I have been working on a script where I needed to get all the users who were member of a specific MS AD group. Because of PHP bug #42060 ( http://bugs.php.net/bug.php?id=42060 ) I could not get all the users back who were member of the group.
After googling for a day I found an article and a patch but it required that I downloaded the source code for php 5.1.6 or 5.2.10 run the patch and than recompile the code to fix the problem.
Problem was
1) I am not a Linux goeroe so I was not very comfortable doing this....
2) I am running the script on a production machine with other code using PHP and did not know what the consequence would bee for that code.
3) I could not update PHP anymore because in newer versions this patch would probably not work any more.
But yesterday I saw the light and wrote some code to get around this problem, maybe other people can use it that have the same problem.
<?PHP
$startFilter = "(&(memberOf=" .$ADGroup. "))";
$startResults = ldap_search($ldapconnect, $userBase, $startFilter, $attr);
$countResult = ldap_count_entries($ldapconnect,$startResults);
IF($countResult == 1000 OR $countResult == 1500)
{
// loop trough the number 97-122 (ASCII number for the characters a-z)
For($a=97;$a<=122;$a++)
{
// translate the number to a character
$character = chr($a);
// the new search filter withs returns all users with a last name starting with $character
$filter = "(&(sn=$character*)(memberOf=$ADGroup))";
$results = ldap_search($ldapconnect, $userBase, $filter, $attr);
$countResult2 = ldap_count_entries($ldapconnect,$results);
// See if the search for all users starting with a specific character still hits the search limit
// if so than do a new search to find all the users where the last name starts with "aa" and
// than with "ab", "ac" etc. etc
// In the best case we can now find 675.324 users per group when the search limit is 1000
// ((26 * 999 for the fist character) * 26 for the second character)
// and 1.013.324 when the search limit is 1500
If($countResult2 == 1000 or $countResult2 == 1500)
{
For($b=97;$b<=122;$b++)
{
$character2 = chr($b);
$filter2 = "(&(sn=$character$character2*)(memberOf=$ADGroup))";
$results2 = ldap_search($ldapconnect, $userBase, $filter2, $attr);
$count2 = ldap_count_entries($ldapconnect,$results2);
$entries2 = ldap_get_entries($ldapconnect,$results2);
// do your thing
}
}
Else
{
$entries = ldap_get_entries($ldapconnect,$results);
// do your thing
}
}
}
else
{
$entries = ldap_get_entries($ldapconnect,$startResults);
// do your thing
}
?>