How to Resolve Active Directory ERROR: Size Limit Exceeded

Issue: Active Directory Windows authentication is not working. When checking the logs, you may see a message similar to the following:

[ERROR] [http-8080-3] [com.ephesoft.dcma.user.connectivity.impl.MSActiveDirectoryConnectivity] - No result found[LDAP: error code 4 - Sizelimit Exceeded]
javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'dc=ephesoft,dc=com'

Solution:

  1. Open the user-connectivity.properties. This is located at <Ephesoft_Directory>\Application\WEB-INF\classes\META-INF\dcma-user-connectivity\user-connectivity.properties.
  2. Limit the groups to a subset of group names by configuring the following property:
user.msactivedirectory_group_search_filter={can be blank by default}
  1. If needed, you can further filter AD groups by specifying individual context paths by configuring the following property:
user.msactivedirectory_context_path={can be blank by default}

Specify the path of each group you want the system to find separated by two semicolons ( ;; ).


Example 1:

Suppose the users that need access to Ephesoft belong to two active directory groups named EphesoftAdmins and EphesoftUsers.

Set:

user.msactivedirectory_group_search_filter=(cn=Ephesoft*)

Example 2:

Suppose the full distinguished name for the following groups you want to have access are:

ephesoftgroup1 is cn=ephesoftgroup1,ou=itdept,ou=usa,dc=ephesoft,dc=com

operatorgroup2 is cn=operatorgroup2,ou=operations,ou=usa,dc=ephesoft,dc=com 

Set:

user.msactivedirectory_context_path=ou=itdept,ou=usa;;ou=operations,ou=usa