Re: Increase number of objects returned in a result set query for
From: vanderkerkoff (vanderkerkoff_at_discussions.microsoft.com)
Date: 12/16/04
- Next message: vanderkerkoff: "Re: Increase number of objects returned in a result set query for"
- Previous message: Jimmy Andersson [MVP]: "Re: gp still tatooing!"
- In reply to: Lee Flight: "Re: Increase number of objects returned in a result set query for"
- Next in thread: vanderkerkoff: "Re: Increase number of objects returned in a result set query for"
- Reply: vanderkerkoff: "Re: Increase number of objects returned in a result set query for"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 16 Dec 2004 01:51:03 -0800
"Lee Flight" wrote:
> Inline below...
>
> "lam789" <lam789@discussions.microsoft.com> wrote in message
> news:B4917697-FA7F-4EBF-B298-3953BD85BFA2@microsoft.com...
> > Hi Lee,
> > We are using a third party vendor tool which is a user administration
> > tool. We don't have access to the code they are using to set the page
> > size.
> > When a support case was opened with the vendor on this problem they
> > indicated
> > that we needed to increase the result set limit within the ADAM and
> > referred > us to the AD administration documentation.
>
> SIGH, that's not good. RFC 2696 paging should be commonplace for LDAP
> applications. I would strongly urge you to get the vendor to fix the
> application.
> A key reason why the limit exists is to prevent a denial of service attack
> (deliberate or otherwise) on the directory service. An application like this
> requires a weakening of security policy which is just not going to be
> acceptable.
>
> > I can't find any reference to an
> > attribute within ADAM or the registery where we can adjust the result set
> > size to be greater than 1000. Is there one where that can be adjusted?
>
> If you increase the limit how do you know what value to use? For security
> reasons you want to keep the number as small as reasonable i.e. close to the
> default but as you increase the number of objects in your directory you will
> need to increase the limit to service the broken application.
>
> If you really need to do it you can use dsmgmt to increase the MaxPageSize
> parameter in the LDAP Policy. see
>
> ADAM Help
> ADAM Administration Tools
> Dsmgmt
> LDAP Policies
>
>
> Lee Flight
>
>
> Hi Lee
I'vce got a similar situation but not exact. Ours maxpagesize is set to
1000, but we have more than 1000 staff. I'm accessing the LDAP using cfldap
which doens't have paged querying once a day, and writing the names, phone
numvbers and room numbers to a Verity collection. As we know the total
number of staff and can set a reasonable limit to take growth into account,
would increasing ht emaxpagesize limit be a reasonable plan then??
Alternatively, how much of a risk do you thikn writing a script to increase
the size using ntdsutil.exe, then running out fcldap indexing operation, and
then running ntdsutil to pull the limit down again?
ANother way is to wirt a .NET web service and use the page querying in that
to write to a SQL database and then use that as a Coldfusion dataset and
query that, sigh!! I know which one I fancy doing the most.
Seriously though, what do you think of those three options??
Any help would be greatly appreciated.
- Next message: vanderkerkoff: "Re: Increase number of objects returned in a result set query for"
- Previous message: Jimmy Andersson [MVP]: "Re: gp still tatooing!"
- In reply to: Lee Flight: "Re: Increase number of objects returned in a result set query for"
- Next in thread: vanderkerkoff: "Re: Increase number of objects returned in a result set query for"
- Reply: vanderkerkoff: "Re: Increase number of objects returned in a result set query for"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
