Has
anyone on the list ever run into this ? A systems integrator I know told
me that they were trying to integrate Lotus SameTime with AD as part of an
enterprise portal configuration. Apparently SameTime can authenticate
using LDAP binds and also grab user information which SameTime uses for its
configuration.
Anyhow, it chokes when it tries to retrieve the user
information. Apparently, they try to query on all users within the
specified scope, but without using the LDAP paging control. The integrator
sent me this URL to the technote published by IBM on the subject
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21090028
From the referenced technote:
Currently, Sametime must pull all users from the LDAP server and will reach the limit set on the LDAP server, if a limit is set to be lower than the amount of users that Sametime can search for.
And then this little gem:
The following can resolve the error on an
Active Directory server:
- In Active Directory, go to a command line and
type:
ntdsutil
ldap policies
connections
connect to server <local server name>
set creds <local domain name> administrator <admin password>
quit
show values
set MaxPageSize to 100000
commit changes
Note If the amount of users/groups on the AD server is larger than 100,000, the MaxPageSize value should be set higher.
When I regained my composure, I
replied with a note to the effect that there is absolutely no way I would
advocate opening that throttle by a factor of 100 (or more!). There have
been numerous threads on this list about MaxPageSize, usually ending with a
pronouncement from ~Eric or joe saying "Just don't do it - use LDAP
paging".
I'm just curious if anyone else
has run into this with SameTime, and also whether Microsoft has
directly addressed this kind of advice from IBM or anyone
else.
Dave