CODEWITHSUNDEEP
pythonpowershellactive-directoryldap
user2978216
user2978216

Reputation: 568

Conquering Active Directory's 1000 record limit

PowerShell is capable of pulling list of 1492 records. When I using Python with ldap3 module I'm bumping into 1000 records limit. Please help me change Python code to exceed the limit.

PowerShell input: get-aduser -filter * -SearchBase "OU=SMZ USERS,OU=SMZ,OU=EUR,DC=my_dc,DC=COM" | Measure-Object

output: Count : 1492 Average : Sum : Maximum : Minimum : Property :

import json
from ldap3 import Server, \
Connection, \
AUTO_BIND_NO_TLS, \
SUBTREE, \
ALL_ATTRIBUTES

def get_ldap_info(u):
with Connection(Server('my_server', port=636, use_ssl=True),
                auto_bind=AUTO_BIND_NO_TLS,
                read_only=True,
                check_names=True,
                user='my_login', password='my_password') as c:

    c.search(search_base='OU=SMZ Users,OU=SMZ,OU=EUR,DC=my_dc,DC=com',
             search_filter='(&(samAccountName=' + u + '))',        
             search_scope=SUBTREE,
             attributes=ALL_ATTRIBUTES,
             size_limit = 0,
             paged_criticality = True,                 
             paged_size = None,
             #attributes = ['cn'],
             get_operational_attributes=True)        

    content = c.response_to_json()
result = json.loads(content)
i = 0
for item in result["entries"]:
    i += 1
print(i)  
get_ldap_info('*')

Upvotes: 5

Views: 8607

Answers (3)

Amar Kumar
Amar Kumar

Reputation: 21

Instead of using the page_search we can do the following thing which worked for me:

                all_users = []
                cookie = None
                search_filter = AD_USERS_CONFIG.AD_SEARCH_FILTER.replace('_memberof_',memberTemplate)
                # Query Active Directory
                # We are doing this as LDAP can return max 1000 entries from an AD group
                while True:
                    conn.search(GMI_AD_USERS_CONFIG.AD_SEARCH_BASE,
                                search_filter,
                                search_scope = SUBTREE,
                                size_limit=0,
                                paged_size=1000,
                                paged_cookie=cookie,
                                attributes=GMI_AD_USERS_CONFIG.AD_ATTRS)
                    # Retrieve the current page of search results
                    users_page = conn.entries

                    # Add the current page to the list of all users
                    all_users.extend(users_page)

                    # Check if there are more pages to retrieve
                    cookie = conn.result['controls']['1.2.840.113556.1.4.319']['value']['cookie']
                    if not cookie:
                        break

Upvotes: 0

Hara
Hara

Reputation: 1502

The solution is available in the following link.

This piece of code will fetch page by page.

from ldap3 import Server, Connection, SUBTREE
total_entries = 0
server = Server('test-server')
c = Connection(server, user='username', password='password')
c.search(search_base = 'o=test',
         search_filter = '(objectClass=inetOrgPerson)',
         search_scope = SUBTREE,
         attributes = ['cn', 'givenName'],
         paged_size = 5)
total_entries += len(c.response)
for entry in c.response:
    print(entry['dn'], entry['attributes'])
cookie = c.result['controls']['1.2.840.113556.1.4.319']['value']['cookie']
while cookie:
    c.search(search_base = 'o=test',
             search_filter = '(objectClass=inetOrgPerson)',
             search_scope = SUBTREE,
             attributes = ['cn', 'givenName'],
             paged_size = 5,
             paged_cookie = cookie)
    total_entries += len(c.response)
    cookie = c.result['controls']['1.2.840.113556.1.4.319']['value']['cookie']
    for entry in c.response:
        print(entry['dn'], entry['attributes'])
print('Total entries retrieved:', total_entries)

Upvotes: 1

bfloriang
bfloriang

Reputation: 536

If you change your code to using the paged_search method of the extend.standard namespace instead you should be able to retrieve all the results you are looking for.

Just be aware that you will need to treat the response object differently.

def get_ldap_info(u):
with Connection(Server('XXX', port=636, use_ssl=True),
                auto_bind=AUTO_BIND_NO_TLS,
                read_only=True,
                check_names=True,
                user='XXX', password='XXX') as c:

    results = c.extend.standard.paged_search(search_base='dc=XXX,dc=XXX,dc=XXX',
             search_filter='(&(samAccountName=' + u + '))',        
             search_scope=SUBTREE,
             attributes=ALL_ATTRIBUTES,
             #attributes = ['cn'],
             get_operational_attributes=True)        


i = 0
for item in results:
    #print(item)
    i += 1
print(i)  
get_ldap_info('*')

Upvotes: 8

Related Questions