Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Grouper Loader LDAP and AD page size limitations

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Grouper Loader LDAP and AD page size limitations


Chronological Thread 
  • From: Rob Gorrell <>
  • To: "" <>
  • Subject: [grouper-users] Grouper Loader LDAP and AD page size limitations
  • Date: Wed, 3 Aug 2016 09:20:27 -0400

I was trying to do a SIMPLE_LDAP loader job to load the disabled users in our AD (userAccountControl attrb) and couldn't figure out why it failed to load any members. After searching around a bit I realized we have over 1000 disabled users matching this LDAP query and it remembered AD has a default server-side limit of 1000 entries as the maximum number of results that are returned in a single LDAP request. Sure enough, when I enabled debug logging, I see grouper hitting a Sizelimit Exceeded. So, my question is, without modifying my LDAP filter to return less than 1000 results, is there a way to make Grouper LDAP client do some sort of Paged Results control so I can load large groups against an AD LDAP directory?


2016-08-03 08:54:52,400: [main] DEBUG AbstractResultHandler.process(95) -  - Ignoring naming exception
javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name ''
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3084)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2785)
        at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:147)
        at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:216)
        at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189)
        at edu.vt.middleware.ldap.handler.AbstractResultHandler.process(AbstractResultHandler.java:83)
        at edu.vt.middleware.ldap.AbstractLdap.search(AbstractLdap.java:231)
        at edu.vt.middleware.ldap.Ldap.search(Ldap.java:431)
        at edu.vt.middleware.ldap.Ldap.search(Ldap.java:347)
        at edu.vt.middleware.ldap.Ldap.search(Ldap.java:273)
        at edu.internet2.middleware.grouper.ldap.LdapSession$1.callback(LdapSession.java:289)
        at edu.internet2.middleware.grouper.ldap.LdapSession.callbackLdapSession(LdapSession.java:236)
        at edu.internet2.middleware.grouper.ldap.LdapSession.list(LdapSession.java:271)
        at edu.internet2.middleware.grouper.app.loader.db.GrouperLoaderResultset.<init>(GrouperLoaderResultset.java:345)
        at edu.internet2.middleware.grouper.app.loader.GrouperLoaderType$6.runJob(GrouperLoaderType.java:746)
        at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.runJobLdap(GrouperLoaderJob.java:571)
        at edu.internet2.middleware.grouper.app.loader.GrouperLoader.runJobOnceForGroup(GrouperLoader.java:1008)
        at edu.internet2.middleware.grouper.app.gsh.loaderRunOneJob.invoke(loaderRunOneJob.java:57)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:622)
        at bsh.Reflect.invokeMethod(Unknown Source)
        at bsh.Reflect.invokeStaticMethod(Unknown Source)
        at bsh.Reflect.invokeCompiledCommand(Unknown Source)
        at bsh.Name.invokeLocalMethod(Unknown Source)
        at bsh.Name.invokeMethod(Unknown Source)
        at bsh.BSHMethodInvocation.eval(Unknown Source)
        at bsh.BSHPrimaryExpression.eval(Unknown Source)
        at bsh.BSHPrimaryExpression.eval(Unknown Source)
        at bsh.Interpreter.eval(Unknown Source)
        at bsh.Interpreter.eval(Unknown Source)
        at bsh.Interpreter.eval(Unknown Source)
        at edu.internet2.middleware.grouper.app.gsh.ShellHelper.eval(ShellHelper.java:63)
        at edu.internet2.middleware.grouper.app.gsh.GrouperShell.run(GrouperShell.java:429)
        at edu.internet2.middleware.grouper.app.gsh.GrouperShell.grouperShellHelper(GrouperShell.java:232)
        at edu.internet2.middleware.grouper.app.gsh.GrouperShell.main(GrouperShell.java:162)
        at edu.internet2.middleware.grouper.app.gsh.GrouperShellWrapper.main(GrouperShellWrapper.java:31)
2016-08-03 08:54:52,403: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(1948) -  - loader:refDisabledAccounts start syncing membership
2016-08-03 08:54:52,403: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(1964) -  - loader:refDisabledAccounts syncing 0 rows
2016-08-03 08:54:52,405: [main] DEBUG GrouperLoaderType.syncOneGroupMembership(2077) -  - Done assigning privilege to related groups: loader:refDisabledAccounts
2016-08-03 08:54:52,412: [main] INFO  GrouperLoaderType.syncOneGroupMembership(2347) -  - loader:refDisabledAccounts done syncing membership, processed 0 records.  Total members: 0, inserts: 0, deletes: 0


--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA



Archive powered by MHonArc 2.6.19.

Top of Page