Size limit exceeded error for Active Directory Authentication
Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Size limit exceeded error for Active Directory Authentication
Hello --
We are running Red Hat Enterprise 7.1 on one of our servers, and Active Directory authentication has been configured for the user logins. We have been able to establish the binding setup on the server in question, but we are experiencing issues with the size limit setting. The log output for the authentication attempt is shown below:
Quote:
2017-11-17 10:10:10,044: INFO gcs - LdapInterface::login(...)
2017-11-17 10:10:10,044: DEBUG gcs - Options were initialized successfully.
2017-11-17 10:10:10,044: INFO gcs - Initialized connection with URL ldap://172.18.1.16:389
2017-11-17 10:10:10,044: DEBUG gcs - Try to bind to ldap://172.18.1.16:389 by using the type of simple
2017-11-17 10:10:10,044: DEBUG gcs - Using simple authentication to bind the user CN=SV562,CN=Users,DC=partners,DC=org.
2017-11-17 10:10:10,049: DEBUG gcs - Binding the user CN=SV562,CN=Users,DC=partners,DC=org has been successful.
2017-11-17 10:10:10,049: DEBUG gcs - Binding to user[CN=SV562,CN=Users,DC=partners,DC=org] has been successful!
2017-11-17 10:10:10,049: DEBUG gcs - Connecting to the host [ ldap://172.18.1.16:389 ] was successful!
2017-11-17 10:10:10,049: DEBUG gcs - Searching [ldap://172.18.1.16:389], base [CN=Users,DC=partners,DC=org], filter [(objectClass=*)], scope [1]
2017-11-17 10:10:10,115: ERROR gcs - Searching LDAP server was failed, the reason is Size limit exceeded
2017-11-17 10:10:10,115: INFO gcs - The authentication [SV565] has failed, due to connection: Fetching groups information has failed : The searching has failed, the reason is : Size limit exceeded
We believe a connection timeout could be occurring so to that end, the timeout setting on the server was set to 1000, but that did not solve the problem. Is there another setting(s) that can be adjusted on the Linux server, or at this point, should I look at the Active Directory settings?
Hello --
We are running Red Hat Enterprise 7.1 on one of our servers, and Active Directory authentication has been configured for the user logins. We have been able to establish the binding setup on the server in question, but we are experiencing issues with the size limit setting. The log output for the authentication attempt is shown below:
Code:
2017-11-17 10:10:10,044: INFO gcs - LdapInterface::login(...)
2017-11-17 10:10:10,044: DEBUG gcs - Options were initialized successfully.
2017-11-17 10:10:10,044: INFO gcs - Initialized connection with URL ldap://172.18.1.16:389
2017-11-17 10:10:10,044: DEBUG gcs - Try to bind to ldap://172.18.1.16:389 by using the type of simple
2017-11-17 10:10:10,044: DEBUG gcs - Using simple authentication to bind the user CN=SV562,CN=Users,DC=partners,DC=org.
2017-11-17 10:10:10,049: DEBUG gcs - Binding the user CN=SV562,CN=Users,DC=partners,DC=org has been successful.
2017-11-17 10:10:10,049: DEBUG gcs - Binding to user[CN=SV562,CN=Users,DC=partners,DC=org] has been successful!
2017-11-17 10:10:10,049: DEBUG gcs - Connecting to the host [ ldap://172.18.1.16:389 ] was successful!
2017-11-17 10:10:10,049: DEBUG gcs - Searching [ldap://172.18.1.16:389], base [CN=Users,DC=partners,DC=org], filter [(objectClass=*)], scope [1]
2017-11-17 10:10:10,115: ERROR gcs - Searching LDAP server was failed, the reason is Size limit exceeded
2017-11-17 10:10:10,115: INFO gcs - The authentication [SV565] has failed, due to connection: Fetching groups information has failed : The searching has failed, the reason is : Size limit exceeded
We believe a connection timeout could be occurring so to that end, the timeout setting on the server was set to 1000, but that did not solve the problem. Is there another setting(s) that can be adjusted on the Linux server, or at this point, should I look at the Active Directory settings?
Size Limit Exceeded is an LDAP server error indicating that the search request was unable to return all entries due to the search limit. The problem is that the users or groups you are looking for may not have been in the entries that were returned. In AD, the default size limit is typically 1000 entries. The LDAP server error is usually followed by an error indicating the number of entries returned which is a few entries less than the actual size limit. There is nothing you can do to change this limit unless you are the LDAP server administrator.
Also, again, you are using RHEL 7.1...have you contacted the Red Hat support you're PAYING FOR (RIGHT??) and asked them? Or looked in the Red Hat knowledgebase? There is a known issue with a patch: https://access.redhat.com/solutions/628793
...which you will not get if you're not paying for RHEL. And after using Samba and Linux for TWELVE YEARS now, it's surprising you cannot troubleshoot this issue.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.