Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ambari sync ldap issue:Caught exception running LDAP sync

Ambari sync ldap issue:Caught exception running LDAP sync

Contributor

Hi Team,

We are working for a client and they have 11000 users in AD. From ambari, I tried ldap sync using the command

ambari-server sync-ldap --all

but I get the following error as:

Syncing all....................................................ERROR: Exiting with exit code 1.
REASON:
 Caught exception running LDAP sync. [LDAP: error code 4 - Sizelimit 
Exceeded]; nested exception is javax.naming.SizeLimitExceededException: 
[LDAP: error code 4 - Sizelimit Exceeded];

Please help what property should I need to add in ambari properties file.

Thanks,

Rahul

4 REPLIES 4
Highlighted

Re: Ambari sync ldap issue:Caught exception running LDAP sync

Super Mentor

Rahul Buragohain

Ldap has 1000 users sync limit by default. For some very old version of Ambari similar issue is reported :

https://issues.apache.org/jira/browse/AMBARI-10513

What is your ambari version & Which LDAP ?

Highlighted

Re: Ambari sync ldap issue:Caught exception running LDAP sync

Contributor

@Jay SenSharma

I am using ambari 2.2.2 and I am fetching users from Active Directory LDAP

Highlighted

Re: Ambari sync ldap issue:Caught exception running LDAP sync

Super Mentor

@Rahul Buragohain

By default, Active Directory does not respond to LDAP based queries which return more than 1000 results. If you have more than 1000 users configured in Active Directory, it is necessary to increase the maximum page size (MaxPageSize) using the Ntdsutil.exe tool.

Please check microsoft doc which explains about the "MaxPageSize" as following:

MaxPageSize - This value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSize value. To summarize, MaxPageSize controls the number of objects that are returned in a single search result.

Default value: 1,000

https://support.microsoft.com/en-us/kb/315071

Highlighted

Re: Ambari sync ldap issue:Caught exception running LDAP sync

Super Mentor

Or as an alternative approach you can get the users list in the "users.txt" file and then try as following:

ambari-server sync-ldap --users users.txt

Use this option to synchronize a specific set of users and groups from LDAP into Ambari. Provide the command a text file of comma-separated users and groups.

https://docs.hortonworks.com/HDPDocuments/Ambari-2.2.2.0/bk_Ambari_Security_Guide/content/_specific_...

.

Also as per the below link: https://docs.hortonworks.com/HDPDocuments/Ambari-2.2.2.0/bk_Ambari_Security_Guide/content/_synchroni...

LDAP sync only syncs up-to-1000 users. If your LDAP contains over 1000 
users and you plan to import over 1000 users, you must use the --users 
option when syncing and specify a filtered list of users to perform 
import in batches. 

.

Don't have an account?
Coming from Hortonworks? Activate your account here