We are working for a client and they have 11000 users in AD. From ambari, I tried ldap sync using the command
ambari-server sync-ldap --all
but I get the following error as:
Syncing all....................................................ERROR: Exiting with exit code 1. REASON: Caught exception running LDAP sync. [LDAP: error code 4 - Sizelimit Exceeded]; nested exception is javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded];
Please help what property should I need to add in ambari properties file.
Ldap has 1000 users sync limit by default. For some very old version of Ambari similar issue is reported :
What is your ambari version & Which LDAP ?
By default, Active Directory does not respond to LDAP based queries which return more than 1000 results. If you have more than 1000 users configured in Active Directory, it is necessary to increase the maximum page size (MaxPageSize) using the Ntdsutil.exe tool.
Please check microsoft doc which explains about the "MaxPageSize" as following:
MaxPageSize - This value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSize value. To summarize, MaxPageSize controls the number of objects that are returned in a single search result. Default value: 1,000
Or as an alternative approach you can get the users list in the "users.txt" file and then try as following:
ambari-server sync-ldap --users users.txt
Use this option to synchronize a specific set of users and groups from LDAP into Ambari. Provide the command a text file of comma-separated users and groups.
Also as per the below link: https://docs.hortonworks.com/HDPDocuments/Ambari-188.8.131.52/bk_Ambari_Security_Guide/content/_synchroni...
LDAP sync only syncs up-to-1000 users. If your LDAP contains over 1000 users and you plan to import over 1000 users, you must use the --users option when syncing and specify a filtered list of users to perform import in batches.