directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tobias Bocanegra <>
Subject Re: max size limit and paged searches
Date Wed, 08 Jul 2015 15:45:30 GMT
Hi Emmanuel,

thanks for the explanation. So how is it then possible to read all the
entries? Or is it just a configuration or structure problem of the
server, if not all the entries can be read?
Should, in this case, the entries tree be more fragmented, in order to
allow clients to traverse them all?

Reading all entries with (objectlclass=*) is of course not a real-life
use case, but for example, reading all the groups where a user belongs
to (if there are many groups :-)

regards, toby

On Wed, Jul 8, 2015 at 2:00 AM, Emmanuel Lécharny <> wrote:
> Hi Tobias,
> Le 08/07/15 08:33, Tobias Bocanegra a écrit :
>> Hi,
>> I have a simple test case [2] with a server where I set the
>> LdapServer#setMaxSizeLimit to 50 [0], and then do a paged search with
>> a page size of 10 [1]. the total number of objects in the search is
>> 100, but I'm not able to get more than the max 50.
>> I thought that the paged search is exactly for that use case.
> Well, no.
> The PagedSearch control ( says :
> "This control extension allows a client to control the rate at which an
> LDAP server returns the results of an LDAP search operation. This
> control may be useful when the LDAP client has limited resources and may
> not be able to process the entire result set from a given LDAP query, or
> when the LDAP client is connected over a low-bandwidth connection"
> As you can see, it's mainly to mitigate client side limitations, it's
> not supposed to overrule the server limits.
> If you look at OpenLDAP documentation, they have two limits on the
> server : a soft limit and a hard limit. The hard limit can't be
> overruled, except by the admin user. The soft limit is the one that is
> used when there is no limit set in the search request. In any case, you
> won't be able to fetch more than the server's hard size limit :
> In ApacheDS, we don't have any soft limit, but we have a hard limit.
> AD has a different implementation, which allows you to read all the
> entries, whatever the server's sizeLimit is.

View raw message