如何使用 > 在 LDAP 服务器上进行分页搜索10000 个条目使用 Novell.Directory.Ldap.NETStandard?

问题描述

这类似于 如何在拥有大量用户的 LDAP 服务器上进行分页搜索? 但建议的解决方案对我们不起作用.

This is similar to How to do a paged search on an Ldap server with lots of users? but the suggested solution does not work for us.

我们使用 Novell.Directory.Ldap.NETStandard 库，我们需要从 Active Directory 中获取超过 10000 个条目.我们使用 LdapVirtualListControl 来处理分页，但该控件需要另一个控件:LdapSortControl.Active Directory 具有默认的排序限制 (10000)，如果结果超过该限制，则会发送错误 53(不愿意执行).如果省略检测最大结果错误"，我们将得到一个 LdapException: 'Unavailable Critical Extension'.

We use Novell.Directory.Ldap.NETStandard library and we need to fetch more than 10000 entries from an Active Directory. We use the LdapVirtualListControl to handle paging, but that control requires another control: LdapSortControl. Active Directory has an default limit for sorting (10000) and will send an error 53 (unwilling to perform) if the result exceeds that limit. If the "Detect max result error" is omitted, we will instead get a LdapException: 'Unavailable Critical Extension'.

        // Connection
        var ldapConn = new LdapConnection()
        {
            SecureSocketLayer = true,
        };
        ldapConn.UserDefinedServerCertValidationDelegate += (sender, certificate, chain, sslPolicyErrors) => true;
        ldapConn.Connect(host, 636);            
        ldapConn.Bind(username, password);


        var searchConstraints = (LdapSearchConstraints)ldapConn.SearchConstraints.Clone();
        int contentCount = 0, count = 0, startIndex = 1, pageSize = 1000;
        bool exit;

        do
        {
            // Add Virtual List Control
            searchConstraints.setControls(new List<LdapControl>
            {
                { new LdapVirtualListControl(startIndex, 0, pageSize - 1, contentCount) },
                { new LdapSortControl(new LdapSortKey[1] { new LdapSortKey("name") },true) }
            }.ToArray());

            // Perform search
            var searchResult = ldapConn.Search(container, scope, query, null, false, searchConstraints);

            // Get entries in page
            var inPageCount = 0;
            while (searchResult.hasMore())
            {

                // Detect max result error
                LdapSortResponse ldapControl = searchResult.ResponseControls?.OfType<LdapSortResponse>().FirstOrDefault();
                if (ldapControl != null && ldapControl.ResultCode == 53) throw new LdapResultLimitExceeded(string.Format("ActiveDirectory: Ldap result limit exceeded in {0}.", container));

                searchResult.next();
                inPageCount++;
            }

            // Check for more pages 
            var control = FindResponseControl(searchResult, ActiveDirectoryService.LDAP_SERVER_VIRTUAL_LIST_VIEW_OID);
            if (control != null)
            {
                var response = new LdapVirtualListResponse(control.ID, control.Critical, control.getValue());
                startIndex += pageSize;
                contentCount = response.ContentCount;
                if (count + pageSize > contentCount) count = contentCount; else count += inPageCount;
            }
            exit = control == null;
        } while (count < contentCount && contentCount > 0 && !exit);

我们应该如何处理超过 10000 个条目的搜索?

How should we handle search for more then 10000 entries?

推荐答案

如果您只需要按顺序遍历结果集，则不需要使用 LVL.我建议使用 Simple Paged Results Control (https://stackoverflow.com/a/59747510/4700228)

In case you just need to iterate through the result set sequentially, you don't need to use LVL. I suggest using Simple Paged Results Control (https://stackoverflow.com/a/59747510/4700228)