LDAP config - Exceed Size Limit - MS Active Directory

Started by mjcig, October 21, 2014, 08:40:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

mjcig

October 21, 2014, 08:40:03 PM
Have an issue with configuring LDAP. I have downloaded the recent release 1.2.17 and unable to retrieve results from LDAP where we have more than 1000 objects in an OU.

Our environment runs on rhel 5.9 and interested in binding to Microsoft Active Directory. When I configure a test to bind to an OU with a small number of objects, I can successfully retrieve the objects and write them to the db.

[DEBUG] LDAPConnection::initLDAP(): Connecting to LDAP server
[DEBUG] LDAPConnection::syncUsers(): Found entry count: 48
[DEBUG] LDAPConnection::syncUsers(): Found dn: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[DEBUG] LDAPConnection::syncUsers(): Found dn: xxxxxxxxxxxxxxxxxxxx
[DEBUG] LDAPConnection::syncUsers(): User added: xxxxxxxxxxxxxxxxxxxxxxxxxxxx

However when I attempt to set the search scope to one of our larger OU and read in those objects, I receive an error Size Limit Exceed.
[DEBUG] LDAPConnection::syncUsers(): LDAP could not get search results. Error code: Size limit exceeded

Anyone have any suggestions or advice in reading and writing more than 1000 objects from an OU?
I have tried the below configuration along with many others with no luck.

(&(objectClass=*)(sizelimit=0)) or (&(objectClass=*)(sizelimit="none"))

Appreciate any input

tuomar

#1
November 03, 2014, 05:00:31 PM
Hi,

I'm not using NetXMS with ldap, but i think that you need check your servers (AD) MaxPageSize parameter.
Win2003/2008 MaxPageSize default value is 1000.

QuoteMaxPageSize value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSize value. To summarize, MaxPageSize controls the number of objects that are returned in a single search result.

Windows 2000 and Windows Server 2003 LDAP administration limits
http://support2.microsoft.com/kb/315071

Windows Server 2008 and newer domain controller returns only 5000 values in a LDAP response
http://support2.microsoft.com/kb/2009267

LDAP policies
http://technet.microsoft.com/en-us/library/cc770976.aspx

Rgs
TM


Victor Kirhenshtein

#2
November 04, 2014, 11:43:11 AM
Yes, this is AD LDAP page size limit. Next release of NetXMS will support LDAP paging so you'll be able to synchronize larger amount of users without increasing page size on AD LDAP server.

Best regards,
Victor
Print
Go Up Pages1
User actions