ldap Size limit exceeded error
1,852 views
Skip to first unread message
mdb
Sep 24, 2012, 5:17:57 PM9/24/12
to resour...@googlegroups.com
Hey people
I am trying to get the posixldap plugin working and I think I have it work except that I ran into an interesting problem
It seems that I have exceeded the Sizelimit
C:\inetpub\wwwroot\rs2012\plugins\posixldapauth\hooks\ldap_class.php line 282: ldap_search(): Partial search results returned: Sizelimit exceeded
So how can I get around this? Is there a size limit set somewhere that I can just raise?
Thanks!
mdb
Sep 24, 2012, 9:47:44 PM9/24/12
to resour...@googlegroups.com
Here is some additional info on my ldap config that I downloaded from the plugin
{"ResourceSpacePlugin":"posixldapauth"}
{
"enable":true
"ldapserver":"
mycompanydomain.corp.
mycompany.com"
"port":"389"
"basedn":"DC=
mycompanydomain,DC=corp,DC=
mycompany,DC=com"
"loginfield":"samaccountname"
"usersuffix":"NULL"
"createusers":true
"groupbased":true
"newusergroup":"9"
"ldapusercontainer":"OU=UserAccounts"
"ldaptype":"1"
"rootdn":"me[at]mycompany.com"
"rootpass":"xxx"
"addomain":"mycompanydomain"
}
Is there a way to narrow down the container maybe instead of trying to get everyone in the company?
Thanks!
David Mac (new)
Sep 29, 2012, 3:09:36 AM9/29/12
to ResourceSpace
Hi
What kind of directory are you integrating into?
There is normally a maximum number of entries returned by a search
request which is set in the directory server itself and nothing the
plugin can do about it.
As it's an Active Directory server, there is a hard limit that it will
only return 1000 results, and trigger the error if there are more than
1000 results of the search.
To be honest, I haven't coded the plugin to handle this as I have yet
to come across a situation where there are 1000 + users, but it's a
modification that I should probably do!
It maybe possible to create another container in the AD for the
specific users that need access to that, but it would have to be
something like:
ou=rsusers,dc=mycomany etc.
Then set the ldap user container to that. You might be able to nest a
group inside that container in the AD, but this is not something I've
tested.
Regards
David
What kind of directory are you integrating into?
There is normally a maximum number of entries returned by a search
request which is set in the directory server itself and nothing the
plugin can do about it.
As it's an Active Directory server, there is a hard limit that it will
only return 1000 results, and trigger the error if there are more than
1000 results of the search.
To be honest, I haven't coded the plugin to handle this as I have yet
to come across a situation where there are 1000 + users, but it's a
modification that I should probably do!
It maybe possible to create another container in the AD for the
specific users that need access to that, but it would have to be
something like:
ou=rsusers,dc=mycomany etc.
Then set the ldap user container to that. You might be able to nest a
group inside that container in the AD, but this is not something I've
tested.
Regards
David
David Mac (new)
Sep 29, 2012, 3:20:29 AM9/29/12
to ResourceSpace
Hi again
I've just realised I should not reply before the second cup of coffee!
It's not the users that are the problem but the groups.
This is indicating that you have over 1000 groups in the AD, is this
the case?
Regards
David
I've just realised I should not reply before the second cup of coffee!
It's not the users that are the problem but the groups.
This is indicating that you have over 1000 groups in the AD, is this
the case?
Regards
David
Cameron Paine
Sep 10, 2014, 1:30:42 PM9/10/14
to resour...@googlegroups.com
I have the same issue and wondered if there was an update? I work for a University in the UK and we have many thousands of users and groups in our Active Directory and so the plugin has problems with
error. Binding is fine and the Test button is happy but if I activate the plugin I get
ldap_class.php line 423: ldap_search(): Partial search results returned: Sizelimit exceeded
whatever I try for the settings. I don't want the whole University to have access but even if I specify a User Container further down the tree
OU=dept,OU=sub2,OU=sub1,OU=groups
it still gives the
ldap_class.php line 423: ldap_search(): Partial search results returned: Sizelimit exceeded
Sorry, an error has occurred.
Also it does seem that the test button doesn't check the User Container bit of the path but appending it to the Base DN as I can put in non existent entries and the Test will pass them.
Cameron.
David Mac (new)
Sep 13, 2014, 5:53:26 AM9/13/14
to resour...@googlegroups.com
Hi Cameron
Sorry to hear you're having problems, and sorry it's taken me a couple of days to reply.
Can you email me privately so I can help you diagnose this problem. Hopefully we can work out a solution as I don't have an Active Directory big enough to test against but I have some ideas of how this might be solved if you are happy to help with the testing?
What version of the plugin are you using.
Regards
David
Branden Strickland
Sep 30, 2014, 4:33:24 PM9/30/14
to resour...@googlegroups.com
I realize this might be getting a bit stale - but were you able to sort this out? I'm in a large AD env with many many groups and get the same error.
Just curious... I'm trying to narrow my scope enough so that it doesn't give me any issues.
David Mac (new)
Oct 1, 2014, 8:59:03 AM10/1/14
to resour...@googlegroups.com
Hi Branden
No, I haven't been able to resolve this yet.
If your happy to help try and solve the problem, could you email me a screen shot of your setup page and a copy of the Apache error log file.
Then we can start to debug this and hopefully fix the problem.
Regards
David
Branden Strickland
Oct 1, 2014, 9:31:37 AM10/1/14
to resour...@googlegroups.com
Sure thing - Just give me a bit of time - I'm working on other issues today... This project is sort of a side project I'm helping another group with. I'll probably get to it a little later today.
ddbtest...@gmail.com
Oct 7, 2014, 9:42:28 AM10/7/14
to resour...@googlegroups.com
Hi guys,
I'm having the same problem:
ldap_class.php line 423: ldap_search(): Partial search results returned: Sizelimit exceeded
Any help appreciated. No doubt we have well over 1000 groups and 1000 users in our AD.
Many thanks.
ddbtest...@gmail.com
Oct 7, 2014, 9:49:48 AM10/7/14
to resour...@googlegroups.com
FWIW I'm not even bothered about group mapping, I'd be happy with just plain old AD authentication to log into ResourceSpace and create a corresponding user with general access...
Any lines of the plugin that I could comment out to get this working?
ddbtest...@gmail.com
Oct 7, 2014, 9:58:17 AM10/7/14
to resour...@googlegroups.com
Here is the Apache error log in case that helps:
[Tue Oct 07 14:53:19 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/pages/setup.php 13 Pre submit check , referer: http://myservername/web/pages/team/team_plugins.php
[Tue Oct 07 14:53:19 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/pages/setup.php 66 Submit not Detected, attempting to load config from DB , referer: http://myservername/web/pages/team/team_plugins.php
[Tue Oct 07 14:53:39 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/pages/setup.php 13 Pre submit check , referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:39 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/pages/setup.php 19 Submit detected, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:43 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::connect 65 Connected to LDAP Server 192.168.21.143, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:43 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::auth 109 Attempting to Auth my....@myaddress.com, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:43 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::auth 123 Auth Succesfull for my....@myaddress.com, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:43 2014] [error] [client 192.168.21.99] user cn = my.name, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:43 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::auth 138 Searching dc=my-domain,dc=local for (samaccountname=my.name), referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:43 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::auth 150 Num entries returned = 0, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:43 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::auth 151 searching on userPrincipalName my....@myaddress.com, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:43 2014] [error] [client 192.168.21.99] ldapauth:ajax_test_login.php line 35 GOT TO THE GROUP CHECK, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:43 2014] [error] [client 192.168.21.99] PHP Notice: Undefined index: groupcont in /var/www/html/web/plugins/posixldapauth/pages/ajax_test_login.php on line 93, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:43 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::listGroups 420 - ldap_search ( dc=my-domain,dc=local,(&(objectCategory=group))), referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:43 2014] [error] [client 192.168.21.99] PHP Warning: ldap_search(): Partial search results returned: Sizelimit exceeded in /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php on line 423, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:43 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::listGroups 428 - attempting to get entries, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:43 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::listGroups 439 - 1000 entries returned, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:43 2014] [error] [client 192.168.21.99] ldapauth:ajax_test_login.php line 39 Found Groups, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:45 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/pages/setup.php 13 Pre submit check , referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:45 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/pages/setup.php 19 Submit detected, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:45 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/pages/setup.php 106 Auth is enabled , referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:45 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::connect 65 Connected to LDAP Server 192.168.21.143, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:45 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::auth 109 Attempting to Auth my....@myaddress.com, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:45 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::auth 123 Auth Succesfull for my....@myaddress.com, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:45 2014] [error] [client 192.168.21.99] user cn = my.name, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:45 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::auth 138 Searching dc=my-domain,dc=local for (samaccountname=my.name), referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:45 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::auth 150 Num entries returned = 0, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:45 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::auth 151 searching on userPrincipalName my....@myaddress.com, referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:45 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/pages/setup.php 131 GOT TO THE GROUP SELECT , referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
[Tue Oct 07 14:53:45 2014] [error] [client 192.168.21.99] /var/www/html/web/plugins/posixldapauth/hooks/ldap_class.php ldapAuth::listGroups 420 - ldap_search ( dc=my-domain,dc=local,(&(objectCategory=group))), referer: http://myservername/web/plugins/posixldapauth/pages/setup.php
ddbtest...@gmail.com
Oct 29, 2014, 9:48:11 AM10/29/14
to resour...@googlegroups.com
Hey all! Brandon, any update on this? Many thanks!
David Mac (new)
Oct 30, 2014, 9:41:58 AM10/30/14
to resour...@googlegroups.com
Hi All
I'm going to be looking into this further over the next couple of days. Apologies for the delay but I've been waylaid with other projects and sick kids :(
ddbtest...@gmail.com
Oct 30, 2014, 9:45:28 AM10/30/14
to resour...@googlegroups.com
Hey David, thanks for that: shout if you need any more info/testing.
I hope your little ones are feeling better now.
ddbtest...@gmail.com
Dec 8, 2014, 12:39:23 PM12/8/14
to resour...@googlegroups.com
Hi David, let me know if you need any help troubleshooting or testing this.
It'd be great to be able to get LDAP working in our slightly larger AD environment (i.e. have the ability to restrict to certain OUs, which I think is causing the problem as there are too many objects in our entire AD).
Thanks!
ddbtest...@gmail.com
Feb 26, 2015, 10:03:28 AM2/26/15
to resour...@googlegroups.com
Hi David,
I’ve just been testing your updated AD plugin with our ResourceSpace install, and I have to say it works amazingly well! Great work!
The group mapping works well, there are no more errors due to too many LDAP groups, and the PDF documentation makes it easier to understand how to configure the plugin.
AD/LDAP is a key feature when looking at any DAM system, and this was one thing that slightly let RS down when I was first evaluating.
This is no longer a problem. Top work indeed, thanks!
Brandon Epler
Mar 10, 2015, 5:11:33 PM3/10/15
to resour...@googlegroups.com
Hello,
Can someone help me with the configuration of LDAP? I updated all of the files in the plugins folder for ldap but when I click test all I get it "Status in error" I do not see what the error actually is. Would someone be able to give me assistance with this?
Thank you so much!
David Mac (new)
Mar 16, 2015, 6:28:28 AM3/16/15
to resour...@googlegroups.com
Thanks very much for your kind words of support.
It's great to get feedback :)
Reply all
Reply to author
Forward
0 new messages