grouper-users - [grouper-users] Grouper Loader LDAP and AD page size limitations
Subject: Grouper Users - Open Discussion List
List archive
- From: Rob Gorrell <>
- To: "" <>
- Subject: [grouper-users] Grouper Loader LDAP and AD page size limitations
- Date: Wed, 3 Aug 2016 09:20:27 -0400
I was trying to do a SIMPLE_LDAP loader job to load the disabled users in our AD (userAccountControl attrb) and couldn't figure out why it failed to load any members. After searching around a bit I realized we have over 1000 disabled users matching this LDAP query and it remembered AD has a default server-side limit of 1000
entries as the maximum number of results that are returned in a single
LDAP request. Sure enough, when I enabled debug logging, I see grouper hitting a Sizelimit Exceeded. So, my question is, without modifying my LDAP filter to return less than 1000 results, is there a way to make Grouper LDAP client do some sort of Paged Results control so I can load large groups against an AD LDAP directory?
2016-08-03 08:54:52,400: [main] DEBUG AbstractResultHandler.process(95) - - Ignoring naming exception
javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3084)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2785)
at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:147)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:216)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189)
at edu.vt.middleware.ldap.handler.AbstractResultHandler.process(AbstractResultHandler.java:83)
at edu.vt.middleware.ldap.AbstractLdap.search(AbstractLdap.java:231)
at edu.vt.middleware.ldap.Ldap.search(Ldap.java:431)
at edu.vt.middleware.ldap.Ldap.search(Ldap.java:347)
at edu.vt.middleware.ldap.Ldap.search(Ldap.java:273)
at edu.internet2.middleware.grouper.ldap.LdapSession$1.callback(LdapSession.java:289)
at edu.internet2.middleware.grouper.ldap.LdapSession.callbackLdapSession(LdapSession.java:236)
at edu.internet2.middleware.grouper.ldap.LdapSession.list(LdapSession.java:271)
at edu.internet2.middleware.grouper.app.loader.db.GrouperLoaderResultset.<init>(GrouperLoaderResultset.java:345)
at edu.internet2.middleware.grouper.app.loader.GrouperLoaderType$6.runJob(GrouperLoaderType.java:746)
at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.runJobLdap(GrouperLoaderJob.java:571)
at edu.internet2.middleware.grouper.app.loader.GrouperLoader.runJobOnceForGroup(GrouperLoader.java:1008)
at edu.internet2.middleware.grouper.app.gsh.loaderRunOneJob.invoke(loaderRunOneJob.java:57)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:622)
at bsh.Reflect.invokeMethod(Unknown Source)
at bsh.Reflect.invokeStaticMethod(Unknown Source)
at bsh.Reflect.invokeCompiledCommand(Unknown Source)
at bsh.Name.invokeLocalMethod(Unknown Source)
at bsh.Name.invokeMethod(Unknown Source)
at bsh.BSHMethodInvocation.eval(Unknown Source)
at bsh.BSHPrimaryExpression.eval(Unknown Source)
at bsh.BSHPrimaryExpression.eval(Unknown Source)
at bsh.Interpreter.eval(Unknown Source)
at bsh.Interpreter.eval(Unknown Source)
at bsh.Interpreter.eval(Unknown Source)
at edu.internet2.middleware.grouper.app.gsh.ShellHelper.eval(ShellHelper.java:63)
at edu.internet2.middleware.grouper.app.gsh.GrouperShell.run(GrouperShell.java:429)
at edu.internet2.middleware.grouper.app.gsh.GrouperShell.grouperShellHelper(GrouperShell.java:232)
at edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:162)
at edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
2016-08-03 08:54:52,403: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(1948) - - loader:refDisabledAccounts start syncing membership
2016-08-03 08:54:52,403: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(1964) - - loader:refDisabledAccounts syncing 0 rows
2016-08-03 08:54:52,405: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2077) - - Done assigning privilege to related groups: loader:refDisabledAccounts
2016-08-03 08:54:52,412: [main] INFO GrouperLoaderType.syncOneGroupMembership(2347) - - loader:refDisabledAccounts done syncing membership, processed 0 records. Total members: 0, inserts: 0, deletes: 0
--
2016-08-03 08:54:52,400: [main] DEBUG AbstractResultHandler.process(95) - - Ignoring naming exception
javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3084)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2785)
at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:147)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:216)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189)
at edu.vt.middleware.ldap.handler.AbstractResultHandler.process(AbstractResultHandler.java:83)
at edu.vt.middleware.ldap.AbstractLdap.search(AbstractLdap.java:231)
at edu.vt.middleware.ldap.Ldap.search(Ldap.java:431)
at edu.vt.middleware.ldap.Ldap.search(Ldap.java:347)
at edu.vt.middleware.ldap.Ldap.search(Ldap.java:273)
at edu.internet2.middleware.grouper.ldap.LdapSession$1.callback(LdapSession.java:289)
at edu.internet2.middleware.grouper.ldap.LdapSession.callbackLdapSession(LdapSession.java:236)
at edu.internet2.middleware.grouper.ldap.LdapSession.list(LdapSession.java:271)
at edu.internet2.middleware.grouper.app.loader.db.GrouperLoaderResultset.<init>(GrouperLoaderResultset.java:345)
at edu.internet2.middleware.grouper.app.loader.GrouperLoaderType$6.runJob(GrouperLoaderType.java:746)
at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.runJobLdap(GrouperLoaderJob.java:571)
at edu.internet2.middleware.grouper.app.loader.GrouperLoader.runJobOnceForGroup(GrouperLoader.java:1008)
at edu.internet2.middleware.grouper.app.gsh.loaderRunOneJob.invoke(loaderRunOneJob.java:57)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:622)
at bsh.Reflect.invokeMethod(Unknown Source)
at bsh.Reflect.invokeStaticMethod(Unknown Source)
at bsh.Reflect.invokeCompiledCommand(Unknown Source)
at bsh.Name.invokeLocalMethod(Unknown Source)
at bsh.Name.invokeMethod(Unknown Source)
at bsh.BSHMethodInvocation.eval(Unknown Source)
at bsh.BSHPrimaryExpression.eval(Unknown Source)
at bsh.BSHPrimaryExpression.eval(Unknown Source)
at bsh.Interpreter.eval(Unknown Source)
at bsh.Interpreter.eval(Unknown Source)
at bsh.Interpreter.eval(Unknown Source)
at edu.internet2.middleware.grouper.app.gsh.ShellHelper.eval(ShellHelper.java:63)
at edu.internet2.middleware.grouper.app.gsh.GrouperShell.run(GrouperShell.java:429)
at edu.internet2.middleware.grouper.app.gsh.GrouperShell.grouperShellHelper(GrouperShell.java:232)
at edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:162)
at edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
2016-08-03 08:54:52,403: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(1948) - - loader:refDisabledAccounts start syncing membership
2016-08-03 08:54:52,403: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(1964) - - loader:refDisabledAccounts syncing 0 rows
2016-08-03 08:54:52,405: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2077) - - Done assigning privilege to related groups: loader:refDisabledAccounts
2016-08-03 08:54:52,412: [main] INFO GrouperLoaderType.syncOneGroupMembership(2347) - - loader:refDisabledAccounts done syncing membership, processed 0 records. Total members: 0, inserts: 0, deletes: 0
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
336-334-5954
PGP Key ID B36DB0CA
- [grouper-users] Grouper Loader LDAP and AD page size limitations, Rob Gorrell, 08/03/2016
- RE: [grouper-users] Grouper Loader LDAP and AD page size limitations, Hyzer, Chris, 08/04/2016
Archive powered by MHonArc 2.6.19.