|
Oh, I didn’t read below joe’s
post. I should have. So there are two possible things you’re
hitting here: 1) You are hitting the max # of values on the obj (as joe was eluding
too) 2) You are exceeding an admin limit as a result of a write of a huge
attribute (for example, max size of an ldap operation) If you could, take a sniff of the network
operation and share the trace with us so we can see the exact frames being
submitted and the reply from the DSA. We would know for sure what limit you’re
hitting that way. joe’s guess is a good one (and probably right), but it’s
not 100% clear to me that’s what you are actually hitting. It’s
worth being sure before we conclude anything. ~Eric From: Putting me on CC is the way to get me to notice it faster.
It hits a search folder that I watch that way. In w2k we had a non-linked value limit of ~850 values. In
2k03 that moved to ~1300. Since we can have interop, we need to make sure we
don’t break 2k when you introduce 2k03 so you don’t get the new
~1300 limit until you increase forest functional level to at least 1. Error you get on 2k when you exceed ~850 is
JET_errRecordTooBig (-1026 if I remember correctly).
From: joe
[mailto:[EMAIL PROTECTED] Ah, I was chatting with ~Eric on this
exact issue previously about adding too many attributes to a single multivalued
attribute. Once I hit the limit (around 850 or so attributes on 2K) I couldn't
add any new attributes to anything, only modify existing.... We never went
anywhere on that discussion and I am curious why this happens. Since ~Eric hasn't responded to this I am
guessing he lost the thread so I am going to do the Bat~Eric Call... CARTE BLANCHE! joe :o) From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Brashear Ok, he created one user-defined ou , and added an object in that
container. If he adds more than this values, the
limit exceeded message appears:
Thanks for your help! Steve From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of I could probably tell you which admin
limit you’re exceeding if you tell me the OS version & service pack
level. Most admin limits are there to protect
perf of the box & prevent against DoS attacks. Better than changing the
limits would be to change the query to use LDAP RFC compliant ways to
performing the action w/o changing lmits. For example, if the limit is # of
objects returned per page, rather than using a huge page you’d do a paged
search. So the questions that would be of
interest: 1) OS and service pack level 2) What is the action being performed (as an example, if this is a
search, baseDN + scope + filter) Thanks! ~Eric From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Brashear I have a customer who has created an OU and
populated it with objects that have many attributes. He is now
encountering this error: Is there a maximum size limitation for
user defined objects in AD? Can that value be modified? Where would one modify it? Would it
be in the LDAP policies/protocols configuration? TIA! |
- [ActiveDir] Exceeding the LDAP Look Through Limit Steve Brashear
- RE: [ActiveDir] Exceeding the LDAP Look Through Limit Cotter, Paul M.
- RE: [ActiveDir] Exceeding the LDAP Look Through Limit Eric Fleischman
- RE: [ActiveDir] Exceeding the LDAP Look Through Limit Steve Brashear
- RE: [ActiveDir] Exceeding the LDAP Look Through Limit Eric Fleischman
- RE: [ActiveDir] Exceeding the LDAP Look Through Limit Eric Fleischman
- RE: [ActiveDir] Exceeding the LDAP Look Through Limit Eric Fleischman
- RE: [ActiveDir] Exceeding the LDAP Look Through Limit joe
