Resolving Active Directory Error: “SizeLimitExceededException”
Applies to: All versions of Ephesoft Transact.
Issue
Active Directory Windows authentication is not working. When checking the logs, you may see a message similar to the following:
[ERROR] [http-8080-3] [com.ephesoft.dcma.user.connectivity.impl.MSActiveDirectoryConnectivity] - No result found[LDAP: error code 4 - Sizelimit Exceeded]
javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'dc=ephesoft,dc=com'
Solution
- Open the user-connectivity.properties. This is located at [Ephesoft_Directory]\Application\WEB-INF\classes\META-INF\dcma-user-connectivity\user-connectivity.properties.
- Limit the groups to a subset of group names by configuring the following property:
user.msactivedirectory_group_search_filter={can be blank by default}
- If needed, you can further filter AD groups by specifying individual context paths by configuring the following property:
user.msactivedirectory_context_path={can be blank by default}
Specify the path of each group you want the system to find separated by two semicolons ( ;; ).
Example 1:
Suppose the users that need access to Ephesoft belong to two active directory groups named EphesoftAdmins and EphesoftUsers.
Set:
user.msactivedirectory_group_search_filter=(cn=Ephesoft*)
Example 2:
Suppose the full distinguished name for the following groups you want to have access are:
ephesoftgroup1 is cn=ephesoftgroup1,ou=itdept,ou=usa,dc=ephesoft,dc=com
operatorgroup2 is cn=operatorgroup2,ou=operations,ou=usa,dc=ephesoft,dc=com
Set:
user.msactivedirectory_context_path=ou=itdept,ou=usa;;ou=operations,ou=usa