An member server has some application using service account to query active directory for users and groups. I am using LDP to connect/bind and do queries using LDP.exe , "Bind" works succesfully with the account, "LDAP Search" works with both LDAP and LDAPS;the issue is, they are doing something called "Virtual List View" query and its throwing up error when subtree is used; below are my questions.
Whats is the difference between SEARCH and VIRTUAL LIST VIEW?
Why does VLW work when"one level" is selected and it throws out an error ("Unavailable Critical Extension") when "subtree" is selected?
Best Answer
VLV searches where introduced to help creating applications that need to show a scrollable list of the results of a search with features such as paging, smooth scrolling, without having to bring the entire result-set on the client. See:
http://tools.ietf.org/html/draft-ietf-ldapext-ldapv3-vlv-04However, this required to create a separate index for almost the exact search that the application was performing (eg sn=* sorted ascending on sn), or else the server could deny serving your request. I used to work with this feature on iPlanet LDAP 10+ years ago, so in AD some things could be different but my guess is that an index is missing in AD.If you don't want to use VLV for this type of application, there is no point to use it.