[v11] Fetch and buffer all entries from LDAP search (#19002)

gravitational · Dec 21, 2022 · 059925a · 059925a
1 parent 5b0569d
commit 059925a
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/lib/srv/desktop/ldap.go b/lib/srv/desktop/ldap.go
@@ -25,6 +25,13 @@ import (
 	"github.com/gravitational/trace"
 )
 
+const (
+	// searchPageSize is desired page size for LDAP search. In Active Directory the default search size limit is 1000 entries,
+	// so in most cases the 1000 search page size will result in the optimal amount of requests made to
+	// LDAP server.
+	searchPageSize = 1000
+)
+
 // Note: if you want to browse LDAP on the Windows machine, run ADSIEdit.msc.
 type ldapClient struct {
 	cfg LDAPConfig
@@ -66,7 +73,7 @@ func (c *ldapClient) readWithFilter(dn string, filter string, attrs []string) ([
 	)
 	c.mu.Lock()
 	defer c.mu.Unlock()
-	res, err := c.client.Search(req)
+	res, err := c.client.SearchWithPaging(req, searchPageSize)
 	if ldap.IsErrorWithCode(err, ldap.ErrorNetwork) {
 		return nil, trace.ConnectionProblem(err, "fetching LDAP object %q", dn)
 	} else if err != nil {