Home

How to fix "LDAP error code 4 - Size limit exceeded" when setting up a new user in an OpenLDAP directory?

Alton Alexander
By Alton AlexanderUpdated on June 4th, 2022

The ldap error code 4 sizelimit exceeded error code happens when the maximum number of entries that can be returned from an LDAP search has been exceeded. This can happen when trying to search for too many entries at once, or when the search base is too large.

1. Increase the size limit on the LDAP server

  1. In the LDAP server's configuration file, increase the size limit to the maximum allowed value.
  2. Restart the LDAP server.
  3. Verify that the size limit has been increased and that the ldap error code no longer appears.

2. Use paged results to retrieve more than one page of results from the LDAP server

First, make sure that the LDAP server is set to allow paged results. To do this, open the LDAP server's configuration file (usually located at /etc/ldap/ldap.conf) and modify the ldap_pages_max parameter to a value greater than the default of 100. For example, if the LDAP server's default value is 100, modify the ldap_pages_max parameter to 200. Next, create a search filter that will retrieve all of the results from the LDAP server. For example, to retrieve all of the results for the user testaccount, create a search filter that looks like this: (objectclass=posixAccount) Next, bind the search filter to the LDAP server. To do this, open a terminal window and type the following command: ldapsearch -b '("objectclass=posixAccount")' testaccount Finally, retrieve the results from the LDAP server by typing the following command: ldapsearch -x -b '("objectclass=posixAccount")' testaccount If the ldap error code 4 sizelimit exceeded error occurs, the results of the search will be paginated.

3. Change the filter used to retrieve LDAP results

  1. Open the Active Directory Users and Computers console.
  2. Right-click the domain controller in which you want to change the filter and select Properties.
  3. On the General tab, click the Protocols button.
  4. In the LDAP filter list, click the Edit button.
  5. In the Edit LDAP Filter dialog box, change the Filter type to String and the Filter value to (uid=*)
  6. Click OK to close the dialog box.
  7. Click OK to close the Properties dialog box.
  1. Navigate to Settings > Authentication and Authorization > LDAP > Scope.
  2. In the Scope area, select the domain or OU to which you want to restrict the search.
  3. In the Search area, enter the maximum size of the search result in bytes.
  4. Click Save.