How to deal with the limit of 1000 LDAP entries?

S

SwoDs2016-09-26 14:57:18

PHP

SwoDs, 2016-09-26 14:57:18

I ask you to advise how to be, a clear solution is needed.
Task:
Authorize users by login password on the web face, check login password on the AX LDAP server
Problems: There are
about 15 servers, the user can be on any of the servers, i.e. the check is done by iterating through all the servers and trying ldap_bind (), if the user unfortunately ends up on the server that is at the end of the list, then authorization lasts about 2 minutes. What is wrong.
Trying to solve the problem:
The fastest way is to poll all servers at night and drive them into our database, so at the entrance we will know exactly which server to connect to, and we usually do an account first and only after 2-3 days the computer is set up, i.e. there will be no such that the person will not come. But here a problem arose, ldap_search does not return more than 1000 lines, and if there are more, it throws an error. Using LDAP_OPT_SIZELIMIT did not give any result.
Help me =)

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

SwoDs, 2016-09-29
@SwoDs

The solution to my problem turned out to be such a thing - “Global catalog” (globalcatalog)
But the solution how to get more than 1000 records was in ldap pager, only this thing is not available in all versions

E

Evgeny Svirsky, 2016-09-26
@e_svirsky

The fact that the user is searched for on all servers is not very cool. We need a single entry point that knows where the user is stored - on which server, and only send the request there. This is how many empty requests you need to send ... I would make a separate server in front of it, which is responsible only for authorization, well, it has infa who is stored where. Logged in - transferred to the app server already needed.