tags 476454 + pending thanks On Fri, 2008-04-18 at 09:50 +0200, Petter Reinholdtsen wrote: > I've been told that this range feature is documented in an expired > draft RFC, available from > <URL:http://www.tkk.fi/cc/docs/kerberos/draft-kashi-incremental-00.txt>. > It can be used to understand how the feature is working. It claim > that it is possible to see in supportedControls if this range feature > is used by the server. This could be used to enable this feature at > runtime.
I have implemented ranged retrieval of attribute values based on the above URL and the following: http://msdn.microsoft.com/en-us/library/aa367017(vs.85).aspx What is basically done is: - if the attribute cannot be retrieved from the results a check is performed to see if an attribute like "attribute;range=0-..." is present - if this is the case these values are used and another search is started requesting attribute "attribute;range=...-*" (... is replaced from the ... of the previous attribute name). - this is repeated until no more results are available This works well and doesn't need any special lookups or version detection. Looking up a group entry with huge amount of members in AD does require a lot of LDAP searches though (one search per page and one search per member to do the DN to uid mapping). Maybe some kind of cache could be implemented or there may be a smarter way to do this translation using less searches. (implemented in r715) -- -- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
