Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

LDAP: error code 4 - Sizelimit Exceeded - KNOX

avatar
Super Collaborator

Hi,

I got an error that sizelimit of my search base in Knox exceeded. Is there any possibility to expand the limit? I use the same LDAP searchbase for Ranger and everything is ok, so it is a Knox problem, not AD/LDAP (I read that I need to expand it in LDAP Admin).

Thank you in advance! 🙂

1 ACCEPTED SOLUTION

avatar
Super Guru
@Edgar Daeds

This seems to be an issue with knox only if search query result goes over 1000 (can you check your search count?), I believe this is not yet fixed and only workaround is to narrow down the ldap base search query.

View solution in original post

7 REPLIES 7

avatar
Super Guru

Hi @Edgar Daeds

It might be a limitation with Knox, can you share your Ambari & HDP version?

avatar
Super Collaborator

Your AD / LDAP server will have a limit set somewhere and when you're using the ldapsearch command, you can add a limit also. Curious to know the size of your result set using the given search base.

avatar
Super Collaborator
@Jitendra Yadav

I am using HDP 2.3.2 with Ambari 2.1.1

@bhagan

But why this limit restricts to Knox only. I have the same search bases in beeline and Ranger and it works.

Thank you for answers

avatar
Super Guru
@Edgar Daeds

This seems to be an issue with knox only if search query result goes over 1000 (can you check your search count?), I believe this is not yet fixed and only workaround is to narrow down the ldap base search query.

avatar
Cloudera Employee

I can confirm that. I had an issue similar to this recently. That was the only resolution. Knox currently does not have LDAP search filter functionality, so it requires you to narrow LDAP base.

avatar
Super Collaborator

Thank you guys! I have got the limit up to 1000.

avatar
Super Collaborator

Is this fixed in HDP2.5? Knox 0.9.0

I mean is there a possibility in the new version to filter AD groups? I have over 1000 groups in AD and when Knox tries to authenticate me, AD returns an error "Size limit exceeded".