This issue use to raise it's head quite often with the introduction of the HEAT to LDAP connector however it's starting to become more applicable to the ITSM link as well.
LDAP search size limit exceeded errors
LDAP search size limit exceeded errors can appear in the HLL log file, usually due to this reason: the total number of records you say you want to import (as determined by the Base DN you selected) exceeds the number of records the LDAP server can permit you to read. The default limit for Windows 2000 is 1000 users, while for iPlanet Directory Server is 2000 users. For example, if you were importing from Windows 2000 and selected a Base DN that contained 1500 users, then only the first 1000 will be imported, and an LDAP search size limit exceeded error will appear in the log right after the Starting Profile Updates message.
To resolve the issue the fix must be done via an Active Directory admin.
Active Directory properties, including those of its LDAP Server component, are controlled using the Ntdsutil.exe. Documentation can be found here: http://support.microsoft.com/default.aspx?scid=KB;EN-US;q315071
The changes below are to allow the downloading of at least 15,000 records. New values are in parenthesis; the rest are defaults.
Policy Current(New)
MaxPoolThreads 4
MaxDatagramRecv 1024
MaxReceiveBuffer 10485760
InitRecvTimeout 120
MaxConnections 5000
MaxConnIdleTime 900
MaxActiveQueries 20
MaxPageSize 1000(15000)
MaxQueryDuration 120
MaxTempTableSize 10000
MaxResultSetSize 262144(6000000)
MaxNotificationPerConn 5
The two settings that appear to be an issue are:
MaxPageSize - Maximum page size that is supported for LDAP responses (default: 1,000 records).
MaxResultSetSize - Maximum size in bytes of the LDAP Result Set (default: 262144 bytes).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment