LDAP *: LDAP Query Pagination Limits, Max Counts, Active Directory, Page Limits

A long outstanding issue of the php ldap extension of php is to not address paging. Paging was implemented in PHP 5.4. In earlier versions of PHP workarounds are needed to address large queries when LDAPs impose limits. This is a particular problem with Active Directory (AD) implementations which commonly has a limit of 1000 entries set by default.

I committed implementation of this for PHP 5.4 in 7.x-1.x on 4/1/2012. There are several limitations and caveats to this and by default pagination is disabled in server configurations even if you are running php 5.4.

• As of 4/1/2012 Drupal Core does not yet fully support php 5.4. There are several patches tagged as "php 5.4" some of which should be applied to avoid some errors. Because of this, simpletests do not work for ldap on php 5.4.
• Even if simpltests did work on PHP 5.4; the ldap modules rely on a mock ldap server so any good testing of pagination in differing ldap implementations will always be lacking. Some of this may be resolved in Drupal 8 with the upal php unit initiative.
• LDAP Feeds, LDAP profile, and any other LDAP modules that might need paging for large queries do not yet leverage pagination. It will only be useful intially if you have your own ldap queries or use the api functions of LDAP modules. Paging functionality will be leveraged in the 7.x-2.0 branch in the ldap_user module

This code is found in the ldap server class in the pagedLdapQuery() method. Related admin code is in LdapServerAdmin.class.php by searching for "search_page_size", "search_pagination", and "pagination". An api function in ldap_servers.module named ldap_servers_php_supports_pagination() can be used to test if a php implementation supports paging. Some versions of php before 5.4 with the correct patch applied also support pagination.

Related References

• Current documenation for ldap paging functions in php documentation issue queue: http://markmail.org/message/52w24iae3g43ikix#query:+page:1+mid:bez5vpl6s...
• Background on php paging issue: http://sgehrig.wordpress.com/2009/11/06/reading-paged-ldap-results-with-...
• http://php.net/manual/function.ldap-control-paged-result-response.php
• http://php.net/manual//unction.ldap-control-paged-result.php
• PHP Bug/Issue: https://bugs.php.net/bug.php?id=42060

Workarounds for PHP 5.3 and Earlier

Since drupal core is actively pursuing support for PHP 5.4 and its been out a while, I don't have any plans to implement workarounds for PHP installs that don't support pagination. The workarounds are always LDAP implemenation specific. The use case for pagination assumes a pull/query architecture which isn't reasonable for large ldaps in the first place. In the 7.x-2.x ldap_user module push web services will be available. The provision/sync/profile components in ldap_user module in 7.x-2.x will be better served by pull queries that check for modified ldap entries rather than paging through all entries. For large scale batch/feeds pull needs, PHP 5.4 or the ldap pagination patch will be required.

If you must implement a workaround for your ldap implemenation, simply override the pagedLdapQuery() method in ldapServer class with your workaround.