How to get the max. page size of Active Directory dynamically with Java

Question

I had an issue with my ldap-connection when the group has more then 1500 members. I could solve it with the following Code snippet. Altough this works I am very unsatisfied with the hardcoded PAGESIZE variable. Since this is a setting on the AD-Server I dont know if and when this will change. So my question is, if I can get this pagesize value dynamicaly with the javax-library or any other library? I am also curios if someone knows a completely different way of solving this issue. I think there must be a better way then generating this member-strings in the generateRangeString(int i) function.

package main.java;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import java.util.Properties;

public class LdapService {

    private static final int PAGESIZE = 1500;

    public void printAllMembersOfSpecificGroup() throws Exception {
        // Initialize
        LdapContext ldapContext = null;
        NamingEnumeration<SearchResult> results = null;
        NamingEnumeration<?> members = null;

        try {

            Properties properties = new Properties();
            properties.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            properties.put(Context.PROVIDER_URL, "ldap://url");
            properties.put(Context.SECURITY_AUTHENTICATION, "simple");
            properties.put(Context.SECURITY_PRINCIPAL, "Security Principle");
            properties.put(Context.SECURITY_CREDENTIALS, "password");


            ldapContext = new InitialLdapContext(properties, null);

            int range = 0;
            boolean finish = false;
            while (finish != true) {
                // Set search controls
                SearchControls searchCtls = new SearchControls();
                searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
                searchCtls.setReturningAttributes(generateRangeArray(range));

                // Get results
                results = ldapContext.search("base string", String.format("(CN=%s)", "Group name"), searchCtls);
                if (results.hasMoreElements() == true) {
                    SearchResult result = results.next();
                    try {
                        if(result.getAttributes().get(generateRangeString(range)) == null){
                            members = result.getAttributes().get(generateLastRangeString(range)).getAll();
                        } else {
                            members = result.getAttributes().get(generateRangeString(range)).getAll();
                        }
                        while (members.hasMore()) {
                            String distinguishedName = (String) members.next();
                            System.out.println(distinguishedName);
                        }
                        range++;
                    } catch (Exception e) {
                        // Fails means there is no more result
                        e.printStackTrace();
                        finish = true;
                    }
                }
            }
        } catch (NamingException e) {
            throw new Exception(e.getMessage());
        } finally {
            if (ldapContext != null) {
                ldapContext.close();
            }
            if (results != null) {
                results.close();
            }
        }
    }

    public static String[] generateRangeArray(int i) {
        String range = "member;range=" + i * PAGESIZE + "-" + ((i + 1) * PAGESIZE - 1);
        String[] returnedAtts = { range };

        return returnedAtts;
    }

    public static String generateRangeString(int i) {
        String range = "member;range=" + i * PAGESIZE + "-" + ((i + 1) * PAGESIZE - 1);

        return range;
    }
    public static String generateLastRangeString(int i) {
        String range = "member;range=" + i * PAGESIZE + "-" + "*";

        return range;
    }
}

Answer 1

If only the default query policy is used, search at CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, domain naming context (eg CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=example,DC=com) with a filter like "(&(cn=*))"

Return ldapAdminLimits. Parse MaxPageSize out of the attribute:

lDAPAdminLimits (13): MaxValRange=1500; MaxReceiveBuffer=10485760; MaxDatagramRecv=4096; MaxPoolThreads=4; MaxResultSetSize=262144; MaxTempTableSize=10000; MaxQueryDuration=120; MaxPageSize=1000 ; MaxNotificationPerConn=5; MaxActiveQueries=20; MaxConnIdleTime=900; InitRecvTimeout=120; MaxConnections=5000;

To find all of the query policies, search at CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, domain naming context for (&(objectClass=queryPolicy)) ... either research a lot about query policies and figure out how to determine which applies to your connection or take the lowest value and know you're safe.