Issue
If you are using an LDAP connection with your CQ server you may notice that the LDAP users are not imported correctly to CQ with a warning similar to the following in the error.log:
09.11.2012 10:22:57.624 *WARN* POST /system/console/jmx/com.adobe.granite.ldap…DTools/op/syncAllUsers/ HTTP/1.1 com.day.crx.security.ldap.principals.LDAPPrincipalProvider Error finding user * com.day.crx.security.ldap.LDAPRepositoryException: LDAP error: com.day.ldap.LDAPException: error result (4); Sizelimit exceeded
at com.day.crx.security.ldap.principals.LDAPPrincipalProvider.findUser(LDAPPrincipalProvider.java:396)
at com.day.crx.security.ldap.principals.LDAPPrincipalProvider.findPrincipals(LDAPPrincipalProvider.java:553)
at com.day.crx.security.ldap.LDAPUserSync.syncAllUsers(LDAPUserSync.java:182)
at com.day.crx.security.ldap.LDAPSynchronization$Directory.syncAllUsers(LDAPSynchronization.java:283)
at com.day.crx.security.ldap.jmx.LDAPUserMBean.syncAllUsers(LDAPUserMBean.java:117)
at com.day.crx.security.ldap.jmx.LDAPUserMBean.invoke(LDAPUserMBean.java:187)
…
09.11.2012 10:22:57.625 *INFO* POST /system/console/jmx/com.adobe.granite.ldap…Tools/op/syncAllUsers/ HTTP/1.1] com.day.crx.security.ldap.LDAPUserSync LDAP synchronization: 0 of 0 users synchronized in 0 seconds
Reason
This error is caused by your LDAP settings. In ActiveDirectory (AD), for example, there is a maxpagesize limit set to 1000 by default. This is the maximum number of results returned for any given LDAP query, including CQ user synchronization. For more information see: http://support.microsoft.com/kb/315071?wa=wsignin1.0
Solution
You have a few options to avoid this problem:
- ask your LDAP administrator to increase the maxpagesize on your LDAP server
- use filters in your LDAP queries to reduce the number of LDAP entries returned so that you do not hit this limit
reference: (40240/CRX-3043)
CQ5: "LDAPException: error result (4); Sizelimit exceeded" when synchronizing users,
Comments
Nice post!
I think that I use that great article to my homework