Why:
performLdapSearch() uses a single ldap_search() call. Active Directory truncates results at 1000 entries by default, so large directories are silently partially synced. This is also a hard prerequisite for the lifecycle work: a truncated result set must never be mistaken for "objects disappeared from LDAP".
What:
- Use LDAP paged results (LDAP_CONTROL_PAGEDRESULTS), following what AuthLDAP core does (can_support_pagerange / pagesize fields on the LDAP connection)
- Respect the pagesize configured on the linked AuthLDAP
- Distinguish "search completed" from "search truncated/failed" in the return contract of performLdapSearch()
- Unit tests covering multi-page iteration and the truncation signal
Depends on:
Handle sync (merge of manual sync + dry-run)
Why:
performLdapSearch() uses a single ldap_search() call. Active Directory truncates results at 1000 entries by default, so large directories are silently partially synced. This is also a hard prerequisite for the lifecycle work: a truncated result set must never be mistaken for "objects disappeared from LDAP".
What:
Depends on:
Handle sync (merge of manual sync + dry-run)