Cmap has problems with ldap servers with global read limits.

Having problems with IHMC CmapServer? Think you have found a bug? Let us know!
Forum rules
Before you post a problem or bug, please be sure you have included the version number of IHMC CmapServer, the operating system and version, the amount of RAM, and any other information that allows us to be able to replicate the problem you are having. (i.e. what were you doing when the problem occur? were you running another program (application) by the time you have the problem?)
Post Reply
spryfrog
Posts: 4
Joined: Mon Dec 06, 2010 1:42 am

Cmap has problems with ldap servers with global read limits.

Post by spryfrog »

On a CmapServer with LDAP authentication, searching for users in the LDAP directory may cause too many entries to be returned, resulting in an error message "Problem communicating with user directory". My ldap server is not under my control and there is no possibility of removing the ldap server's global read limit. How and where do I create a more specific ldap search/bind query?

CmapServer 5.04
Windows server 2008 r2
acanas
Posts: 753
Joined: Tue Mar 17, 2009 5:52 pm

Re: Cmap has problems with ldap servers with global read limits.

Post by acanas »

Try setting the following parameter in the serverconfig.txt configuration file (located in the "bin" directory where the CmapServer was installed).

ldap.user.directory.maxResults=100

(or whatever number your server allows)

The default maximum is 500.
spryfrog
Posts: 4
Joined: Mon Dec 06, 2010 1:42 am

Re: Cmap has problems with ldap servers with global read limits.

Post by spryfrog »

Thanks acanas.

I've added that to my serverconfig.txt and restarted the cmap service but it still has the same problem. Here's the output from the tomcat logs when I tried searching the user directory.

LogAdmin:addHandler:: added.
[07/Dec/2010:15:33:25] [ConnHandlerCache-1-Thread-1] (139.86.55.226:53613)::TalkToService::AdminService: (0 ms.)
[07/Dec/2010:15:33:29] [ConnHandlerCache-1-Thread-1] (139.86.35.183:4138) RS::handleHashtable: function == getPrincipals
[07/Dec/2010:15:33:29] [ConnHandlerCache-1-Thread-1] (139.86.35.183:4138)::Resource::getPrincipals::Send reply::CLOSED: (4375 ms.)

Hope this helps.
jlott
Posts: 9
Joined: Tue Mar 31, 2009 6:05 pm

Re: Cmap has problems with ldap servers with global read limits.

Post by jlott »

From your original error message, it appears that you are getting an error message in the client when you do the search: "Problem communicating with user directory". However, it is not clear if the problem is really that there are too many results. This is a general error message which could be indicative of a number of problems.

If you enter some search terms, to narrow the scope of the search (e.g. first name), do you get some results, or does it give the same error message?

To better identify the error, after reproducing the problem, could you please post the last page or so of your CmapTools client logfile? The logfiles are located in your home folder under the CmapToolsLogs directory.
spryfrog
Posts: 4
Joined: Mon Dec 06, 2010 1:42 am

Re: Cmap has problems with ldap servers with global read limits.

Post by spryfrog »

Thanks for the tip about the client log files, I was completely focusing on the server logs. Anyway, I found them and here's an extract that you might find interesting.

Caused by: nlk.acl.directory.DirectoryXcp: javax.naming.LimitExceededException: [LDAP: error code 11 - Administrative Limit Exceeded]; remaining name 'dc=usq,dc=edu,dc=au'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

I'll submit the whole log file for inspection.
Attachments
cmaptools1.log
(98.67 KiB) Downloaded 338 times
jlott
Posts: 9
Joined: Tue Mar 31, 2009 6:05 pm

Re: Cmap has problems with ldap servers with global read limits.

Post by jlott »

Thanks for the log, this is very helpful. We've identified the issue and will try to resolve it in an upcoming release.

For now, the only workaround is to enter more specific search terms when searching for users via the CmapTools client.
spryfrog
Posts: 4
Joined: Mon Dec 06, 2010 1:42 am

Re: Cmap has problems with ldap servers with global read limits.

Post by spryfrog »

No problem, glad to help improve this great software. Is there a possibilty of a quick patch or something? I have a project with Cmap that completely relies on ldap access and without it we won't be able to move forward until a new Cmap version is released. No pressure.
Post Reply