When I do a search like so
my $mesg = $ldap->search(
base => \"OU=test,DC=example,DC=com\",
scope => \'one\',
filter => \'(objectClass=organ
The solution is to use paged search like so
use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED );
my $page = Net::LDAP::Control::Paged->new(size => 999);
my $cookie;
while (1) {
$mesg = $ldap->search(
base => "OU=test,DC=example,DC=com",
scope => 'one',
filter => '(objectClass=organizationalPerson)',
attrs => ['distinguishedName', 'displayName', 'sAMAccountName', 'employeeID'],
control => [$page]
);
$mesg->code && die "Error on search: $@ : " . $mesg->error;
while (my $adentry = $mesg->pop_entry()) {
# process $adentry
}
my ($resp) = $mesg->control(LDAP_CONTROL_PAGED) or last;
$cookie = $resp->cookie or last;
# Paging Control
$page->cookie($cookie);
}
if ($cookie) {
print "abnormal exit\n";
# Abnormal exit, so let the server know we do not want any more
$page->cookie($cookie);
$page->size(0);
$ldap->search(control => [$page]);
}
AD by default set the maximum page size to 1000. The client will receive the first 1000 result and also an receive an error "Size Limit Exceeded".
To avoid this the client has to use paged control, if the paged control is used the server will not return error but instead it will send a cookie (a byte) to indicate there is some more result available. If there is no cookie available which means no more result. So you can continue looping for the result until cookie is null.
You can also modify MaxPageSize in the server if you want, start ntdsutil and type the following,
ldap policies
connections
connect to server servername.domain.name
q
set maxpagesize to 5000
commit
changes
q
q
This is mostly done if the client does not support paging and the client can not be modified.