I'm trying to use apoc.load.ldap to load data from Microsoft Active Directory into Neo4j. The query works if I provide filter criteria that limits the amount of entries returned from LDAP. But when the LDAP result exceeds the 5,000 maximum the query fails.
This same issue occurs with the LDAP search command. In the case of LDAPSearch, it can be resolved by adding a "page results" (-E pr=1000/noprompt) command line parameter like:
ldapsearch -LLL -H ldap://myldap:389 -b 'cn=Users,dc=my,dc=ds,dc=company,dc=com' -D 'userid' -w 'password' -E pr=1000/noprompt '(&(objectClass=group)(member=*))' cn uid objectClass
How can I configure the equivalent "page results" option for apoc.load.ldap to resolve the Sizelimit Exceeded error?
A fragment from the log file showing the error:
LDAPException: Sizelimit Exceeded (4) Sizelimit Exceeded
LDAPException: Matched DN:
at com.novell.ldap.LDAPResponse.getResultException(LDAPResponse.java:407)
at com.novell.ldap.LDAPResponse.chkResultCode(LDAPResponse.java:370)
at com.novell.ldap.LDAPSearchResults.next(LDAPSearchResults.java:289)
at apoc.load.LoadLdap$SearchResultsIterator.get(LoadLdap.java:213)
at apoc.load.LoadLdap$SearchResultsIterator.next(LoadLdap.java:204)
at apoc.load.LoadLdap$SearchResultsIterator.next(LoadLdap.java:186)
Example query:
call apoc.load.ldap("msad",
{searchBase : "dc=my,dc=ds,dc=company,dc=com",searchScope : "SCOPE_SUB"
,attributes : ["member","cn","uid","objectClass"]
,searchFilter: "(&(objectClass=*)(member=*)(cn=z*))"}) yield entry
merge (g:SecurityADGroup {name : entry.cn})
foreach (member in entry.member |
merge (p:AccountUser { uid : split(substring(member,3),',')[0] })
merge (p)-[:IS_MEMBER]->(g)
)
Version: 3.5.4