Add user form ad not working for ou's with many users.

[WillemDH]

Hello,

Just needed to add an ad user from an ou which has a lot of users in it. But the Add user from ad functionality seems to fail listing all the users. So it stops at the letter e somwhere while the user I need to add starts with an M. Is there any workaround for this issue?

Willem

[mcapra]

There are some issues with getting results from AD when there are more than 1000 total results returned:
https://msdn.microsoft.com/en-us/librar ... s.85).aspx

Essentially, AD returns results greater than 1000 in size as paginated results. PHP's ldap functions can handle paginated results on versions greater than 5.4.0, but not every XI user is running that version (many are on RHEL/CentOS 6 which distributes PHP 5.3 via yum). This is an issue we are aware of. We'd basically have to manually patch and recompile the PHP ldap library for all users on RHEL/Cent versions less than 7, which would be a massive pain in the butt to maintain.

[WillemDH]

Hmm, ok...... So is there any workaround? I can't really sell this over here. I also can't split up my 6k users into 6 ou's...

Upgrading to CentOS 7 is something I really don't have the time for. Any suggestions?

[ssax]

There are two workarounds, none of which will allow you to page through the results:

1. You can change the limit on the Windows side, that's what is limiting it, it will then display as many as you want on the single page:

Please open up an administrative command prompt and run these commands on the domain controller to see what the settings are, this is what resolved it on mine:

Code: Select all

ntdsutil.exe [enter]
ldap policies [enter]
connections [enter]
connect to server dc1.contoso.local [enter]
quit [enter]
show values [enter]

The part that we are interested in is the MaxPageSize settings, mine was set to 1000 so I ran this:

Code: Select all

set maxpagesize to 5000 [enter]
commit changes [enter]
quit [enter]
quit [enter]

Then on your XI server, edit your /etc/php.ini, adjust the settings to what you set in the previous commands:

Code: Select all

max_input_vars = 5000
suhosin.post.max_vars = 5000
suhosin.request.max_vars = 5000

Then restart the HTTPD service:

Code: Select all

service httpd restart

2. Add the users manually from Admin > Manage Users > Add New User, select Active Directory for Auth Type, select the AD Server, and type in their AD Username.


Let us know if you have any questions.


Thank you

[SteveBeauchemin]

Willem,

I saw this post and became a little worried. We have a large AD setup with all USA users in one OU.

So I just did a test to see what my Production installation would do.

I went to Admin tab, LDAP/AD Integration and clicked the hyperlink to import users.

I then selected the OU where users exist, and waited a minute or two for the screen to populate.

I was able to copy from the Nagios page and paste the list of users to a text editor where I could see line numbers.

The list showed 15838 users.

The only setting changes I can think of that could affect this are the changes I made in /etc/php.ini a while back.

Try these numbers and see if things get better for your setup.

Code: Select all

vi /etc/php.ini
;max_execution_time = 30
max_execution_time = 180

;max_input_time = 60
max_input_time = 180

;memory_limit = 128M
memory_limit = 512M

Steve B

[WillemDH]

2. Add the users manually from Admin > Manage Users > Add New User, select Active Directory for Auth Type, select the AD Server, and type in their AD Username.

The above worked for me. Didn't knew that was an option. Please close.