1 Reply Latest reply on Nov 6, 2000 9:00 PM by 3004

    Large LDAP directories (>10K users)

    3004

      Anyone used LDAP with very large directories?

      I'm experiencing a problem with my directory. When I connect the LDAP Realm to a small directory (by changing the root) the Realm works normally.
      However, when I connect the realm to a directory service which has a very large number of users (>10K) then the Realm throws the following exception,
      when accessing the users in either the console or in the AdminServlet:

      Mon Nov 06 19:03:42 GMT+00:00 2000:<E> <Adapter> Exception thrown by rmi server: [-7985721359852316035Sxxx..xxx.xxx.xxx:[7001,7001,7002,7002,7001,-1]/303]
      javax.naming.LimitExceededException: [LDAP: error code 11 - Administrative Limit Exceeded]; remaining name ''
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2648)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2509)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2319)
      at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1559)
      at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1494)
      at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:375)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:335)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:320)
      at weblogic.security.ldaprealm.LDAPDelegate.search(LDAPDelegate.java:257)
      at weblogic.security.ldaprealm.LDAPDelegate.search(LDAPDelegate.java:263)
      at weblogic.security.ldaprealm.LDAPDelegate.getUsers(LDAPDelegate.java, Compiled Code)
      at weblogic.security.ldaprealm.LDAPRealm.getUsers(LDAPRealm.java:64)
      at weblogic.security.acl.CachingRealm.getUsers(CachingRealm.java:2325)
      at weblogic.security.acl.internal.RealmMO.getManagedProperties(RealmMO.java:182)
      at weblogic.common.managedobject.WLSkel4s2u685o2j2t4n5j5e263h4124q4q4e.invoke(WLSkel4s2u685o2j2t4n5j5e263h4124q4q4e.java, Compiled Code)
      at weblogic.rmi.extensions.BasicServerObjectAdapter.invoke(BasicServerObjectAdapter.java, Compiled Code)
      at weblogic.rmi.extensions.BasicRequestHandler.handleRequest(BasicRequestHandler.java, Compiled Code)
      at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java, Compiled Code)
      at weblogic.kernel.ExecuteThread.run(ExecuteThread.java, Compiled Code)
      --------------- nested within: ------------------
      weblogic.security.ldaprealm.LDAPException: could not get user list - with nested exception:
      [javax.naming.LimitExceededException: [LDAP: error code 11 - Administrative Limit Exceeded]; remaining name '']
      at weblogic.security.ldaprealm.LDAPDelegate.getUsers(LDAPDelegate.java, Compiled Code)
      at weblogic.security.ldaprealm.LDAPRealm.getUsers(LDAPRealm.java:64)
      at weblogic.security.acl.CachingRealm.getUsers(CachingRealm.java:2325)
      at weblogic.security.acl.internal.RealmMO.getManagedProperties(RealmMO.java:182)
      at weblogic.common.managedobject.WLSkel4s2u685o2j2t4n5j5e263h4124q4q4e.invoke(WLSkel4s2u685o2j2t4n5j5e263h4124q4q4e.java, Compiled Code)
      at weblogic.rmi.extensions.BasicServerObjectAdapter.invoke(BasicServerObjectAdapter.java, Compiled Code)
      at weblogic.rmi.extensions.BasicRequestHandler.handleRequest(BasicRequestHandler.java, Compiled Code)
      at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java, Compiled Code)
      at weblogic.kernel.ExecuteThread.run(ExecuteThread.java, Compiled Code)

      We're using Netscape Directory Server 4.1, with WLS 5.1 SP6. The LDAP config works fine with small directories (~100) but fails on ~10,000.....

      Cheers,
      Andy
        • 1. Re: Large LDAP directories (>10K users)
          3004

          OK. Further investigation reveals that if we set the SIZE LIMIT property in Netscape Directory Server to be a
          low value (e.g. 3) we get a SIZE LIMIT EXCEEDED exception when we browse a small directory.

          javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name ''

          Our current hypothesis is that the ADMINISTRATIVE LIMIT EXCEEDED exception is also a directory server
          configuration parameter being exceeded. Unfortunately on our test rig we don't have a large directory to test
          configuration parameters. Would anyone like to point us in the right direction for tracking this down?

          Cheers,
          Andy


          "Andy Winskill" <awinskill@hotmail.com> wrote:
          >
          Anyone used LDAP with very large directories?

          I'm experiencing a problem with my directory. When I connect the LDAP Realm to a small directory (by changing the root) the Realm works normally.
          However, when I connect the realm to a directory service which has a very large number of users (>10K) then the Realm throws the following exception,
          when accessing the users in either the console or in the AdminServlet:

          Mon Nov 06 19:03:42 GMT+00:00 2000:<E> <Adapter> Exception thrown by rmi server: [-7985721359852316035Sxxx..xxx.xxx.xxx:[7001,7001,7002,7002,7001,-1]/303]
          javax.naming.LimitExceededException: [LDAP: error code 11 - Administrative Limit Exceeded]; remaining name ''
          at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2648)
          at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2509)
          at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2319)
          at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1559)
          at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1494)
          at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:375)
          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:335)
          at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:320)
          at weblogic.security.ldaprealm.LDAPDelegate.search(LDAPDelegate.java:257)
          at weblogic.security.ldaprealm.LDAPDelegate.search(LDAPDelegate.java:263)
          at weblogic.security.ldaprealm.LDAPDelegate.getUsers(LDAPDelegate.java, Compiled Code)
          at weblogic.security.ldaprealm.LDAPRealm.getUsers(LDAPRealm.java:64)
          at weblogic.security.acl.CachingRealm.getUsers(CachingRealm.java:2325)
          at weblogic.security.acl.internal.RealmMO.getManagedProperties(RealmMO.java:182)
          at weblogic.common.managedobject.WLSkel4s2u685o2j2t4n5j5e263h4124q4q4e.invoke(WLSkel4s2u685o2j2t4n5j5e263h4124q4q4e.java, Compiled Code)
          at weblogic.rmi.extensions.BasicServerObjectAdapter.invoke(BasicServerObjectAdapter.java, Compiled Code)
          at weblogic.rmi.extensions.BasicRequestHandler.handleRequest(BasicRequestHandler.java, Compiled Code)
          at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java, Compiled Code)
          at weblogic.kernel.ExecuteThread.run(ExecuteThread.java, Compiled Code)
          --------------- nested within: ------------------
          weblogic.security.ldaprealm.LDAPException: could not get user list - with nested exception:
          [javax.naming.LimitExceededException: [LDAP: error code 11 - Administrative Limit Exceeded]; remaining name '']
          at weblogic.security.ldaprealm.LDAPDelegate.getUsers(LDAPDelegate.java, Compiled Code)
          at weblogic.security.ldaprealm.LDAPRealm.getUsers(LDAPRealm.java:64)
          at weblogic.security.acl.CachingRealm.getUsers(CachingRealm.java:2325)
          at weblogic.security.acl.internal.RealmMO.getManagedProperties(RealmMO.java:182)
          at weblogic.common.managedobject.WLSkel4s2u685o2j2t4n5j5e263h4124q4q4e.invoke(WLSkel4s2u685o2j2t4n5j5e263h4124q4q4e.java, Compiled Code)
          at weblogic.rmi.extensions.BasicServerObjectAdapter.invoke(BasicServerObjectAdapter.java, Compiled Code)
          at weblogic.rmi.extensions.BasicRequestHandler.handleRequest(BasicRequestHandler.java, Compiled Code)
          at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java, Compiled Code)
          at weblogic.kernel.ExecuteThread.run(ExecuteThread.java, Compiled Code)

          We're using Netscape Directory Server 4.1, with WLS 5.1 SP6. The LDAP config works fine with small directories (~100) but fails on ~10,000.....

          Cheers,
          Andy