I was hoping to get to ask about the status of some LDAP features during the chat today, but since there were problems with the chat server, I’‘ll leave my comments here so I don’'t forget them.
Where are we on JM-129 and JM-130? These are showstoppers for me. I’‘m wanting to use JM at my org (a university) and need these features before I can go to production. I’'ve voted for these.
Non-showstoppers I’‘d also like to see are JM-121, JM-189, and JM-183. I’'ve voted for these.
Without JM-130, the User Summary admin page pulls in what looks like every active directory object since my uid attribute is set to sAMAccountName. I get computers and everything showing up in the User Summary. Because of this, I found a limitation where the LDAP search results all limited to 1000 results returned. Looks like a default constraint in java:
I can promise JM-130 for Jive Messenger 2.1.2. JM-129 is still scheduled for a future release but won’'t make it for 2.1.2.
Robert Kelly has been working on JM-121 and he sent me some code that I need to review. I’‘m hoping that it can get incorporated soon. JM-189 will be resolved for 2.1.2. Can you reproduce it? So far only one person has run into this issue and I’‘m not sure it’‘s a true problem. JM-183 is an interesting feature. However, we haven’'t seen any clients that provide good support for it yet. Does the client you use have good support?
The Javadoc link you sent actually doesnt apply to Jive Messenger – we use the JNDI LDAP classes and not the ones from netscape. I tested against an LDAP directory with 13K users today and it seemed to work fine. Based on that test, we actually made some changes to the UI. See ldap1.png (attached) vs ldap2.png. I’'m doing testing with OpenLDAP. What server are you testing with? Is it possible that the 1K limit is something configured in your server?
Perhaps this 1000 users limit is set somewhere in the Active Directory. I ran into the same limitation on my setup. The problem is that i have no control over the AD (its administered by other people) so i can´t really go modifying parameters on the AD Server…
Glad to hear that JM-130 will be resolved in 2.1.2. I really want to have JM-129 before I roll this out to our entire org, but I’‘ll look at doing a small pilot program in the meantime. I’'m also wanting to test out Live Assistant too, so that might buy you some time to get JM-129 fixed.
JM-121 would be nice, but it’'s not a big deal for us. Our people have methods of retrieving that info through other applications.
I have not yet reproduced JM-189, but I wanted to make sure I got some attention. I’‘ve only tested that “bug” with Exodus, and it doesn’‘t appear to let me login with an empty password. I’'ll try to replicate the problem.
The only reason I mentioned JM-183 was that it sounds useful. I have know idea what clients support it. Probably should have saved that for a different post.
As for the 1000 LDAP results limitation, it appears to be an Active Directory limitation. I’'ve followed the steps outlined here:
but it doesn’‘t change anything – User Summary still only shows the first 1000 results after I increased the MaxPageSize to 1100. I’'ll keep investigating this.
test out Live Assistant too, so that might buy you
some time to get JM-129 fixed.
Be sure to try the Jive Live Assistant 2.1 version (beta will be available soon). It’'s built on the latest version of Jive Messenger and is much nicer than 1.1. Of course, if you were to purchase Live Assistant, that could certainly motivate us to get JM-129 done faster for your implementation.
As for the 1000 LDAP results limitation, it appears
to be an Active Directory limitation. I’'ve followed
I believe the issue with the max results is due to the ldap queries not using a paged results control.
There is a difference between a max results setting and whether or not a client or server serves or queries blocks or pages of max result size. This is not AD specific. You can set paged results in OpenLdap and probably many other directory servers also.
That example uses a sun specific(com.sun.) PagedResultsControl. I think Messenger may need to implement this(paged results) to support larger ldap installations using paged results. A check will need to be made on the directory server’'s schema to see if it supports the control.
Wow! I had no idea that PagedResultControl existed. Is there a standard way to do a schema check as you suggest? I really wish there was an efficient way to do count queries in LDAP as well…
test out Live Assistant too, so that might buy you
some time to get JM-129 fixed.
Be sure to try the Jive Live Assistant 2.1 version
(beta will be available soon). It’'s built on the
latest version of Jive Messenger and is much nicer
than 1.1. Of course, if you were to purchase Live
Assistant, that could certainly motivate us to get
JM-129 done faster for your implementation.
Can give me a projection on how long it will be before 2.1beta is released and more importantly how long it will be in beta? If you want to keep it mum, PM me.
As for the 1000 LDAP results limitation, it appears
to be an Active Directory limitation. I’'ve followed
but it doesn’'t change anything – User Summary still
only shows the first 1000 results after I increased
the MaxPageSize to 1100. I’'ll keep investigating this.
Let us know what you find.
I just noticed that I am getting the 1100 results now, so my modifications to AD did work. I guess it just takes a while for it to take effect (typical, really).