Storing large photos in jpegPhoto   

We are considering storing large images in an external AD, using the
jpegPhoto field. Files below 10 MB are working fine, but there seems to
be an invisible roof there. 11 MB files just fail with the error
message "Service is unavailable" (Com+ error code -532459699) when
using C# and DirectoryServices to store the image. There are no size
limits on the field in the AD, and it doesn't seem to be a timeout
issue.

Is there a limit to this field or does anyone have an idea why we run
into this limit?

Best regards,
Anders Bornholm

date: 22 May 2006 01:12:42 -0700   author:   unknown

Re: Storing large photos in jpegPhoto   

You might be hitting a limitation in the LDAP API itself with the maximum 
size of a single LDAP message.  I can't remember what the actual number here 
is, but it sounds like you might have hit it.

I'm not sure if there is a way around this, unfortunately, as I don't know 
if there is a policy you can change.  You may be out of luck.

Joe Richards or Dmitri Gavrilov may know off hand what the actual limit is 
and whether it can be changed.

Joe K.

-- 
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
 wrote in message 
news:1148285562.468083.171160@38g2000cwa.googlegroups.com...
> We are considering storing large images in an external AD, using the
> jpegPhoto field. Files below 10 MB are working fine, but there seems to
> be an invisible roof there. 11 MB files just fail with the error
> message "Service is unavailable" (Com+ error code -532459699) when
> using C# and DirectoryServices to store the image. There are no size
> limits on the field in the AD, and it doesn't seem to be a timeout
> issue.
>
> Is there a limit to this field or does anyone have an idea why we run
> into this limit?
>
> Best regards,
> Anders Bornholm
>

date: Mon, 22 May 2006 09:56:33 -0500   author:   Joe Kaplan \(MVP - ADSI\)

Re: Storing large photos in jpegPhoto   

The limit is in the LDAP Message Size and is defined in the directory service 
policy and is maintained (by default) in the Default Query Policy which can be found

CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows 
NT,CN=Services,<configuration NC DN>

The specific attribute is lDAPAdminLimits and the specific name/value pair is 
MaxReceiveBuffer and the default size is 10485760.

I would recommend being careful with raising it, this is a possible mechanism to 
attack the directory.

In general I wouldn't put photos in AD unless the photos are needed everywhere 
where the directory is replicated to. Usually you are better served throwing the 
images into a single file structure or SQL DB and linking to them.

   joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

         http://www.joeware.net/win/ad3e.htm



Joe Kaplan (MVP - ADSI) wrote:
> You might be hitting a limitation in the LDAP API itself with the maximum 
> size of a single LDAP message.  I can't remember what the actual number here 
> is, but it sounds like you might have hit it.
> 
> I'm not sure if there is a way around this, unfortunately, as I don't know 
> if there is a policy you can change.  You may be out of luck.
> 
> Joe Richards or Dmitri Gavrilov may know off hand what the actual limit is 
> and whether it can be changed.
> 
> Joe K.
>

date: Mon, 22 May 2006 21:50:13 -0400   author:   Joe Richards [MVP]

Re: Storing large photos in jpegPhoto   

That's the one I was looking for.  I glanced at it earlier, but didn't read 
the number correctly (off by a digit in my head ;) ), so thought that might 
be it.  That definitely seems like the problem though.

Agreed with Joe R.  Raising this limit is potentially dangerous.  If you are 
hell-bent on putting these objects into AD, then raise it to right above the 
bare mininum for the image you are going to post.  If that is going to be 
gigantic, it is probably a bad idea to do it anyway.  SQL server, file 
system or ADAM would likely be more appropriate.

Joe K.

-- 
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Joe Richards [MVP]"  wrote in message 
news:e1pj8sgfGHA.4080@TK2MSFTNGP03.phx.gbl...
> The limit is in the LDAP Message Size and is defined in the directory 
> service policy and is maintained (by default) in the Default Query Policy 
> which can be found
>
> CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows 
> NT,CN=Services,<configuration NC DN>
>
> The specific attribute is lDAPAdminLimits and the specific name/value pair 
> is MaxReceiveBuffer and the default size is 10485760.
>
> I would recommend being careful with raising it, this is a possible 
> mechanism to attack the directory.
>
> In general I wouldn't put photos in AD unless the photos are needed 
> everywhere where the directory is replicated to. Usually you are better 
> served throwing the images into a single file structure or SQL DB and 
> linking to them.
>
>   joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> Author of O'Reilly Active Directory Third Edition
> www.joeware.net
>
>
> ---O'Reilly Active Directory Third Edition now available---
>
>         http://www.joeware.net/win/ad3e.htm
>
>
>
> Joe Kaplan (MVP - ADSI) wrote:
>> You might be hitting a limitation in the LDAP API itself with the maximum 
>> size of a single LDAP message.  I can't remember what the actual number 
>> here is, but it sounds like you might have hit it.
>>
>> I'm not sure if there is a way around this, unfortunately, as I don't 
>> know if there is a policy you can change.  You may be out of luck.
>>
>> Joe Richards or Dmitri Gavrilov may know off hand what the actual limit 
>> is and whether it can be changed.
>>
>> Joe K.
>>

date: Tue, 23 May 2006 09:27:59 -0500   author:   Joe Kaplan \(MVP - ADSI\)