Highlighted
Contributor.
Contributor.
446 views

Unable to configure LDAP due to MaxPageSize 1000 Limit on MS Active Directory

Jump to solution

Our uCMDB version 10.01 CUP9.635 on Windows 2008 R2 server has been working fine using LDAP authentication with Active Directory.  We are in the process of migrating to a new AD due to our consolidation with another organization.

 

Our new group's OU now contains over 1000 objects and we are unable to map groups within the admin console in the Security - LDAP Mapping section.  We receive a LDAP is not configured correctly message but the logs show that is it receiving data from the new AD up to 1000 objects.  The wireshark capture data shows the AD is throwing a sizelimitexceeded packet right after the 1000 object.  

 

After confirming this with our Windows Engineering group about the AD limit with the MaxPageSize attribute which limits LDAP query search results to 1000 objects, they are not willing to increase the MaxPageSize option on the AD due to possible performance issues.  They suggest that the application changes the way it calls LDAP to request the next page or call it a page at a time.  Is this possible with uCMDB?

 

We can kludge this and use a different OU and put the group information for uCMDB in there but......

 

Has anyone else run into this issue?

0 Likes
1 Solution

Accepted Solutions
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Unable to configure LDAP due to MaxPageSize 1000 Limit on MS Active Directory

Jump to solution

John;

 

I would look at restricting the groups with the groups search filter.  See the attached document on this... I has some examples.

Hope this helps,
Keith Paschal
UCMDB Worldwide Support Lead
Micro Focus Support
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution."

Click the KUDOS star on the left to say 'Thanks'

View solution in original post

0 Likes
2 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Unable to configure LDAP due to MaxPageSize 1000 Limit on MS Active Directory

Jump to solution

John;

 

I would look at restricting the groups with the groups search filter.  See the attached document on this... I has some examples.

Hope this helps,
Keith Paschal
UCMDB Worldwide Support Lead
Micro Focus Support
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution."

Click the KUDOS star on the left to say 'Thanks'

View solution in original post

0 Likes
Highlighted
Contributor.
Contributor.

Re: Unable to configure LDAP due to MaxPageSize 1000 Limit on MS Active Directory

Jump to solution

Thank you. The document explained everything clearly.  We are able to filter by selected groups now.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.