Geek Answers Handbook

LDAP: ldap.SIZELIMIT_EXCEEDED

I get ldap.SIZELIMIT_EXCEEDED error when running this code:

import ldap url = 'ldap://<domain>:389' binddn = 'cn=<username> readonly,cn=users,dc=tnc,dc=org' password = '<password>' conn = ldap.initialize(url) conn.simple_bind_s(binddn,password) base_dn = "ou=People,dc=tnc,dc=org" filter = '(objectClass=*)' attrs = ['sn'] conn.search_s( base_dn, ldap.SCOPE_SUBTREE, filter, attrs )

Where is my actual username, my actual password and actual domain.

I do not understand why this is so. Can someone shed some light?

Thanks! :) Eric

+6
python ldap
source share
5 answers

Manually: http://www.python-ldap.org/doc/html/ldap.html

ldap exception. SIZELIMIT_EXCEEDED
LDAP size limit exceeded. This may be due to a sizelimit configuration on the LDAP server.

I believe that it is best to limit sizelimit to the message you receive from the server. This can be done by setting the LDAPObject.sizelimit attribute (deprecated) or using the sizelimit parameter when using search_ext()

You must also make sure that the binding is really successful ...

+3
source share

The filter you provided ( objectClass=* ) is a presence filter. In this case, it restricts the search results to objects in the directory and below the base object that you specified - which is each object below the base object, since each object has at least one objectClass . Limit your search using a more restrictive filter or a narrower scope, or a lower base object, or all three. For more information about the topic of the search query, see Using ldapsearch and LDAP: Programming Practices .

Directory server administrators can place a server limit on entries that can be returned to LDAP clients, known as server size limits. There is a time limit that follows the same rules.

LDAP clients should always provide a size limit and a time limit with a search request, however, these restrictions, known as the restrictions requested by the client, cannot override the restrictions on the server.

+2
source share

To achieve this, you should use the page search. The page size will depend on your ldap server, 1000 will work in Active Directory.

Take a look at http://google-apps-for-your-domain-ldap-sync.googlecode.com/svn/trunk/ldap_ctxt.py for an example

+2
source share

see here what to do when you get this error:

How to get more search results than sizelimit server with Python LDAP?

+1
source share

By default, Active Directory returns a maximum of 1000 results. What causes annoyance is that instead of returning 1000 with the corresponding error code, it seems to send an error code without data.

eDirectory runs without defaults and is completely consistent with what you like.

Other directories handle it differently. (Edit and add if you know).

0
source share

More articles:


All Articles