I have a question and comments for #1 and #3.

First of all, can you tell us what version of IDM and what version of the
LDAP driver you are using?

1, I have found that OID doesn't always have proper values for the
namingcontexts attribute on the rootDSE. The migrate feature relies on
values being correct. It should be possible for an OID administrator to
modify these values to make them represent the DNs of root-level containers
you are interested in searching.

You mentioned a return limit of 50 entries. As far as I know the driver has
no such limit. Without a trace I can't really tell what you are referring
to, but you may be referring the way query results are passed from the
driver to the engine. Beginning in IDM3 there is a feature called query-ex
that attempts to prevent Java from running out of memory when returning
large query results. The default behavior for this feature is to report
query results to the engine in blocks of 50. The engine should continue
asking for new blocks of 50 as long as there are more entries to return.
when functioning properly, this is not a limitation at all, but rather a
to improve memory usage.

3. The way the driver finds start and end points of the changelog was
improved in September 2004. If you are using a driver that is older than
that, you should definitely update. The current field patch for the IDM3
version of the driver can be found at

If you try #1 and #3 above and still have trouble, posting a level 3 driver
trace from driver initialization through the problem is usually helpful.



>>> On 5/10/2006 at 10:15 AM, in message

Uwe Carsten Krause<ukrause@myrealbox.com> wrote:
> Hi all,
> I found some for me very strange things in the LDAP driver when using it
> with OID. May be someone can direct me to some solutions...
> 1. If you issue a Migrate into Vault, a query is generated (so far so
> good), which has a maximum return limit of 50 (!!!) Entries (why this at
> all, this should be set on the LDAP Server and not on the client). Even
> then I will get no documents back (I have 28k Objects). If I use
> Ldapsearch I can get all the 28k
> 2. If I try to reset the email address in the filter and I add an user,
> logically a new modify document is generated which will remove all values

> in OID. This will give me an error because of insufficient rights. Funny,

> because if I do this with the same account and use ldapbrowser 2.8.2 it
> works fine. If I change the account of the driver to orcladmin (THE
> USER), I will get the same error. Any ideas?
> 3. My changelog had about 750.000 Entries. As I installed the driver, I
> always got the message, the driver cannot determine the lates changlog
> numer and it did the query always for No. 0 to 999 (looked as I did not
> have the necessary rights, but it wasn't). As I set the maximum Batch
> Size to 1.000.000 immediately the driver got the right changelog number.
> Any explanation on this? (BTW I can very this behavior)
> the whole stuff was giving me a hard time with the OID guys, so any
> explanation / help is apriciated.