At one of my client’s IAM implementation, they have more than 50,000 external users connecting to OID. One of the requirement was to retrieve all attribute details for all users in test environment but ldapsearch for the same resulted in Sizelimit Exceeded error.
To give a bit more background of the issue, the users connect via an application and there are admin users which can perform admin related operations for all users of that application. So the admin user tried retrieving the attributes for all users via application and that got errored out after retrieving 10,000 records. So to replicate the issue, I did ldapsearch command using the same admin user.
The root cause for the above error is that ldapsearch is being done by using one of the other admin account apart from orcladmin account which is being restricted by ‘size_limit’ settings. Account orcladmin is not affected by any ‘size_limit‘ settings.
So, if i do ldapsearch using orcladmin account, it retrieves all the 50,000 users.
To resolve above error,
1. Login to the 11g FMW EM console as ‘weblogic’ administrator.
2. Expand ‘Identity and Access‘ and click on OID instance which has the problem (e.g., oid1)
3. In LOV pulldown, select Administration | Server Properties
4. In General tab, notice the top attribute “Maximum number of entries to be returned by a search“
> by default, that is set to 10000
> increase that value to be a bit larger than your expected ‘ldapsearch‘ output
5. Re-run the ‘ldapsearch‘ (does not require a bounce of instance) or try it from application in my case.
If you have Oracle Virtual Directory (OVD) too in your IAM implementation, you might need to do additional steps mention here.
If you encounter any issues or need any help with Identity Management, feel free to contact me on Sumit@OraWorld.co.uk
If you want to know when I have shared new blog posts, you can Subscribe below or Follow me on Twitter.[jetpack_subscription_form]