Page 1 of 1
Cmap has problems with ldap servers with global read limits.
Posted: Mon Dec 06, 2010 1:47 am
by spryfrog
On a CmapServer with LDAP authentication, searching for users in the LDAP directory may cause too many entries to be returned, resulting in an error message "Problem communicating with user directory". My ldap server is not under my control and there is no possibility of removing the ldap server's global read limit. How and where do I create a more specific ldap search/bind query?
CmapServer 5.04
Windows server 2008 r2
Re: Cmap has problems with ldap servers with global read limits.
Posted: Mon Dec 06, 2010 6:43 pm
by acanas
Try setting the following parameter in the serverconfig.txt configuration file (located in the "bin" directory where the CmapServer was installed).
ldap.user.directory.maxResults=100
(or whatever number your server allows)
The default maximum is 500.
Re: Cmap has problems with ldap servers with global read limits.
Posted: Tue Dec 07, 2010 12:37 am
by spryfrog
Thanks acanas.
I've added that to my serverconfig.txt and restarted the cmap service but it still has the same problem. Here's the output from the tomcat logs when I tried searching the user directory.
LogAdmin:addHandler:: added.
[07/Dec/2010:15:33:25] [ConnHandlerCache-1-Thread-1] (139.86.55.226:53613)::TalkToService::AdminService: (0 ms.)
[07/Dec/2010:15:33:29] [ConnHandlerCache-1-Thread-1] (139.86.35.183:4138) RS::handleHashtable: function == getPrincipals
[07/Dec/2010:15:33:29] [ConnHandlerCache-1-Thread-1] (139.86.35.183:4138)::Resource::getPrincipals::Send reply::CLOSED: (4375 ms.)
Hope this helps.
Re: Cmap has problems with ldap servers with global read limits.
Posted: Tue Dec 07, 2010 5:37 pm
by jlott
From your original error message, it appears that you are getting an error message in the client when you do the search: "Problem communicating with user directory". However, it is not clear if the problem is really that there are too many results. This is a general error message which could be indicative of a number of problems.
If you enter some search terms, to narrow the scope of the search (e.g. first name), do you get some results, or does it give the same error message?
To better identify the error, after reproducing the problem, could you please post the last page or so of your CmapTools client logfile? The logfiles are located in your home folder under the CmapToolsLogs directory.
Re: Cmap has problems with ldap servers with global read limits.
Posted: Tue Dec 07, 2010 6:24 pm
by spryfrog
Thanks for the tip about the client log files, I was completely focusing on the server logs. Anyway, I found them and here's an extract that you might find interesting.
Caused by: nlk.acl.directory.DirectoryXcp: javax.naming.LimitExceededException: [LDAP: error code 11 - Administrative Limit Exceeded]; remaining name 'dc=usq,dc=edu,dc=au'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
I'll submit the whole log file for inspection.
Re: Cmap has problems with ldap servers with global read limits.
Posted: Wed Dec 08, 2010 1:16 pm
by jlott
Thanks for the log, this is very helpful. We've identified the issue and will try to resolve it in an upcoming release.
For now, the only workaround is to enter more specific search terms when searching for users via the CmapTools client.
Re: Cmap has problems with ldap servers with global read limits.
Posted: Wed Dec 08, 2010 7:28 pm
by spryfrog
No problem, glad to help improve this great software. Is there a possibilty of a quick patch or something? I have a project with Cmap that completely relies on ldap access and without it we won't be able to move forward until a new Cmap version is released. No pressure.