LDAP / Active Directory Import Users limited functionality

[jpelley]

LDAP / Active Directory Import Users is setup on my NagiosXI install and works for some user additions but not others. There appears to be a view display <1000 rows limitation built into the application. What I mean by that is, I have over 1000 users just in one AD container for one site and any users after the 1000th row are not visible for me to import (I do not want to import entire directories).

On another note, I am migrating from Nagios Core (using the Ninja front end) to NagiosXI and have 100+ users I need to drag over, is there a faster more efficient way to bring them into the new system? It appears users and contacts are two different things to XI (no flat config file for Users as far as I can tell).

[jomann]

Unfortunately there is no flat configuration files for users - and the contact and the user are different but the contact in core is what allows you to set specific permissions for a user in Nagios XI. The contact should match the username of the user in Nagios XI.

About the LDAP/AD integration import section - I saw another user had a problem with importing the users also, with a similar limit. I actually think I have a fix for this and if you'd like to try it (we don't have an AD server with +1000 users to test this on) we would need to edit a single file on your Nagios XI server. Basically the sizelimit is not being set, setting it to 0 will make the size limit be unlimited.

File location: /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/classes/adLDAPFolders.php

Line 128: change end of line
));
to
), 0, 0);

Line 135: change end of line
));
to
), 0, 0);

[jpelley]

That does not work, it blanks out the tree from view. Can't see any objects.

[jomann]

I'm sorry, I read an old explanation of what that first variable does. It should be 0, 0. Tested it on my system and the tree views show up again. Also edited the above post with the new variables.

[jpelley]

AD tree is back but still only displays <1000 rows.

[jomann]

So then from my understanding, that removes the size limit from the client side. Which is the PHP library. The notice for the sizelimit on the php website is:

Note:
This parameter can NOT override server-side preset sizelimit. You can set it lower though.
Some directory server hosts will be configured to return no more than a preset number of entries. If this occurs, the server will indicate that it has only returned a partial results set. This also occurs if you use this parameter to limit the count of fetched entries.

Is it possible that the server is set to only return 1000?

Edit: Looks like this is something that is set for Windows:
http://windowsitpro.com/networking/conq ... ilt-limits
Under heading "LDAP Maximum Page Size" - you can set MaxPageSize which is default to 1000

I'll also look into ways that we can do a "second page" call as stated in that article, as a way to bypass the limit.

[jpelley]

I am unable to ascertain that until tomorrow... however, if I could manually add people with AD credentials that would be a work around, but it does not function. When I tell it is an AD account it still sends the user an email as if I created a local account (it won't even retain the AD option, nor the AD Username).

[jomann]

That's a bug that recently got fixed. It will be in the bug fix release that is coming either tomorrow or Thursday.

[jpelley]

Has this been released and I somehow missed it?

[hsmith]

What version are you currently on? 5.2.0 is the newest.