问题描述
当该组的成员超过1500个时,我的ldap连接出现问题。我可以使用以下代码段解决它。虽然这项工作有效,但我对硬编码的PAGESIZE变量非常不满意。由于这是AD服务器上的设置,因此我不知道它是否以及何时会更改。所以我的问题是,是否可以使用javax-library或任何其他库动态地获取此pagesize值?
如果有人知道解决此问题的完全不同的方法,我也很好奇。我认为,在generaterangeString(int i)函数中生成此成员字符串必须有更好的方法。
package main.java;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import java.util.Properties;
public class LdapService {
private static final int PAGESIZE = 1500;
public void printAllMembersOfSpecificGroup() throws Exception {
// Initialize
LdapContext ldapContext = null;
NamingEnumeration<SearchResult> results = null;
NamingEnumeration<?> members = null;
try {
Properties properties = new Properties();
properties.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
properties.put(Context.PROVIDER_URL,"ldap://url");
properties.put(Context.Security_AUTHENTICATION,"simple");
properties.put(Context.Security_PRINCIPAL,"Security Principle");
properties.put(Context.Security_CREDENTIALS,"password");
ldapContext = new InitialLdapContext(properties,null);
int range = 0;
boolean finish = false;
while (finish != true) {
// Set search controls
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_ScopE);
searchCtls.setReturningAttributes(generaterangeArray(range));
// Get results
results = ldapContext.search("base string",String.format("(CN=%s)","Group name"),searchCtls);
if (results.hasMoreElements() == true) {
SearchResult result = results.next();
try {
if(result.getAttributes().get(generaterangeString(range)) == null){
members = result.getAttributes().get(generateLastRangeString(range)).getAll();
} else {
members = result.getAttributes().get(generaterangeString(range)).getAll();
}
while (members.hasMore()) {
String distinguishedname = (String) members.next();
System.out.println(distinguishedname);
}
range++;
} catch (Exception e) {
// Fails means there is no more result
e.printstacktrace();
finish = true;
}
}
}
} catch (NamingException e) {
throw new Exception(e.getMessage());
} finally {
if (ldapContext != null) {
ldapContext.close();
}
if (results != null) {
results.close();
}
}
}
public static String[] generaterangeArray(int i) {
String range = "member;range=" + i * PAGESIZE + "-" + ((i + 1) * PAGESIZE - 1);
String[] returnedAtts = { range };
return returnedAtts;
}
public static String generaterangeString(int i) {
String range = "member;range=" + i * PAGESIZE + "-" + ((i + 1) * PAGESIZE - 1);
return range;
}
public static String generateLastRangeString(int i) {
String range = "member;range=" + i * PAGESIZE + "-" + "*";
return range;
}
}
解决方法
如果仅使用默认查询策略,请在以下位置搜索 CN =默认查询策略,CN =查询策略,CN =目录服务,CN = Windows NT,CN =服务,CN =配置,域命名上下文(例如 CN =默认查询策略,CN =查询策略,CN =目录服务,CN = Windows NT,CN =服务,CN =配置,DC =示例,DC = com),过滤器如“(&(cn = *) )“
返回ldapAdminLimits。从属性中解析出MaxPageSize:
lDAPAdminLimits(13):MaxValRange = 1500; MaxReceiveBuffer = 10485760; MaxDatagramRecv = 4096; MaxPoolThreads = 4; MaxResultSetSize = 262144; MaxTempTableSize = 10000; MaxQueryDuration = 120; MaxPageSize = 1000 ; MaxNotificationPerConn = 5; MaxActiveQueries = 20; MaxConnIdleTime = 900; InitRecvTimeout = 120; MaxConnections = 5000;
要查找所有查询策略,请在CN = Query-Policies,CN = Directory Service,CN = Windows NT,CN = Services,CN = Configuration,域命名上下文中进行搜索(& (objectClass = queryPolicy))...或者对查询策略进行大量研究,弄清楚如何确定哪个适用于您的连接,或者采用最低的值并知道您的安全性。