While browsing or searching through a directory, you are unable to get all of the subentries or search results and the '[error 4] sizelimit exceeded' message is displayed. Every time you are getting just a limited number of entries (e.g. 1000) returned.
Such a behavior may occur due to either of the two possible reasons, or both:
- Profile settings. An LDAP Administrator profile you have created for the server has settings which are responsible for the request timeout and the search result size limit. Those restrictions are sent to the server with each request and if the size limit is less than the number of subentries in a certain entry, the application won't be able to get all of them.
- LDAP Server settings. An LDAP server can be configured to return a certain number of entries that is not greater than the one defined. This can be done by modifying the server configuration files or the source code prior to compilation. In most cases such a configuration is made in order to optimize server load and prevent hacker attacks.
- VLV or Simple Paging. Starting from version 3, LDAP Administrator features the Simple Paging and Virtual List View support. Their respective use is only limited to whether your server supports this kind of operations. To learn more on the above, please consult the application Help: Help->LDAP Administrator Help->Browsing Directory->Managing Large Amounts of Entries.
- Profile settings. To edit a server property, select a server item in the left-hand side tree view panel and press the Properties button on the toolbar or press Alt-Enter. Then select the "LDAP Settings" tab, where the Entry count limit input will be displayed. Enter a new value better meeting your requirements. A Zero for this parameter means that the server is asked to return all the entries found in process of search.
- LDAP Server settings. There isn't a universal way of solving this problem, for it depends on a number of reasons: what kind of server you are working with, whom the server belongs to, whether or not you enjoy administrator rights and physical access to the server. If your server is absent in the list of solutions recommended for well-known servers, we suggest you ask your system administrator or consult the server documentation. <h3>Workaround for well-known servers</h3>
- Microsoft Active Directory. By default, Microsoft Active Directory which is a part of Windows 2000 Server, allows fetching only 1000 entries per one search request. In terms of this system such a restriction is called MaxPageSize. This parameter can be changed using the ntdsutil.exe file which is a command line tool supplied with Windows 2000 Server. Another way to change this parameter is to edit it directly inside the CN=Default Query Policy, CN=Query-Policies, CN=Directory Service, CN=Windows NT, CN=Services, CN=Configuration, DC=YOUR_COMPANY, DC=YOUR_COMPANY_TLD entry by using LDAP Administrator. In both cases you must have administrator rights.
- OpenLDAP. The time limit for the OpenLDAP server can be changed in the config file (which can usually be found at /etc/openldap/slapd.conf). The parameter is called sizelimit. For more information please consult the slapd.conf Manual page or the OpenLDAP documentation.