HOR-623 "El feature enterprise 'LdapAdvanced' no retorna todos lo objetos" SOLVED

Issue: El feature enterprise "LdapAdvanced" no retorna todos lo objetos Cause: En el server ActiveDirectory se tiene mas de 1000 departamentos Solution: Se completo el uso de la funcion "ldap_control_paged_result" en: - ADMIN > Users > AuthenticationSources > SynchronizeDepartments - ADMIN > Users > AuthenticationSources > SynchronizeGroups Note: Los AuthenticationSources ya registrados deberan ser editados (no hacer cambios) y guardados nuevamente
2016-04-14 13:15:17 -04:00
parent a51721f684
commit ca8a74fdf7
3 changed files with 230 additions and 175 deletions
--- a/workflow/engine/bin/cron_single.php
+++ b/workflow/engine/bin/cron_single.php
@@ -112,7 +112,6 @@ try {
    define('DEBUG_CALENDAR_LOG', $arraySystemConfiguration['debug_calendar']);
    define('MEMCACHED_ENABLED',  $arraySystemConfiguration['memcached']);
    define('MEMCACHED_SERVER',   $arraySystemConfiguration['memcached_server']);
-    define('TIME_ZONE',          ini_get('date.timezone'));

    //require_once(PATH_GULLIVER . PATH_SEP . 'class.bootstrap.php');
    //define('PATH_GULLIVER_HOME', PATH_TRUNK . 'gulliver' . PATH_SEP);
--- a/workflow/engine/classes/class.ldapAdvanced.php
+++ b/workflow/engine/classes/class.ldapAdvanced.php
@@ -493,10 +493,10 @@ class ldapAdvanced
            $ldapErrorNr = 0;

            if ($link != null) {
-                $ldapErrorNr = @ldap_errno($link);
+                $ldapErrorNr = ldap_errno($link);

                if ( $ldapErrorNr != 0 ) {
-                    $ldapErrorMsg = @ldap_error($link);
+                    $ldapErrorMsg = ldap_error($link);
                    $text = $ldapErrorMsg . " : " . $text;
                }
            }
@@ -544,27 +544,24 @@ class ldapAdvanced
            }
        }

-        $ldapcnn = @ldap_connect($aAuthSource["AUTH_SOURCE_SERVER_NAME"], $aAuthSource["AUTH_SOURCE_PORT"]);
+        $ldapcnn = ldap_connect($aAuthSource['AUTH_SOURCE_SERVER_NAME'], $aAuthSource['AUTH_SOURCE_PORT']);

        $ldapServer = $aAuthSource["AUTH_SOURCE_SERVER_NAME"] . ":" . $aAuthSource["AUTH_SOURCE_PORT"] ;

-        @ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, $aAuthSource["AUTH_SOURCE_VERSION"]);
-        //$this->log($ldapcnn, "ldap set Protocol Version " . $aAuthSource["AUTH_SOURCE_VERSION"]);
-
-        @ldap_set_option($ldapcnn, LDAP_OPT_REFERRALS, 0);
-        //$this->log($ldapcnn, "ldap set option Referrals");
+        ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3);
+        ldap_set_option($ldapcnn, LDAP_OPT_REFERRALS, 0);

        if (isset($aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) && $aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) {
-            @ldap_start_tls($ldapcnn);
+            ldap_start_tls($ldapcnn);
            $ldapServer = "TLS " . $ldapServer;
            //$this->log($ldapcnn, "start tls");
        }

        if ($aAuthSource["AUTH_ANONYMOUS"] == "1") {
-            $bBind = @ldap_bind($ldapcnn);
+            $bBind = ldap_bind($ldapcnn);
            $this->log($ldapcnn, "bind $ldapServer like anonymous user");
        } else {
-            $bBind = @ldap_bind($ldapcnn, $aAuthSource["AUTH_SOURCE_SEARCH_USER"], $aAuthSource["AUTH_SOURCE_PASSWORD"]);
+            $bBind = ldap_bind($ldapcnn, $aAuthSource['AUTH_SOURCE_SEARCH_USER'], $aAuthSource['AUTH_SOURCE_PASSWORD']);
            $this->log($ldapcnn, "bind $ldapServer with user " . $aAuthSource["AUTH_SOURCE_SEARCH_USER"]);
        }

@@ -587,9 +584,9 @@ class ldapAdvanced
        try {
            $arrayAttributes = array();

-            $arrayAttributes["dn"] = @ldap_get_dn($ldapcnn, $entry);
+            $arrayAttributes['dn'] = ldap_get_dn($ldapcnn, $entry);

-            $arrayAux = @ldap_get_attributes($ldapcnn, $entry);
+            $arrayAux = ldap_get_attributes($ldapcnn, $entry);

            for ($i = 0; $i <= $arrayAux["count"] - 1; $i++) {
                $key = strtolower($arrayAux[$i]);
@@ -641,7 +638,7 @@ class ldapAdvanced
            if ($searchResult) {
                $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartmentSearchResult() > ldap_list > OK");

-                $numEntries = @ldap_count_entries($ldapcnn, $searchResult);
+                $numEntries = ldap_count_entries($ldapcnn, $searchResult);

                $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartmentSearchResult() > ldap_list > OK > \$numEntries ----> $numEntries");

@@ -650,7 +647,7 @@ class ldapAdvanced
                if ($numEntries > 0) {
                    $this->log($ldapcnn, "Search $dn accounts with identifier = $uidUserIdentifier");

-                    $entry = @ldap_first_entry($ldapcnn, $searchResult);
+                    $entry = ldap_first_entry($ldapcnn, $searchResult);

                    do {
                        $arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
@@ -682,7 +679,7 @@ class ldapAdvanced
                            //Progress bar
                            $this->frontEndShow("BAR", "Departments: " . $arrayData["i"] . "/" . $arrayData["n"] . " " . $this->progressBar($totalUser, $countUser));
                        }
-                    } while ($entry = @ldap_next_entry($ldapcnn, $entry));
+                    } while ($entry = ldap_next_entry($ldapcnn, $entry));
                }
            }

@@ -729,12 +726,8 @@ class ldapAdvanced
            $ldapcnn = $this->ldapcnn;

            //Get Users
-            $recordSize = 1000;
-
-            $flagGetUsers = true;
-
-            $flagLdapControlPagedResult = $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["LDAP_TYPE"] == "ad" && function_exists("ldap_control_paged_result");
-            $flagNextRecord = false;
+            $limit = $arrayAuthenticationSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'];
+            $flagError = false;

            if (!isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"])) {
                $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"] = "";
@@ -748,22 +741,15 @@ class ldapAdvanced

            $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter");

-            if ($flagLdapControlPagedResult) {
-                ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3);
-
-                $cookie = "";
-            }
+            $cookie = '';

            do {
-                if ($flagLdapControlPagedResult) {
-                    ldap_control_paged_result($ldapcnn, $recordSize, true, $cookie);
-                }
+                ldap_control_paged_result($ldapcnn, $limit, true, $cookie);

                $searchResult = @ldap_list($ldapcnn, $dn, $filter, $this->arrayAttributesForUser);
-                //$searchResult = @ldap_search($ldapcnn, $dn, $filter, $this->arrayAttributesForUser);

-                if ($error = @ldap_errno($ldapcnn)) {
-                    $flagGetUsers = false;
+                if ($error = ldap_errno($ldapcnn)) {
+                    $flagError = true;
                } else {
                    $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > OK");

@@ -777,15 +763,11 @@ class ldapAdvanced
                    }
                }

-                if ($flagLdapControlPagedResult) {
                ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie);
-
-                    $flagNextRecord = $cookie !== null && $cookie != "";
-                }
-            } while ($flagLdapControlPagedResult && $flagNextRecord);
+            } while (($cookie !== null && $cookie != '') && !$flagError);

            //Get Users //2
-            if (!$flagGetUsers) {
+            if ($flagError) {
                $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > Search by characters > START");

                foreach ($this->characters() as $value) {
@@ -799,10 +781,8 @@ class ldapAdvanced
                    $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter");

                    $searchResult = @ldap_list($ldapcnn, $dn, $filter, $this->arrayAttributesForUser);
-                    //$searchResult = @ldap_search($ldapcnn, $dn, $filter, $this->arrayAttributesForUser);

-                    if ($error = @ldap_errno($ldapcnn)) {
-                        //
+                    if ($error = ldap_errno($ldapcnn)) {
                        $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > ERROR > \$error ---->\n" . print_r($error, true));
                    } else {
                        $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > OK");
@@ -880,8 +860,7 @@ class ldapAdvanced

            $searchResult = @ldap_search($ldapcnn, $dn, $filter, array($memberAttribute));

-            if ($error = @ldap_errno($ldapcnn)) {
-                //
+            if ($error = ldap_errno($ldapcnn)) {
                $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > ERROR > \$error ---->\n" . print_r($error, true));
            } else {
                $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK1");
@@ -889,12 +868,12 @@ class ldapAdvanced
                if ($searchResult) {
                    $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2");

-                    $numEntries = @ldap_count_entries($ldapcnn, $searchResult);
+                    $numEntries = ldap_count_entries($ldapcnn, $searchResult);

                    $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > \$numEntries ----> $numEntries");

                    if ($numEntries > 0) {
-                        $entry = @ldap_first_entry($ldapcnn, $searchResult);
+                        $entry = ldap_first_entry($ldapcnn, $searchResult);

                        $arrayGroupMemberLdap = $this->ldapGetAttributes($ldapcnn, $entry);

@@ -928,8 +907,7 @@ class ldapAdvanced
                                //Synchronize User
                                $searchResult2 = @ldap_search($ldapcnn, $member, $filter2, $this->arrayAttributesForUser);

-                                if ($error = @ldap_errno($ldapcnn)) {
-                                    //
+                                if ($error = ldap_errno($ldapcnn)) {
                                    $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > ERROR > \$error ---->\n" . print_r($error, true));
                                } else {
                                    $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK1");
@@ -937,12 +915,12 @@ class ldapAdvanced
                                    if ($searchResult2) {
                                        $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK2");

-                                        $numEntries2 = @ldap_count_entries($ldapcnn, $searchResult2);
+                                        $numEntries2 = ldap_count_entries($ldapcnn, $searchResult2);

                                        $this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK2 > \$numEntries2 ----> $numEntries2");

                                        if ($numEntries2 > 0) {
-                                            $entry2 = @ldap_first_entry($ldapcnn, $searchResult2);
+                                            $entry2 = ldap_first_entry($ldapcnn, $searchResult2);

                                            $arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry2);

@@ -1313,15 +1291,15 @@ class ldapAdvanced

        $oSearch = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, $attributeSetAdd));

-        if ($oError = @ldap_errno($ldapcnn)) {
+        if ($oError = ldap_errno($ldapcnn)) {
            $this->log($ldapcnn, "Error in Search users");
        } else {
            if ($oSearch) {
-                $entries = @ldap_count_entries($ldapcnn, $oSearch);
+                $entries = ldap_count_entries($ldapcnn, $oSearch);
                $totalUser = $entries;

                if ( $entries > 0) {
-                    $oEntry = @ldap_first_entry($ldapcnn, $oSearch);
+                    $oEntry = ldap_first_entry($ldapcnn, $oSearch);

                    $countEntries=0;

@@ -1415,7 +1393,7 @@ class ldapAdvanced

                            $countEntries++;
                        }
-                    } while (($oEntry = @ldap_next_entry($ldapcnn, $oEntry)) && $flagNextRecord);
+                    } while (($oEntry = ldap_next_entry($ldapcnn, $oEntry)) && $flagNextRecord);
                }
            }
            /*
@@ -1486,14 +1464,14 @@ class ldapAdvanced

            $searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, $attributeSetAdd));

-            if ($error = @ldap_errno($ldapcnn)) {
+            if ($error = ldap_errno($ldapcnn)) {
                //
            } else {
                if ($searchResult) {
-                    $numEntries = @ldap_count_entries($ldapcnn, $searchResult);
+                    $numEntries = ldap_count_entries($ldapcnn, $searchResult);

                    if ($numEntries > 0) {
-                        $entry = @ldap_first_entry($ldapcnn, $searchResult);
+                        $entry = ldap_first_entry($ldapcnn, $searchResult);

                        $arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);

@@ -1646,54 +1624,66 @@ class ldapAdvanced
     */
    public function searchDepartments()
    {
-        if (!class_exists('RBAC')) {
-            G::LoadSystem('rbac');
-        }
+        try {
+            $arrayDepartment = [];

+            //Set variables
            $rbac = &RBAC::getSingleton();

            if (is_null($rbac->authSourcesObj)) {
                $rbac->authSourcesObj = new AuthenticationSource();
            }

-        $aAuthSource = $rbac->authSourcesObj->load($this->sAuthSource);
+            $arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->sAuthSource);

            if (is_null($this->ldapcnn)) {
-            $this->ldapcnn = $this->ldapConnection($aAuthSource);
+                $this->ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
            }

            $ldapcnn = $this->ldapcnn;

-        $sFilter = "(" . $this->arrayObjectClassFilter["department"] . ")";
+            //Get Departments
+            $limit = $arrayAuthenticationSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'];
+            $flagError = false;

-        $this->log($ldapcnn, "search Departments with Filter: $sFilter");
+            $filter = '(' . $this->arrayObjectClassFilter['department'] . ')';

-        $aDepts = array();
-        $unitsBase = $this->custom_ldap_explode_dn($aAuthSource['AUTH_SOURCE_BASE_DN']);
-        $oSearch = @ldap_search($ldapcnn, $aAuthSource["AUTH_SOURCE_BASE_DN"], $sFilter, array("dn", "ou"));
+            $this->log($ldapcnn, 'search Departments with Filter: ' . $filter);

-        if ($oError = @ldap_errno($ldapcnn)) {
-            $this->log($ldapcnn, "Error in Search");
-            return $aDepts;
-        } else {
-            if ($oSearch) {
-                //the first node is root
-                $node = array();
-                $node['dn']          = $aAuthSource['AUTH_SOURCE_BASE_DN'];
-                $node['parent']      = '';
-                $node['ou']          = 'ROOT';
-                $node['users']       = '0';
-                $aDepts[] = $node;
+            $unitsBase = $this->custom_ldap_explode_dn($arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN']);

-                //get departments from the ldap entries
-                if (@ldap_count_entries($ldapcnn, $oSearch) > 0) {
-                    $oEntry = @ldap_first_entry($ldapcnn, $oSearch);
+            $cookie = '';

            do {
-                        $aAttr = $this->ldapGetAttributes($ldapcnn, $oEntry);
-                        $unitsEqual = $this->custom_ldap_explode_dn($aAttr['dn']);
+                ldap_control_paged_result($ldapcnn, $limit, true, $cookie);

-                        if ( count($unitsEqual ) == 1 && $unitsEqual[0] == '' ) {
+                $searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'], $filter, ['dn', 'ou']);
+
+                if ($error = ldap_errno($ldapcnn)) {
+                    $this->log($ldapcnn, 'Error in Search');
+
+                    $flagError = true;
+                } else {
+                    if ($searchResult) {
+                        //The first node is root
+                        if (empty($arrayDepartment)) {
+                            $arrayDepartment[] = [
+                                'dn'     => $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'],
+                                'parent' => '',
+                                'ou'     => 'ROOT',
+                                'users'  => 0
+                            ];
+                        }
+
+                        //Get departments from the ldap entries
+                        if (ldap_count_entries($ldapcnn, $searchResult) > 0) {
+                            $entry = ldap_first_entry($ldapcnn, $searchResult);
+
+                            do {
+                                $arrayEntryData = $this->ldapGetAttributes($ldapcnn, $entry);
+                                $unitsEqual = $this->custom_ldap_explode_dn($arrayEntryData['dn']);
+
+                                if (count($unitsEqual) == 1 && $unitsEqual[0] == '') {
                                    continue;
                                }

@@ -1701,28 +1691,34 @@ class ldapAdvanced
                                    unset($unitsEqual[0]);
                                }

-                        if ( isset( $aAttr['ou'] ) && !is_array($aAttr['ou']) ) {
-                            $node = array();
-                            $node['dn']          = $aAttr['dn'];
-                            $node['parent']      = isset ($unitsEqual[1]) ? implode(',', $unitsEqual) : '';
-                            $node['ou']          = trim($aAttr['ou']);
-                            $node['users']       = '0';
-                            $aDepts[] = $node;
+                                if (isset($arrayEntryData['ou']) && !is_array($arrayEntryData['ou'])) {
+                                    $arrayDepartment[] = [
+                                        'dn'     => $arrayEntryData['dn'],
+                                        'parent' => (isset($unitsEqual[1]))? implode(',', $unitsEqual) : '',
+                                        'ou'     => trim($arrayEntryData['ou']),
+                                        'users'  => 0
+                                    ];
+                                }
+                            } while ($entry = ldap_next_entry($ldapcnn, $entry));
                        }
-                    } while ($oEntry = @ldap_next_entry($ldapcnn, $oEntry));
-                    //$this->createDepartments ($aDepts);
                    }
                }

-            $sDeptos = '';
+                ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie);
+            } while (($cookie !== null && $cookie != '') && !$flagError);

-            foreach ($aDepts as $dep) {
-                $sDeptos .= ' ' . $dep['ou'];
+            $str = '';
+
+            foreach ($arrayDepartment as $dep) {
+                $str .= ' ' . $dep['ou'];
            }

-            $this->log($ldapcnn, "found ". count($aDepts) . " departments: $sDeptos");
+            $this->log($ldapcnn, 'found '. count($arrayDepartment) . ' departments: ' . $str);

-            return $aDepts;
+            //Return
+            return $arrayDepartment;
+        } catch (Exception $e) {
+            throw $e;
        }
    }

@@ -1749,18 +1745,18 @@ class ldapAdvanced

        $oSearch = @ldap_search($ldapcnn, $aAuthSource["AUTH_SOURCE_BASE_DN"], $dFilter, $this->arrayAttributesForUser);

-        if ($oError = @ldap_errno($ldapcnn)) {
+        if ($oError = ldap_errno($ldapcnn)) {
            return $aUsers;
        } else {
            if ($oSearch) {
                //get the departments from the ldap entries
-                if (@ldap_count_entries($ldapcnn, $oSearch) > 0) {
-                    $oEntry    = @ldap_first_entry($ldapcnn, $oSearch);
+                if (ldap_count_entries($ldapcnn, $oSearch) > 0) {
+                    $oEntry = ldap_first_entry($ldapcnn, $oSearch);

                    do {
                        $aAttr = $this->ldapGetAttributes($ldapcnn, $oEntry);
                        $aUsers[] = $this->ldapGetUsersFromDepartment("GET", $aAttr["dn"]);
-                    } while ($oEntry = @ldap_next_entry($ldapcnn, $oEntry));
+                    } while ($oEntry = ldap_next_entry($ldapcnn, $oEntry));
                    //$this->createDepartments ($aDepts);
                }
            }
@@ -2275,74 +2271,81 @@ class ldapAdvanced
     */
    public function searchGroups()
    {
-        if (!class_exists('RBAC')) {
-            G::LoadSystem('rbac' );
-        }
+        try {
+            $arrayGroup = [];

+            //Set variables
            $rbac = &RBAC::getSingleton();

            if (is_null($rbac->authSourcesObj)) {
                $rbac->authSourcesObj = new AuthenticationSource();
            }

-        $aAuthSource = $rbac->authSourcesObj->load($this->sAuthSource);
+            $arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->sAuthSource);

            if (is_null($this->ldapcnn)) {
-            $this->ldapcnn = $this->ldapConnection($aAuthSource);
+                $this->ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
            }

            $ldapcnn = $this->ldapcnn;

-        $filter = "(" . $this->arrayObjectClassFilter["group"] . ")";
+            //Get Groups
+            $limit = $arrayAuthenticationSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'];
+            $flagError = false;

-        $this->log($ldapcnn, "search groups with Filter: $filter");
+            $filter = '(' . $this->arrayObjectClassFilter['group'] . ')';

-        $aGroups = array();
-        $searchResult = @ldap_search($ldapcnn, $aAuthSource["AUTH_SOURCE_BASE_DN"], $filter, array("dn", "cn"));
+            $this->log($ldapcnn, 'search groups with Filter: ' . $filter);

-        if ($oError = @ldap_errno($ldapcnn)) {
-            $this->log($ldapcnn, "Error in Search");
-
-            return $aGroups;
-        } else {
-            if ($searchResult) {
-                //the first node is root
-                $node = array();
-                /*$node['dn']          = $aAuthSource['AUTH_SOURCE_BASE_DN'];
-                $node['parent']      = '';
-                $node['cn']          = 'ROOT';
-                $node['users']       = '0';
-                $aGroups[] = $node;*/
-
-                //get groups from the ldap entries
-                $numEntries = @ldap_count_entries($ldapcnn, $searchResult);
-
-                if ($numEntries > 0) {
-                    $entry = @ldap_first_entry($ldapcnn, $searchResult);
+            $cookie = '';

            do {
-                        $aAttr = $this->ldapGetAttributes($ldapcnn, $entry);
+                ldap_control_paged_result($ldapcnn, $limit, true, $cookie);

-                        if ( isset( $aAttr['cn'] ) && !is_array($aAttr['cn']) ) {
-                            $node = array();
-                            $node['dn']          = $aAttr['dn'];
-                            $node['cn']          = trim($aAttr['cn']);
-                            $node['users']       = '0';
-                            $aGroups[] = $node;
+                $searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'], $filter, ['dn', 'cn']);
+
+                if ($error = ldap_errno($ldapcnn)) {
+                    $this->log($ldapcnn, 'Error in Search');
+
+                    $flagError = true;
+                } else {
+                    if ($searchResult) {
+                        //Get groups from the ldap entries
+                        $countEntries = ldap_count_entries($ldapcnn, $searchResult);
+
+                        if ($countEntries > 0) {
+                            $entry = ldap_first_entry($ldapcnn, $searchResult);
+
+                            do {
+                                $arrayEntryData = $this->ldapGetAttributes($ldapcnn, $entry);
+
+                                if (isset($arrayEntryData['cn']) && !is_array($arrayEntryData['cn'])) {
+                                    $arrayGroup[] = [
+                                        'dn'    => $arrayEntryData['dn'],
+                                        'cn'    => trim($arrayEntryData['cn']),
+                                        'users' => 0,
+                                    ];
+                                }
+                            } while ($entry = ldap_next_entry($ldapcnn, $entry));
                        }
-                    } while ($entry = @ldap_next_entry($ldapcnn, $entry));
                    }
                }

-            $sGroups = '';
+                ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie);
+            } while (($cookie !== null && $cookie != '') && !$flagError);

-            foreach ($aGroups as $group) {
-                $sGroups .= ' ' . $group['cn'];
+            $str = '';
+
+            foreach ($arrayGroup as $group) {
+                $str .= ' ' . $group['cn'];
            }

-            $this->log($ldapcnn, "found ". count($aGroups) . " groups: $sGroups");
+            $this->log($ldapcnn, 'found '. count($arrayGroup) . ' groups: ' . $str);

-            return $aGroups;
+            //Return
+            return $arrayGroup;
+        } catch (Exception $e) {
+            throw $e;
        }
    }

@@ -2750,11 +2753,11 @@ class ldapAdvanced

            $searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, array_values($arrayAttributesToSync)));

-            if ($error = @ldap_errno($ldapcnn)) {
+            if ($error = ldap_errno($ldapcnn)) {
                //
            } else {
                if ($searchResult) {
-                    $numEntries = @ldap_count_entries($ldapcnn, $searchResult);
+                    $numEntries = ldap_count_entries($ldapcnn, $searchResult);

                    if ($numEntries > 0) {
                        //Default attributes to sync
@@ -2793,7 +2796,7 @@ class ldapAdvanced
                        }

                        //Get Users from LDAP Server
-                        $entry = @ldap_first_entry($ldapcnn, $searchResult);
+                        $entry = ldap_first_entry($ldapcnn, $searchResult);

                        do {
                            $arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
@@ -2856,7 +2859,7 @@ class ldapAdvanced
                                    }
                                }
                            }
-                        } while ($entry = @ldap_next_entry($ldapcnn, $entry));
+                        } while ($entry = ldap_next_entry($ldapcnn, $entry));
                    }
                }
            }
@@ -2895,7 +2898,7 @@ class ldapAdvanced
            $ldapcnn = $this->ldapcnn;

            //Update Users
-            $recordSize = 1000; //$recordStart
+            $limit = $arrayAuthenticationSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'];
            $count = 0;

            $uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]))? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
@@ -2911,7 +2914,7 @@ class ldapAdvanced
                $filterUsers .= "($uidUserIdentifier=" . $arrayUserData["USR_USERNAME"] . ")";
                $arrayUserUid[] = $arrayUserData["USR_UID"];

-                if ($count == $recordSize) {
+                if ($count == $limit) {
                    list($totalUser, $countUser) = $this->ldapUsersUpdateData($ldapcnn, $arrayAuthenticationSourceData, $filterUsers, $arrayUserUid, array("totalUser" => $totalUser, "countUser" => $countUser));

                    $count = 0;
@@ -2928,5 +2931,39 @@ class ldapAdvanced
            throw $e;
        }
    }
+
+    /**
+     * Get page size limit for a search result
+     *
+     * @param resource $ldapcnn LDAP link identifier
+     * @param string   $baseDn  The base DN for the directory
+     *
+     * @return int Returns the page size limit for a search result
+     */
+    public function getPageSizeLimit($ldapcnn, $baseDn = '')
+    {
+        try {
+            $limit = 1000;
+
+            if ($ldapcnn === false) {
+                return $limit;
+            }
+
+            $searchResult = @ldap_search($ldapcnn, $baseDn, '(|(objectclass=*))', ['dn']);
+
+            if ($searchResult) {
+                $countEntries = ldap_count_entries($ldapcnn, $searchResult);
+
+                if ($countEntries > 0) {
+                    $limit = ($countEntries > $limit)? $limit : $countEntries;
+                }
+            }
+
+            //Return
+            return $limit;
+        } catch (Exception $e) {
+            throw $e;
+        }
+    }
 }

--- a/workflow/engine/methods/authSources/ldapAdvancedProxy.php
+++ b/workflow/engine/methods/authSources/ldapAdvancedProxy.php
@@ -149,7 +149,25 @@ switch ($function) {
            unset($aData['AUTH_SOURCE_GRID_ATTRIBUTE']);
            unset($aData['AUTH_SOURCE_SHOWGRID']);
        }
+
        $aFields['AUTH_SOURCE_DATA'] = $aData;
+
+        //LDAP_PAGE_SIZE_LIMIT
+        $ldapAdvanced = new ldapAdvanced();
+
+        try {
+            $arrayAuthenticationSourceData = $aFields;
+            $arrayAuthenticationSourceData['AUTH_SOURCE_VERSION'] = 3;
+
+            $aFields['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'] = $ldapAdvanced->getPageSizeLimit(
+                $ldapAdvanced->ldapConnection($arrayAuthenticationSourceData),
+                $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN']
+            );
+        } catch (Exception $e) {
+            $aFields['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'] = $ldapAdvanced->getPageSizeLimit(false);
+        }
+
+        //Save
        if ($aFields['AUTH_SOURCE_UID'] == '') {
            $RBAC->createAuthSource( $aFields );
        } else {
@@ -327,6 +345,7 @@ switch ($function) {
            }

            $arrayAuthenticationSourceData = $_POST;
+            $arrayAuthenticationSourceData['AUTH_SOURCE_VERSION'] = 3;

            //Test connection
            $ldapAdvanced = new ldapAdvanced();