|
Ah yeah, I "duh"ed there for a second. Of course ffl.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Monday, August 02, 2004 1:55 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Exceeding the LDAP Look Through Limit Change “domain
functional mode” to “forest functional mode.” This is a forest functional
dependency. Gotta think of our GCs…. I just looked, and yes
this error would throw an admin limit exceeded error, so it makes sense that
this is the problem given problem description, although trace would confirm. My
quick read of this section tells me that the server-returned frame should have a
dsid in it that will let me be 100% sure. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joe So irregardless of how
you hit it if you hit ~850 Non-LV values on an object you have hit the
ceiling? ~1300 in 2K3 Domain Functional Mode... From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Eric
Fleischman IIRC, the limits are
one in the same really. It’s a subtle point as to how we work under the hood
that is exposing this. ~Eric From: joe
[mailto:[EMAIL PROTECTED] ~Eric is there any
public documentation on #1? Obviously max values on an attribute of an object is
documented (I think it is anyway), but I don't recall seeing anything for max
values on an object.
joe From: Eric
Fleischman [mailto:[EMAIL PROTECTED] Oh, I didn’t read below
joe’s post. I should have. So there are two
possible things you’re hitting here: 1)
You are hitting the max
# of values on the obj (as joe was eluding too) 2)
You are exceeding an
admin limit as a result of a write of a huge attribute (for example, max size of
an ldap operation) If you could, take a
sniff of the network operation and share the trace with us so we can see the
exact frames being submitted and the reply from the DSA. We would know for sure
what limit you’re hitting that way. joe’s guess is a good one (and probably
right), but it’s not 100% clear to me that’s what you are actually hitting. It’s
worth being sure before we conclude anything. ~Eric From:
Putting me on CC is the way to get
me to notice it faster. It hits a search folder that I watch that
way. In w2k we had a non-linked value
limit of ~850 values. In 2k03 that moved to ~1300. Since we can have interop, we
need to make sure we don’t break 2k when you introduce 2k03 so you don’t get the
new ~1300 limit until you increase forest functional level to at least
1. Error you get on 2k when you exceed
~850 is JET_errRecordTooBig (-1026 if I remember correctly).
From: joe
[mailto:[EMAIL PROTECTED] Ah, I was chatting with
~Eric on this exact issue previously about adding too many attributes to a
single multivalued attribute. Once I hit the limit (around 850 or so attributes
on 2K) I couldn't add any new attributes to anything, only modify existing....
We never went anywhere on that discussion and I am curious why this happens.
Since ~Eric hasn't
responded to this I am guessing he lost the thread so I am going to do the
Bat~Eric Call... CARTE
BLANCHE! joe
:o) From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Steve
Brashear Ok, he
created one
user-defined ou , and added an object in that container. If he adds more than
this values, the limit exceeded message appears:
Thanks for your
help! Steve From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of I could probably tell
you which admin limit you’re exceeding if you tell me the OS version &
service pack level. Most admin limits are
there to protect perf of the box & prevent against DoS attacks. Better than
changing the limits would be to change the query to use LDAP RFC compliant ways
to performing the action w/o changing lmits. For example, if the limit is # of
objects returned per page, rather than using a huge page you’d do a paged
search. So the questions that
would be of interest: 1)
OS and service pack
level 2)
What is the action
being performed (as an example, if this is a search, baseDN + scope +
filter) Thanks! ~Eric From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Steve
Brashear I have a customer who has
created an OU and populated it with objects that have many attributes. He
is now encountering this error: Is there a maximum size
limitation for user defined objects in AD? Can that value be
modified? Where would one modify
it? Would it be in the LDAP policies/protocols
configuration? TIA! |
- [ActiveDir] Exceeding the LDAP Look Through Limit Steve Brashear
- RE: [ActiveDir] Exceeding the LDAP Look Through Limit Cotter, Paul M.
- RE: [ActiveDir] Exceeding the LDAP Look Through Limit Eric Fleischman
- RE: [ActiveDir] Exceeding the LDAP Look Through Limit Steve Brashear
- RE: [ActiveDir] Exceeding the LDAP Look Through Limit Eric Fleischman
- RE: [ActiveDir] Exceeding the LDAP Look Through Limit Eric Fleischman
- RE: [ActiveDir] Exceeding the LDAP Look Through Limit Eric Fleischman
- joe
