ldapsearch Size limit exceeded with paging and certificate

pagination ldap ldap-query
10,389

Most servers enforce different size limits for different users (admin vs regular user vs anonymous). When you run plain LDAPS search, there is no LDAP authentication. The server is probably limiting the number of entries to 500 for anonymous users.

If you want to authenticate the client at LDAP level using the certificate, you should request SASL EXTERNAL authentication, with the option -Y EXTERNAL.

Share:
10,389
Christos Papoulas
Author by

Christos Papoulas

Currently, I am working as Software developer at Programize LLC. I have a master degree from Computer Science Dept. Univ. of Crete at Distributed, parallel and information systems. I received my bachelor degree from Computer Science Dept. Univ. of Crete in 2012. I'm interested in Cloud Computing, Distributed Systems, Programming Languages, Linux Systems, Back-end developing using state of the art technologies.

Updated on June 04, 2022

Comments

  • Christos Papoulas
    Christos Papoulas almost 2 years

    I'm trying to execute a paginated ldapsearch to an LDAPs with a certificate:

    export LDAPTLS_CACERT=/home/test/ssl.pem
ldapsearch -x -H ldaps://test.test.com:636 -b "dc=test,dc=com" -E pr=100/noprompt

    The above commands after 500 results, ldapsearch return Size limit exceeded: 

    search: 6
result: 0 Success
control: 1.2.840.113556.1.4.319 false MA0CAQAECOYFAAAAAAAA
pagedresults: cookie=5gUAAAAAAAA=
# extended LDIF
#
# LDAPv3
# base <dc=test,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
# with pagedResults control: size=100
#

# search result
search: 7
result: 4 Size limit exceeded

# numResponses: 506
# numEntries: 500

    But when I pass not only the certificate but also the username/password the things works perfectly:

    export LDAPTLS_CACERT=/home/test/ssl.pem    
ldapsearch -x -H ldaps://test.test.com:636 -b "dc=test,dc=com" \ 
-E pr=100/noprompt -D "cn=admin,dc=test,dc=com" -w myamazingpassword

    The above commands after 1006 results, ldapsearch returns Success:

    # search result
search: 12
result: 0 Success
control: 1.2.840.113556.1.4.319 false MAUCAQAEAA==
pagedresults: cookie=

# numResponses: 1017
# numEntries: 1006

    Why is this happening? Why I'm not be able to perform paginated search on ldap without the username/password?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can i format an LDAP Filter that includes special characters? ('Classic' ASP)
Nested Group LDAP Search Filter
LDAP exclude sub OU from search
LDAP Syntax/Semantics: Filter vs. Base DN?
LDAP search not finding entries in child OUs
LDAPSEARCH into table format
How to do ldapsearch with multiple filters?
How to sort LDAP Result with LDAP Query?
LDAP search filter for selecting the groups with a particular member
LDAP Query that exclude computers