Posted on April 22, 2009 by gpedersen

NSD1038 Search result handling and possible limitation from directory settings

Fact

Nordic Edge Identity Manager Stand alone Client 3.5 and later

Situation

Search result handling and possible limitation from directory settings.

When using “Search manager” a number of settings can effect the result. In this solution document we will pinpoint some areas.

Solution

To use search manager start Identity Manager standalone version.


Highlight the organizational unit that should be considered as search base and then click on the binocular button

This will open the Search manager window. A brief explanation of the interface:

  • Search base. This is the starting point for the search
  • Scope. Scope can be set to SUB, BASE and ONE
  • Filter. Write the search filter here
  • Display Attribute. Select the attributes that will be collected from the objects in the result set.

When the search is started the result and the selected attributes will be displayed.

In the “Display attributes” field an conversation is done to more friendly name by using the pipe character “|”. The conversation in this example is:

givenName|Firstname,sn|Lastname,mail|Mail each attribute is separated by a comma.

Print or export the search result by selecting the appropriate button. Export is done to PDF or Excel.

Search or export limitations:

Active Directory

Domain controllers running Active Directory have a default server-side limit of 1,000 entries as the maximum number of results that are returned in a single LDAP request. This setting can be changed by editing the the value

CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=XXX,DC=YY

Attribute: lDAPAdminLimits Value: MaxPageSize=1000

Read more here:

http://technet2.microsoft.com/windowsserver2008/en/library/309950c8-5bfa-4b9e-b4a2-706ac63948ec1033.mspx?mfr=true

Siemens DirX

In DirX a default search max result is set to 2048 objects. This has to be change by Dirx administrative tools.

Identity Manager settings

The first and most common setting to not notice is the “Max Results” in the search manager.

There are also a policy for Identity manager that can effect the result. Make sure that the policy MAXLDAPSEARCHRESULT is set for the effected user. The default value is:

MAXLDAPSEARCHRESULT=5000.

To change the setting open the policy manager (load tab first if not enabled from start) and browse to “System-LDAP” for finding the policy.

Finished

Disclaimer

The origin of this information may be internal or external to Nordic Edge™. Nordic Edge™ makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Nordic Edge™ makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

Nordic Edge Support – www.nordicedge.se

Download article as PDF

Comments are closed.