Luke
Luke

Reputation: 23

LDAP SIze Limit Exceeded - Catch Warning

I get this error while using LDAP , i know that my maximum number is 25.

Warning: ldap_search() [function.ldap-search]: Partial search results returned: Sizelimit exceeded in

How can I catch this and output the partial results and display that there were to many results. Or Can i just display there were to many results?

Any ideas?

Upvotes: 1

Views: 8107

Answers (2)

AlexandreRW
AlexandreRW

Reputation: 21

$resource = ldap_search( $link_identifier, $base_dn, $filter );
if ( ldap_errno( $link_identifier ) === 4 )
    echo 'Partial search results returned';

or

$resource = ldap_search( $link_identifier, $base_dn, $filter );
if ( strtoupper( ldap_error( $link_identifier ) ) === 'SIZE LIMIT EXCEEDED' )
    echo 'Partial search results returned';

Upvotes: 0

Terry Gardner
Terry Gardner

Reputation: 11132

The directory server imposes a limit on:

  • the number of objects to return from a search
  • the amount of time spent on a search
  • the number of entries to examine when creating the candidate list

Depending on the server, the limits can be imposed by global configuration, via a client connection policy, or based on the authentication identity. The result in the search response indicates that a partial number of results were returned to the client. The client can (and should) impose a size limit and a time limit as part of a search request, but these limits, known as client-requested limits, cannot override the server limits.

A correctly coded API will return entries up to sizelimit number of entries. In other words, if there are 3 entries that match search parameters, the client sets a client-requested size limit of 2, the server will return 2 entries (in any order, LDAP entries are not ordered, that is, the ordering is not repeatable) and set the search result code to 'size limit exceeded'.

While it might be common knowledge that AD uses 1000, applications must not be coded with knowledge of server vendor, version, or configuration. Doing so is bad form, not professional, and results in brittle, unmaintainable code. Code your applications as it the server to which you connect is a generic LDAP server that is fully compliant with the the LDAP Directorate's standards at IETF.

My blog entry has some discussion about search request and search response, and I have also created a LDAP: Programming Practices article.

Upvotes: 3

Related Questions