Open jmcclane opened 5 years ago
Does your LDAP server acutally support paging? Try something like this to check:
ldapsearch -LLL -x -H ldaps://ldap.yourdomain.xy -D "cn=binduser,dc=yourdomain,dc=xy," -b "" -W -s base '(supportedControl=1.2.840.113556.1.4.319)'
If you don't get a result, the LDAP server doesn't support it.
You can also request pagedResults explicitly and mark them es critical with the exclamation mark:
ldapsearch -LLL -x -H ldaps://ldap.yourdomain.xy -E '!pr=2/prompt' -D "cn=binduser,dc=yourdomain,dc=xy," -b "cn=something_existant" -W -s base
If the server doesn't support pagedResults, you'll get something like:
Critical extension is unavailable (12)
You can also use php to check, as shown here: https://www.php.net/manual/en/ldap.controls.php
The code in LdapUtility.php:
@ldap_control_paged_result( $this->connection, static::PAGE_SIZE, false, $this->paginationCookie )
doesn't seem to be a valid check for pagedResults support as the function even returned true in my tests, when pagination was marked as critical and the LDAP server didn't support pagedResults. To check for support it probably should be implemented like show'n in the php link I've pasted above.
In LdapUtility.php:312
@ldap_control_paged_result( $this->connection, static::PAGE_SIZE, false, $this->paginationCookie );
returns true, but every time it runs into LdapUtility.php:377
// Should never happen unless pagination is not supported, for some odd reason if ($entries['count'] == static::MAX_ENTRIES) { break; }
So that means there is no paging, anyone any hint?