When searching large data sets, the results can be numerous and produce errors about a request matching too many results relative to the lookthrough limit. Paged searches avoid these errors and also reduce memory utilization.
The paged SCIM searches feature is not available for entry-balanced data sets.
To use paged SCIM searches, your SCIM service's backend servers must be LDAP directory servers and you must use the LDAP store adapter.
Complete the following one-time operations. For either command, you only need to run the command one time per backend server. If you are not sure whether you have run the command, you can run it again safely.
- Set the service account’s permissions by running the
prepare-external-store
command on the PingAuthorize server for each backend server.Note:For example:If you have run this command with PingDataGovernance 8.1.0.0 or earlier, run it again using the command from a PingDataGovernance 8.2.0.0 or a PingAuthorize 8.3.0.0 or later release.
$ prepare-external-store --hostname server.example.com --port 1389 \ --bindDN "cn=Directory Manager" --bindPassword <password1> \ --governanceBindDN "cn=Authorize User,cn=Root DNs,cn=config" \ --governanceBindPassword <password2> \ --userStoreBaseDN ou=people,dc=example,dc=com
- If your LDAP store adapter points to a PingDirectoryProxy server, run the following command on
that
server:
$ dsconfig set-request-processor-prop \ --processor-name <proxying-request-processor> \ --set supported-control-oid:2.16.840.1.113730.3.4.9 \ --set supported-control-oid:1.2.840.113556.1.4.473
<proxying-request-processor>
is the request processor handling the entries targeted by the search.
PingAuthorize performs SCIM searches using LDAP requests. After you complete the steps below, PingAuthorize creates LDAP requests that include request controls asking the backend servers to sort and page the search results before returning the results. These request controls are marked noncritical, meaning that if the backend server cannot page the results, the backend server still returns the results. In this case, PingAuthorize handles the sorting and paging itself.
If your SCIM searches result in an error because the request matched too many results, as discussed in Lookthrough limit for SCIM searches, you can avoid the error by using paged searches.
Complete the following steps for each search: