Large AD group causes the members to be removed from the pg-group.

Question

Large AD group causes the members to be removed from the pg-group.

ycauld opened this issue 3 years ago · 5 comments

A large AD from with 1501 members fails to merge the users with the pg-group. As a result all of the members of the pg-group have their membership revoked from the pg-group. The issue start when the three members were add to the AD group taking the number of members from 1498 to 1501. removing the three members allows the sync to work correctly.

Answer 1 · 2022-02-21T05:45:18.000Z

Probably related to: https://stackoverflow.com/questions/11984305/always-getting-1500-member-of-distribution-list-using-powershell#11984702

Answer 2 · 2022-02-23T08:42:26.000Z

Here's an example of how to retrieve the members in batches per ruby-net-ldap: ruby-ldap/ruby-net-ldap#208 (comment)
Something like this needs to be implemented into pg-ldap-sync here to fix the above issue.

Answer 3 · 2022-08-17T07:40:09.000Z

Hi @larskanis , we have the same issue. is there any plan when to fix it? we are not familiar with Ruby so we can't raise PR but we are glad to help to test if needed. thanks!

Answer 4 · 2022-09-23T12:28:30.000Z

Fixed by #37

Answer 5 · 2022-12-02T15:57:09.000Z

pg-ldap-sync-0.4.0 is released. It should support groups with more than 1500 users out of the box with no further configuration. Could you please try it out?