Project

General

Profile

Actions

Task #2649

open

Error caused by more than 10000 groups or users in AD

Added by David Štekl almost 4 years ago. Updated over 3 years ago.

Status:
New
Priority:
High
Assignee:
David Štekl
Target version:
-
Start date:
01/15/2021
Due date:
% Done:

40%

Estimated time:
Owner:

Description

If there are more than 10000 groups in AD and "Base contexts for group entry searches" is set for OU=COMPANY,DC=ad,DC=COMPANY,DC=cz(root OU). Synchronization from system fails on error - [LDAP: error code 12 - 000020EF: SvcErr: DSID-03140552, problem 5010 (UNAVAIL_EXTENSION), data 0]; remaining name 'OU=COMPANY,DC=ad,DC=COMPANY,DC=cz'

The same error occurs also after synchronization for more than 10,000 users [LDAP: error code 12 - 000020EF: SvcErr: DSID-03140594, problem 5010 (UNAVAIL_EXTENSION), data 0]; remaining name 'OU=COMPANY,DC=ad,DC=COMPANY,DC=cz'

For now, the error is solved as follows:
Separate ldap search with "Base context for group entry searches" and divide it into smaller searches(each line with one OU):
  • OU=001OU,OU=COMPANY,DC=ad,DC=COMPANY,DC=cz
  • OU=002OU,OU=COMPANY,DC=ad,DC=COMPANY,DC=cz
  • OU=003OU,OU=COMPANY,DC=ad,DC=COMPANY,DC=cz

Another way to solve this problem is by using "Custom group search filter" in the system configuration.

Actions

Also available in: Atom PDF