Forum Problems Installing LAMS: Re: Problem with LDAP (Active Directory) in big organization

Back to Problems Installing LAMS
	Search:

	3: Re: Problem with LDAP (Active Directory) in big organization By: Jun-Dir Liew	In response to 1	07/06/09 07:42 PM	[ Reply \| Forward ]
Have you tried the 'Synchronise' button under 'LDAP Configuration' in the SysAdmin menu? Do you get the same error? Posted by Jun-Dir Liew

	4: Re: Re: Problem with LDAP (Active Directory) in big organization By: Mariusz Górski	In response to 3	07/14/09 03:47 PM	[ Reply \| Forward ]
No, I do not have that error if I sync more than 1,000 accounts. Active Directory structure in my company is: OU = Users, OU = [city], DC = xxx, DC = yy where [city] to 14 different localities. If I set the directory to search for DC = xxx, DC = yy I get the error. If I set the directory to search for OU = [city], DC = xxx, DC = yy it synchronizes only the OU. Signing is a little different. If I set the directory to search for DC = xxx, DC = yy I get the error if the account is not returned in the first thousand accounts. If I set the directory to search for OU = [city], DC = xxx, DC = yy you can log into the account belonging to this OU, provided that the account will be returned in the first thousand accounts. I am in the fact that the synchronization and logging occurred when setting the directory to search for DC = xxx, DC = yy Posted by Mariusz Górski

	5: Re: Re: Re: Problem with LDAP (Active Directory) in big organization By: Jun-Dir Liew	In response to 4	07/14/09 08:08 PM	[ Reply \| Forward ]
When logging in, the initial search for your user object should only return one object because usernames should be unique. What's your search filter? It should only need to be something like (sAMAccountName={0}). If you don't pass in the username with the {0}, then Active Directory may be returning more objects than it needs to. Synchronising shouldn't give a SizeLimitExceededException, as far as I know Active Directory supports paging. Could it have been disabled somehow? Posted by Jun-Dir Liew

	6: Re: Re: Re: Re: Problem with LDAP (Active Directory) in big organization By: Mariusz Górski	In response to 5	07/15/09 04:49 AM	[ Reply \| Forward ]
I had set Search Filter (objectCategory=user) Now set to Search Filter (sAMAccountName={0}) and: LDAP server received 104,572 members showed Number of established users in the system: 4351 Number of existing members and altered: 48089 Number of members who have been Excludes: 0 and a lot of errors like: Error processing context result number 31397: null How to set Search Filter (&(objectCategory=user)(sAMAccountName={0})) LDAP server to get 52,599 members showed Number of users created in the system: 0 Number of existing members and altered: 52440 Number of members who have been excluded: 0 and some type of error: Error processing context result number 31397: null Synchronization works for DC=xxx, DC=yy without a OU=[city] It's OK. Posted by Mariusz Górski

	7: Re: Re: Re: Re: Re: Problem with LDAP (Active Directory) in big organization By: Jun-Dir Liew	In response to 6	07/15/09 05:44 PM	[ Reply \| Forward ]
Great, so all is working! The error during processing is not specific in the web interface, but you can generally see why in the lams logs (/path/to/jboss/server/default/log/lams.log). One reason is that AD contains users with whitespace in the username. Posted by Jun-Dir Liew

Reply to first post on this page

Back to Problems Installing LAMS