Home Forums OS X Server and Client Discussion Active Directory dscl search in AD broken in 10.5.6?

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • February 16, 2009 at 6:17 pm #375418
    pme
    Participant

    Hi,

    we have a few scripts running to create home directories for our AD users on our OS X servers. Up until 10.5.6 they’ve worked great but now they don’t.

    In the beginning we used:
    dscl localhost list /Search/Users SMBHome | grep servername

    That almost worked. But some of the newly created users didn’t show up. So we changed it to:
    dscl localhost search /Search/Users SMBHome *servername*
    Which both did a better adn faster search.

    This has worked fine using all iterations of MOSXS from 10.4.11 to 10.5.5 (excluding 10.5.0 ;))

    But now, using 10.5.6, the search doesn’t find anything. Using “list” doesn’t work better than it did before, leaving all new users behind.

    Of course a:
    dscl localhost read /Search/Users/username SMBHome
    prints the home directory for any given user. Likewise using “Active Directory/All Domains/”, search/list doesn’t work but read does.

    Is there anyone that can shed some light on this?

    thanks

    /P-M

    February 17, 2009 at 9:01 am #375428
    pme
    Participant

    [QUOTE][u]Quote by: MacTroll[/u][p]I’m assuming you have a large number of users in your domain?[/p][/QUOTE]

    No, not really. 1219 as of today.

    If I replace the “Active Directory.dsplug” with version 1.6.2 (from 10.5.5) everything works as before. Is it a bug in the dsplug or is it a config thing in our AD?

    thanks

    /P-M

    February 18, 2009 at 6:52 am #375445
    pme
    Participant

    [QUOTE][u]Quote by: pme[/u]If I replace the “Active Directory.dsplug” with version 1.6.2 (from 10.5.5)[/p][/QUOTE]

    Correcting myself here: it’s plug version 1.6.2 from 10.5.4. Both 1.6.3 (from 10.5.5) and 1.6.4 (from 10.5.6) doesn’t work…

    /P-M

    February 20, 2009 at 4:23 pm #375492
    pme
    Participant

    [QUOTE][u]Quote by: MacTroll[/u][p]If you regress with a previous version of hte plugin and it works… that smells like a bug and you should file that.

    I was asking the size of the AD as you could have been running into issues with paged LDAP responses. Typically AD will only give out 1000 records in response to a list. So you’d only be getting the records that match within the first 1000 records.[/p][/QUOTE]

    Bug filed. (ID# 6607362)

    The mismatch between the “list” and “search” are definitely due to the paged response.

    We’ve backed the servers depending on this search to version 1.6.2 of the .dsplug.

    /P-M

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.