP query runs, only 1000 answers are shown in SSPR.
Seems to me that there is a limit in SSPR and I hope it could be set
somewhere.

It´s possible that no one uses this function as a Helpdesk and that the
Helpdesk is more than 1000 people. 😄

But we like the function as it is very simpel för our teachers

Regards
Niclas Winsa


--
nicwin
------------------------------------------------------------------------
nicwin's Profile: https://forums.netiq.com/member.php?userid=533
View this thread: https://forums.netiq.com/showthread.php?t=54115

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Helpdesk Profile Match

On 2015-08-25 16:14, nicwin wrote:
>
> Tobias Ljunggren;260154 Wrote:
>> On 2015-08-24 10:34, nicwin wrote:
>>>
>>> Hi!
>>> Is there anyone knowing if there is a highest value for the ldap
>>> search.
>>> LDAP Profile "LDAP Search Filter LDAP Base DN (Optional)"
>>>
>>> We use this Helpdesk module for our teachers to set password on our
>>> pupils.
>>> It is great. but now we have more than 1000 teachers and it seems

>> like
>>> it is an upper value of 1000 users and now I would like to set it
>>> higher.
>>> Any one know of this or have an idea of where to set the value.
>>>
>>> Runs on Windows 2012r2 and the SSPR v3.2.0.3 b40
>>>
>>> Kindly wishes for answers
>>> Niclas Winsa
>>>
>>>

>> Check your servers ldap policy, it probably limits the maximum page size
>> to 1000 records.
>> https://technet.microsoft.com/en-us/library/cc770976.aspx
>>
>> If a LDAP server has a server limit for search results the client can't
>> do anything to go beyond that value (without using
>> extensions). A client can set a limit lower than the server to make sure
>> it doesn't go beyond it's own resources if the server
>> allows a large or unlimited search result.
>>
>> Best regards,
>> Tobias

>
> Hi
>
> I think I was a little diffuse.
> Our LDAP is a NetIQ eDir and when we use a LDAP program we get all
> people from the query.
> When the same LDAP query runs, only 1000 answers are shown in SSPR.
> Seems to me that there is a limit in SSPR and I hope it could be set
> somewhere.
>
> It�s possible that no one uses this function as a Helpdesk and that the
> Helpdesk is more than 1000 people. 😄
>
> But we like the function as it is very simpel f�r our teachers
>
> Regards
> Niclas Winsa
>
>


Ok. Just to verify; On the Helpdesk profile there is a search limit a bit down in the settings (on top you have the profile,
followed by form, filter, search base, detail form, status field and then the *search limit*).

Best regards,
Tobias
0 Likes
nicwin
New Member.

Re: Helpdesk Profile Match


Hi Tobias.

It´s not when we search..
The search limit is when you are inside and search some people.
The result will show 20 or so results if we search for ex Jenny.

Our problem is that we have a attribute that says who has the rights to
log in and do the search!

We have over 1000 teachers that we will have to these searches and now
it limits the first 1000 teachers to log in! 😞

Regards
Niclas Winsa


--
nicwin
------------------------------------------------------------------------
nicwin's Profile: https://forums.netiq.com/member.php?userid=533
View this thread: https://forums.netiq.com/showthread.php?t=54115

0 Likes
Knowledge Partner
Knowledge Partner

Re: Helpdesk Profile Match

On 8/26/2015 5:25 AM, nicwin wrote:
>
> Hi Tobias.
>
> It�s not when we search..
> The search limit is when you are inside and search some people.
> The result will show 20 or so results if we search for ex Jenny.
>
> Our problem is that we have a attribute that says who has the rights to
> log in and do the search!
>
> We have over 1000 teachers that we will have to these searches and now
> it limits the first 1000 teachers to log in! 😞


Make them all the member of a group, make the filter look from
(groupMembership=cn=ldap,cn=dn,ou=of,ou=group,o=name)

or the like.


0 Likes
nicwin
New Member.

Re: Helpdesk Profile Match


geoffc;260192 Wrote:
> On 8/26/2015 5:25 AM, nicwin wrote:
>
>
> Make them all the member of a group, make the filter look from
> (groupMembership=cn=ldap,cn=dn,ou=of,ou=group,o=name)
>
> or the like.


Hi Geoffc!

We made a ServiceRequest and got the answer.
There is a limit.
We hope to get som more from the developers that can help us go on with
more than 1000 in the ldap query.

Thanks for all answers and the engagement for this question!

Regards
Niclas Winsa


--
nicwin
------------------------------------------------------------------------
nicwin's Profile: https://forums.netiq.com/member.php?userid=533
View this thread: https://forums.netiq.com/showthread.php?t=54115

0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: Helpdesk Profile Match


There is a limit to the number of users shown in the "view match"
operation in the configuration editor, but that limit has nothing to do
with evaluating permissions for users that are logging in. Each user is
evaluated individually during the login, so there is no limit to the
number of users a permission can apply to.


--
jrivard
------------------------------------------------------------------------
jrivard's Profile: https://forums.netiq.com/member.php?userid=541
View this thread: https://forums.netiq.com/showthread.php?t=54115

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.