Reputation: 32629
Is there a length limit for the ActiveDirectory member attribute?
I would like to know if there is a length limit on the member attribute of a group in Active Directory and how to control this when doing queries through Java.
I am asking, because I am querying a group which has nested groups. A company-based tool is reporting the group Y is a member of X. I wrote an application which successfully lists all the member attributes of groups and in iterates through them transitively in order to illustrate things. However, it's not finding a particular groups which the other tool is reporting as a member and I am trying to figure out the reason. A colleague said he remembers coming across a limit of 1024 chars for the member property. I am using the standard javax packages from the 1.7.0_45 Java SDK.
Just to clarify: the member attribute contains a very long list of users and groups.
Upvotes: 0
Views: 1877
Answers (2)
Reputation: 618
Are you talking about more than 1500 members? Or more than 1000 if it's a Windows 2000 domain controller? If so, you need to do Range Retrieval. I don't know Java but I did find this, which contains sample code: JNDI, Active Directory, Paging and Range Retrieval.
Upvotes: 1
Related Questions
- How to fix the user account control attribute to 512 in Ldap
- What is the LDAP filter string length limit in Active Directory?
- Is there a Maximum Length for userPrincipalName in Active Directory?
- How to fix Ldap connection error "javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]" in Java?
- Does LDAP work in an ActiveDirectory environment?
- Java Active Directory query returning incomplete user list
- Ldap DN/RDN length limitation
- LDAP username length
- Java eclipse - Active directory, attribute modification #2
- ActiveDirectory Object's list of allowed attributes