Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Re: Is there a way to get ldapsearch to return mor...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is not directly related to Splunk.
I'm querying AD and need ldapsearch to return more than 1000 entries. How can I do this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The real enemy is probably sizeLimit. In most cases the default sizeLimit is 1000 and any request will be capped at 1000 results.
A way to get around is getting "pages" of results.
Ldapsearch provides an option which allows you to overstep the default paged results setting which is 1000 by default. Use -E and provide a value of prX/noprompt where X is the new "pagedResults" value and 'noprompt' returns all pages without further user interaction.
$ ldapsearch -h ldap.host.com -E pr10000/noprompt -x -b "OU=Users,DC=Host,DC=Com"
Note that this only works when run against an LDAP server (such as AD) that support paging of results.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In which config file we have to put above code?
I am facing same problem. One of our group is returning more than 4000 results.,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does anyone know if this is yet to be implemented into SA-ldapsearch? I see an option for paged_size but I'm unsure if Splunk is using it correctly.
I have been able to get this to work from the command line ldapsearch but I haven't seen it work in Splunk..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In my current version of ldapsearch I had luck with
$ ldapsearch -h ldap.host.com -E pr=10000/noprompt -x -b "OU=Users,DC=Host,DC=Com"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This worked for me on my updated version - thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The real enemy is probably sizeLimit. In most cases the default sizeLimit is 1000 and any request will be capped at 1000 results.
A way to get around is getting "pages" of results.
Ldapsearch provides an option which allows you to overstep the default paged results setting which is 1000 by default. Use -E and provide a value of prX/noprompt where X is the new "pagedResults" value and 'noprompt' returns all pages without further user interaction.
$ ldapsearch -h ldap.host.com -E pr10000/noprompt -x -b "OU=Users,DC=Host,DC=Com"
Note that this only works when run against an LDAP server (such as AD) that support paging of results.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In which config file we have to put above code?
I am facing same problem. One of our group is returning more than 4000 results.,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same problem here
Community Content Calendar, September edition
Splunkbase Unveils New App Listing Management Public Preview
Leveraging Automated Threat Analysis Across the Splunk Ecosystem
