LDAP query limitation

  • Updated
 

When importing users or user groups into the CMS not all users or user groups are getting pulled into the CMS.

There is a LDAP limitation as a query typically limits queries to 1000 for both users and directories. This can cause the CMS to only import portions of the total AD users and user groups.

There is not a simple configuration change that can be made in the site's web.config file to alter this behavior, but customization to the site/server may potentially get arounf this LDAP limitation.

It might be possible to change this server side, as suggested in the below link:

http://stackoverflow.com/questions/3488394/c-sharp-active-directory-services-findall-returns-only-1000-entries

One possible way to override this value is to look at a class called AdsiDataFactory in EPiServer.security namespace. There is a method called FindAll()

public override IList<DirectoryData> FindAll(string filter, SearchScope scope, string sortByProperty)

Within this method, there is a property called PageSize:

directorySearcher.PageSize = this.PageSize;

It is possible to potentialy override the behavior of the base class by writing a custom class inheriting from this and change directorySearcher.PageSize to be set to some other value in order to return more than 1000 objects. This blog post offers an example: http://bergdaniel.se/using-the-active-directory-membership-provider-with-episerver, like setting PageSize to something like Int32.MaxValue instead of this.PageSize (which seems to default to 1000).