Online demo
Download
Contact

Because information matters

  • LDAP error code 4 - Sizelimit exceeded

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
It is currently Sun Apr 19, 2026 3:06 pm

LDAP error code 4 - Sizelimit exceeded

OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 Reply

LDAP error code 4 - Sizelimit exceeded

 #11905  by martman22
 
Hello,
It appears there are limits on AD for searches in LDAP and our user base is quite large. I am getting the above errors in the logs. Is there a way to implement "page mode" in OpenKM searches?
Thanks.

Re: LDAP error code 4 - Sizelimit exceeded

 #11931  by jllort
 
can you post server.log

could you investigate if there's some ldap configuration parameter to increate it ?

Re: LDAP error code 4 - Sizelimit exceeded

 #12092  by martman22
 
Here is a sample of the error code from the logs:
Code: Select all
2011-08-17 15:56:13,764 ERROR [STDERR] javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'cn=users,dc=ebd_domain,dc=spi'
2011-08-17 15:56:13,764 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3084)
2011-08-17 15:56:13,764 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
2011-08-17 15:56:13,764 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2785)
2011-08-17 15:56:13,764 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:147)
2011-08-17 15:56:13,764 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:216)
2011-08-17 15:56:13,764 ERROR [STDERR] 	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189)
2011-08-17 15:56:13,764 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.ldapSearch(LdapPrincipalAdapter.java:202)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at com.openkm.principal.LdapPrincipalAdapter.getUsers(LdapPrincipalAdapter.java:57)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at com.openkm.module.direct.DirectAuthModule.getUsers(DirectAuthModule.java:765)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at com.openkm.api.OKMAuth.getUsers(OKMAuth.java:134)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at com.openkm.servlet.frontend.AuthServlet.getAllUsers(AuthServlet.java:524)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at java.lang.reflect.Method.invoke(Method.java:616)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:562)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:207)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:243)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
2011-08-17 15:56:13,765 ERROR [STDERR] 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
2011-08-17 15:56:13,766 ERROR [STDERR] 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
2011-08-17 15:56:13,766 ERROR [STDERR] 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
2011-08-17 15:56:13,766 ERROR [STDERR] 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
2011-08-17 15:56:13,766 ERROR [STDERR] 	at java.lang.Thread.run(Thread.java:636)
For now we deleted some of the users and that fixed the problem, but I know we are even now very close to the limit. Supposedly you can narrow the search parameters to limit the objects searched. I need to explore that possibility more.

Re: LDAP error code 4 - Sizelimit exceeded

 #12291  by jllort
 
If you solve it, please post here the solution and will add in our wiki documentation, that could help other users in future, thanks.

Re: LDAP error code 4 - Sizelimit exceeded

 #17207  by agm
 
Hi,

I have the same problem, I dont know if it's very important to solve because I notice no changes/problem inside OpenKM.... I am testing but any suggets is very welcome.

Regards

Re: LDAP error code 4 - Sizelimit exceeded

 #17209  by jllort
 
That's some ldap configuration parameters ( investigate how to change it, because in some place you got the limit that results can not be more than 1000 ).

Re: LDAP error code 4 - Sizelimit exceeded

 #17214  by agm
 
Yes it is. I've solved the problem. It is common for LDAP with a lot of users. My problem was that my bindDN has size limit for each ldap query [1]. The solution is set to bindDN a grat limit, for example:

limits dn.exact="cn=reader,ou=accounts,ou=admins,dc=example,dc=com" size=100000

More info is in http://www.openldap.org/doc/admin24/limits.html

Regards.

[1] You can check it with ldapsearch, for example: ldapsearch -h 1.2.3.4 -b ou=people,dc=example,dc=com -D "cn=reader,ou=accounts,ou=admins,dc=example,dc=com" -w YOURPASS. You will get at the end something like:
# search result
search: 2
result: 4 Size limit exceeded

Re: LDAP error code 4 - Sizelimit exceeded

 #17221  by jllort
 
I have added in our documentation section http://wiki.openkm.com/index.php/Troubl ... t_exceeded

Only a question, in openkm configuration parameters in which way you have added the size parameters ? that's not clear for me, or you have changed some ldap internal parameter ?
Code: Select all
limits dn.exact="cn=reader,ou=accounts,ou=admins,dc=example,dc=com" size=100000

Re: LDAP error code 4 - Sizelimit exceeded

 #17224  by agm
 
I only change LDAP internal parameter. There is not problem of OpenKM; only of bindDN user in OpenLDAP server.

<off-topic>I change Configure_JBoss_service in wiki to add "sudo chown -R openkm /home/openkm" because jboss script inside init.d not start if OpenKM dir have other owner that "openkm" user (typically root because is the common user to install any app)<off-topic>

Regards =)

Re: LDAP error code 4 - Sizelimit exceeded

 #17236  by jllort
 
Thanks, I have added more detailed description in wiki.

About openkm user, really we asume some administrator good practice. One is, as you told, use openkm user to run application ( not root ). Normally in our installations we create the a openkm user and all application is executed under this user.
 Reply
 Return to “Configuration”

Favorites

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.

Powered By phpBB -
 ©OpenKM 2021
 - All times are UTC -