Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
platform
active.directory
adsi
adsi.iis-admin
base
com_ole
complus_mts
component_svcs
database
directx
gdi
graphics_mm
internet.client
internet.server
internet.server.isapi-dev
localization
mapi
messaging
msi
mslayerforunicode
multimedia
networking
networking.ipv6
sdk_install
security
shell
telephony.tapi_2
telephony.tapi_3
telephony.tsp
telephony.wte
tools
ui
ui_shell
win_base_svcs
win16
  
 
date: Tue, 09 Oct 2007 03:51:20 -0000,    group: microsoft.public.platformsdk.active.directory        back       


LDAP search filter length    
Hi All,

Is there any limitation in Active Directory on LDAP search filter
length?
That is if I use a filter from my code like:
ldap:///base??sub?(|(cn=v1)(cn=v2)(cn=v3)....(cn=vN))

Here the number of values involved in ldap search is decided at
runtime for me. It could be even in hundreds. So, I would like to know
if there is any limitation in Active Directory on filter lengths.

If there is any limitation, is it tunable/configurable in Active
Directory or not? If it is, then from where, it is feasible change the
default configuration?

Thanks,
Ramakrishna.
date: Tue, 09 Oct 2007 03:51:20 -0000   author:   RamaKrishna Narla

Re: LDAP search filter length    
Ramakrishna wrote:

> Is there any limitation in Active Directory on LDAP search filter
> length?
> That is if I use a filter from my code like:
> ldap:///base??sub?(|(cn=v1)(cn=v2)(cn=v3)....(cn=vN))
>
> Here the number of values involved in ldap search is decided at
> runtime for me. It could be even in hundreds. So, I would like to know
> if there is any limitation in Active Directory on filter lengths.
>
> If there is any limitation, is it tunable/configurable in Active
> Directory or not? If it is, then from where, it is feasible change the
> default configuration?
>

There must be a limit, but I'm sure it is at least several thousand 
characters. I have used similar filters, but with objectSid or 
distinguishedName instead of cn, and never hit a limit. Of course, it could 
depend on the tool, provider, environment.

-- 
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
date: Tue, 9 Oct 2007 07:52:36 -0500   author:   Richard Mueller [MVP]

Re: LDAP search filter length    
I think the limit is in the overall LDAP message size, but not in the filter 
size.  I've used one with 10K characters before with no problem.

Joe K.

-- 
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Richard Mueller [MVP]"  wrote in 
message news:%23KK4INnCIHA.324@TK2MSFTNGP04.phx.gbl...
> Ramakrishna wrote:
>
>> Is there any limitation in Active Directory on LDAP search filter
>> length?
>> That is if I use a filter from my code like:
>> ldap:///base??sub?(|(cn=v1)(cn=v2)(cn=v3)....(cn=vN))
>>
>> Here the number of values involved in ldap search is decided at
>> runtime for me. It could be even in hundreds. So, I would like to know
>> if there is any limitation in Active Directory on filter lengths.
>>
>> If there is any limitation, is it tunable/configurable in Active
>> Directory or not? If it is, then from where, it is feasible change the
>> default configuration?
>>
>
> There must be a limit, but I'm sure it is at least several thousand 
> characters. I have used similar filters, but with objectSid or 
> distinguishedName instead of cn, and never hit a limit. Of course, it 
> could depend on the tool, provider, environment.
>
> -- 
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> -- 
>
>
date: Tue, 9 Oct 2007 10:25:29 -0500   author:   Joe Kaplan

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us