This is my first attempt in trying to query our LDAP server for AD info. When I am trying to query the LDAP server here is what I'm trying to retrieve:
I am trying to retrieve all active employees with a countlimit of 500 records whose displayname starts with "sav", has an email address and has a userAccountControl attribute of 512. The problem I'm encountering is that I'm only getting back 8 records total. I should literally be getting back at least 35+ records.
I'm sure I've done something wrong in my syntax but I cannot find what it is. Any HELP/DIRECTION would be appreciated.
I would suggest looking at the 8 records you did get and the others that you expected to get but didn't get, and try to see what's the difference between the two sets. It could be something as obscure as trailing blanks in one of the attributes.
You could also remove the call to "setCountLimit" to see if that's limiting what you get back. Perhaps the count limit applies to the total count before the search filter is applied? Yes, I know that's a wild guess and I haven't read the API docs and so on...
I should only be getting back 10 records and I got 8. I looked at the 2 that were different and did not come back and they each had an email address and each had a userAccountControl value of 512. I did not notice ANY trailing or leading white spaces.
If there were any, how can I trim them in my search filter? Thanks again for your help and time in responding. Regards.
The possible reasons for the LDAP thing ignoring some records which you think should be included aren't limited to rogue whitespace. There could be others. I have no idea what they might be, though, that's why I suggested you look at the ignored records.
If you don't see anything different (even after you look at the attributes which you didn't think you were selecting) then try different queries which you think should select a certain subset of records and see what happens. Try making a query with some of the criteria removed from your original query, or with different criteria added and see if you get what you think you should get.
Paul, thanks for all the help. I downloaded a free AD tool to view all in AD that I needed and it showed me that the data was not the problem but I was just not hitting all the OU's that I needed because there is NOT just 1 OU where all our users are stored.
Consequently, after googling some more I found a page on the Oracle site regarding LDAP and I changed my LDAPContext to DirContext for my connection to do searches within the directory as well as using this context's REFERRAL and set the value to "follow" to avoid the PartialSearchException.
I thought I'd post my findings just in case some other newbie ran into the same issue.
If you see a downside to the changes I made please let me know. Regards.
Here is my corrected connection method that I did not include above: