LDAPImport size limit woes

Nathan_Cutler · July 10, 2013, 9:15am

Hello again!

I have the LDAPImport extension working. Our LDAP server uses an
aggressive size limit and I have a kludge in place to deal with it.

But today I noticed that LDAPImport has an LDAPSizeLimit parameter.
However, when I turn it on like this:

Set($LDAPSizeLimit, 100);

I get the following error:

[Wed Jul 10 09:10:42 2013] [error]: LDAP search failed Critical
extension not available
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Extension/LDAPImport.pm:1237)
LDAP search failed Critical extension not available

when I run /usr/bin/rtldapimport

Could it be that the value of LDAPSizeLimit that I set in
RT_SiteConfig.pm must match the server’s actual limit exactly? (I was
assuming it just had to be <= the server’s actual limit.)

Thanks in advance,
Nathan

Thomas_Sibley · July 10, 2013, 5:47pm

[Wed Jul 10 09:10:42 2013] [error]: LDAP search failed Critical
extension not available
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Extension/LDAPImport.pm:1237)
LDAP search failed Critical extension not available

This is an error from your LDAP server saying that it doesn’t support
paged results (i.e. the first 100, the second 100, etc).

What LDAP server are you running? The paging extension is common in
most servers using the v3 LDAP spec.

Could it be that the value of LDAPSizeLimit that I set in
RT_SiteConfig.pm must match the server’s actual limit exactly? (I was
assuming it just had to be <= the server’s actual limit.)

No, you assumed correctly. It just must be <= the actual limit.

Nathan_Cutler · July 10, 2013, 7:49pm

This is an error from your LDAP server saying that it doesn’t support
paged results (i.e. the first 100, the second 100, etc).

Thanks, Thomas. That makes perfect sense, now that you’ve said it

What LDAP server are you running?

I don’t know. It (the server) is not under my control, so I’ll just
have to stick with kludge I’ve been using until now.

By the way, do I understand the docs correctly that the LDAPImport
extension has no way of defining a chain of several LDAP servers,
similar to what the RT::Authen::ExternalAuth does?

Nathan

Thomas_Sibley · July 10, 2013, 8:54pm

What LDAP server are you running?

I don’t know. It (the server) is not under my control, so I’ll just
have to stick with kludge I’ve been using until now.

You might contact the admins of the server and ask if they can enable
the paging extension or something. It’s strange that it’s not
supported; it’s been around for ages.

By the way, do I understand the docs correctly that the LDAPImport
extension has no way of defining a chain of several LDAP servers,
similar to what the RT::Authen::ExternalAuth does?

Correct. You can work around this by using tricks like invoking
rtldapimport with an environment variable that you then check with code
in RT_SiteConfig.pm to dynamically determine which LDAP config to use.

Then you invoke rtldapimport one time from cron for each value of the
environment flag.

Nathan_Cutler · July 11, 2013, 7:55am

You might contact the admins of the server and ask if they can enable
the paging extension or something. It’s strange that it’s not
supported; it’s been around for ages.

Thomas: OK, I will ask them. Is this the one:

http://www.rfc-editor.org/rfc/rfc2696.txt

?

Nathan

Thomas_Sibley · July 11, 2013, 5:17pm

You might contact the admins of the server and ask if they can enable
the paging extension or something. It’s strange that it’s not
supported; it’s been around for ages.

Thomas: OK, I will ask them. Is this the one:

http://www.rfc-editor.org/rfc/rfc2696.txt

?

Yep, that’s the RFC for it. I like to use the “html” version which has
slightly nicer formatting: RFC 2696 - LDAP Control Extension for Simple Paged Results Manipulation