Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Add user form ad not working for ou's with many users.

https://support.nagios.com/forum/viewtopic.php?t=42950

Page 1 of 1

Add user form ad not working for ou's with many users.

Posted: Wed Mar 15, 2017 7:47 am
by WillemDH
Hello,

Just needed to add an ad user from an ou which has a lot of users in it. But the Add user from ad functionality seems to fail listing all the users. So it stops at the letter e somwhere while the user I need to add starts with an M. Is there any workaround for this issue?

Willem

Re: Add user form ad not working for ou's with many users.

Posted: Wed Mar 15, 2017 10:34 am
by mcapra
There are some issues with getting results from AD when there are more than 1000 total results returned:
https://msdn.microsoft.com/en-us/librar ... s.85).aspx

Essentially, AD returns results greater than 1000 in size as paginated results. PHP's ldap functions can handle paginated results on versions greater than 5.4.0, but not every XI user is running that version (many are on RHEL/CentOS 6 which distributes PHP 5.3 via yum). This is an issue we are aware of. We'd basically have to manually patch and recompile the PHP ldap library for all users on RHEL/Cent versions less than 7, which would be a massive pain in the butt to maintain.

Re: Add user form ad not working for ou's with many users.

Posted: Wed Mar 15, 2017 1:56 pm
by WillemDH
Hmm, ok...... So is there any workaround? I can't really sell this over here. I also can't split up my 6k users into 6 ou's...

Upgrading to CentOS 7 is something I really don't have the time for. Any suggestions?

Re: Add user form ad not working for ou's with many users.

Posted: Wed Mar 15, 2017 4:40 pm
by ssax
There are two workarounds, none of which will allow you to page through the results:

1. You can change the limit on the Windows side, that's what is limiting it, it will then display as many as you want on the single page:

Please open up an administrative command prompt and run these commands on the domain controller to see what the settings are, this is what resolved it on mine:

Code: Select all

ntdsutil.exe [enter]
ldap policies [enter]
connections [enter]
connect to server dc1.contoso.local [enter]
quit [enter]
show values [enter]
The part that we are interested in is the MaxPageSize settings, mine was set to 1000 so I ran this:

Code: Select all

set maxpagesize to 5000 [enter]
commit changes [enter]
quit [enter]
quit [enter]
Then on your XI server, edit your /etc/php.ini, adjust the settings to what you set in the previous commands:

Code: Select all

max_input_vars = 5000
suhosin.post.max_vars = 5000
suhosin.request.max_vars = 5000
Then restart the HTTPD service:

Code: Select all

service httpd restart

2. Add the users manually from Admin > Manage Users > Add New User, select Active Directory for Auth Type, select the AD Server, and type in their AD Username.


Let us know if you have any questions.


Thank you

Re: Add user form ad not working for ou's with many users.

Posted: Wed Mar 15, 2017 5:33 pm
by SteveBeauchemin
Willem,

I saw this post and became a little worried. We have a large AD setup with all USA users in one OU.

So I just did a test to see what my Production installation would do.

I went to Admin tab, LDAP/AD Integration and clicked the hyperlink to import users.

I then selected the OU where users exist, and waited a minute or two for the screen to populate.

I was able to copy from the Nagios page and paste the list of users to a text editor where I could see line numbers.

The list showed 15838 users.

The only setting changes I can think of that could affect this are the changes I made in /etc/php.ini a while back.

Try these numbers and see if things get better for your setup.

Code: Select all

vi /etc/php.ini
;max_execution_time = 30
max_execution_time = 180

;max_input_time = 60
max_input_time = 180

;memory_limit = 128M
memory_limit = 512M
Steve B

Re: Add user form ad not working for ou's with many users.

Posted: Thu Mar 16, 2017 5:51 am
by WillemDH
2. Add the users manually from Admin > Manage Users > Add New User, select Active Directory for Auth Type, select the AD Server, and type in their AD Username.
The above worked for me. Didn't knew that was an option. Please close.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited