Search code examples
active-directorysasldap

LDAP server sizelimit was exceeded ( MSAD ) with ldaps_search

Using

call ldaps_search(handle,shandle,filter, attrs, num, rc);

with Microsoft Active Directory I get WARNING: LDAP server sizelimit was exceeded.

Is there a way to page through somehow in SAS ?

I have tried ldaps_setOptions with sizeLimit=2000 for example but still generates the warning, as I guess is set on Microsoft side.

Sample:

more = 1;
do while (more eq 1);
    call ldaps_search_page(handle, shandle, filter, attrs, num, rc, more, 1000);
    if rc ne 0 then do;
        more = 0;
        msg = sysmsg();
        put msg;
    end;
    /* free search results page */
    if shandle NE 0 then do;
        call ldaps_free(shandle,rc);
    end;
end;
Solution

  • It's not possible to control LDAP server sizelimit from the client side (see AD's MaxPageSize), but yes you can still work around this via paging controls.

    The idea is to request a paged result set, with a number of entries per page less than server's MaxPageSize limit.

    SAS provides the call ldaps_search_page routine that returns only a single page for a given search request and requires subsequent calls to retrieve the entirety of the results :

    CALL LDAPS_SEARCH_PAGE(lHandle, sHandle, filter, attr, num, rc, more <, pageSize>);

    pageSize (optional) specifies a positive integer value, which is the number of results on a page of output. By default, this value is set to 50. If pageSize is 0, this function acts as if paging is turned off. This argument is case-insensitive.

    For example if a query matches n results (exceeding server side limit) and the page size is set to 50, you need to make up to ceil(n/50) calls.

    Here is an example taken from the doc, it uses the more argument in a loop to continue retrieving paged results until there is no more information to retrieve :

    more = 1;
do while (more eq 1);
    call ldaps_search_page(handle, shandle, filter, attrs, num, rc, more, 50);
    ...
    /* free search results page */
    if shandle NE 0 then do;
        call ldaps_free(shandle,rc);
    end;
end;

    https://documentation.sas.com/api/docsets/itechdsref/9.4/content/itechdsref.pdf

    For those having trouble with more stuck at 1 thus causing the code above to loop forever (I don't know why the reference wouldn't get updated but OP was in this situation), actually you don't need it, incrementing a counter until the number of fetched entries reaches num should do the trick.