On Weblogic 12C configured LDAP authenticator and able to integrate LDAP successfully with Active directory . But When we click on the User & groups Tab i observer below error on the logs .
<Error> <Console> <BEA-240003> <Administration Console encountered the following error: java.lang.RuntimeException: netscape.ldap.LDAPException: error result (4); Sizelimit exceeded
at weblogic.security.providers.authentication.LDAPAtnNameList.handleUnexpectedLDAPException(LDAPAtnNameList.java:184)
at weblogic.security.providers.authentication.LDAPAtnNameList.advance(LDAPAtnNameList.java:106)
at weblogic.security.providers.utils.ListerManager.advance(ListerManager.java:233)
at weblogic.security.providers.authentication.LDAPAtnDelegate.advance(LDAPAtnDelegate.java:1449)
at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.advance(LDAPAuthenticatorImpl.java:84)
at weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBeanImpl.advance(ActiveDirectoryAuthenticatorMBeanImpl.java:258)
at sun.reflect.GeneratedMethodAccessor175.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:532)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$21.run(WLSMBeanServerInterceptorBase.java:589)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:587)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:249)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$21.run(WLSMBeanServerInterceptorBase.java:589)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:587)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:439)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$21.run(WLSMBeanServerInterceptorBase.java:589)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:587)
at weblogic.management.mbeanservers.internal.MBeanCICInterceptor.invoke(MBeanCICInterceptor.java:304)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$21.run(WLSMBeanServerInterceptorBase.java:589)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:587)
at weblogic.management.mbeanservers.internal.PartitionJMXInterceptor.invoke(PartitionJMXInterceptor.java:435)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$21.run(WLSMBeanServerInterceptorBase.java:589)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:587)
at weblogic.management.mbeanservers.internal.CallerPartitionContextInterceptor.invoke(CallerPartitionContextInterceptor.java:217)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:327)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:655)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:653)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:370)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:646)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1468)
at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:76)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1309)
at java.security.AccessController.doPrivileged(Native Method)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1408)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:829)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:260)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:299)
at javax.management.remote.rmi.RMIConnectionImpl_12213_WLStub.invoke(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:1020)
at sun.reflect.GeneratedMethodAccessor162.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at weblogic.management.remote.wlx.ClientProvider$WLXRMIConnectorWrapper$1$1.call(ClientProvider.java:715)
at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:287)
at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:272)
at weblogic.management.remote.wlx.ClientProvider$WLXRMIConnectorWrapper$1.invoke(ClientProvider.java:709)
at com.sun.proxy.$Proxy171.invoke(Unknown Source)
at sun.reflect.GeneratedMethodAccessor162.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at weblogic.management.remote.wlx.ClientProvider$WLXRMIConnectorWrapper$1$1.call(ClientProvider.java:715)
at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:287)
at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:272)
at weblogic.management.remote.wlx.ClientProvider$WLXRMIConnectorWrapper$1.invoke(ClientProvider.java:709)
at com.sun.proxy.$Proxy171.invoke(Unknown Source)
at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:561)
at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:390)
at com.sun.proxy.$Proxy182.advance(Unknown Source)
at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:175)
at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:120)
at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:83)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:270)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:237)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:262)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:416)
at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:134)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1129)
at com.bea.portlet.adapter.scopedcontent.framework.internal.PageFlowUtilsBeehiveDelegate.strutsLookupInternal(PageFlowUtilsBeehiveDelegate.java:43)
at com.bea.portlet.adapter.scopedcontent.framework.PageFlowUtils.strutsLookup(PageFlowUtils.java:108)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:707)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:265)
at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:105)
at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:399)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:465)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:291)
at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:231)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:216)
at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:275)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:64)
at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:125)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:286)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:260)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:137)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:350)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at com.bea.console.internal.ParamFilter.doFilter(ParamFilter.java:38)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:32)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3706)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3672)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:328)
at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)
at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2443)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2291)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2269)
at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1705)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1665)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:272)
at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)
at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)
at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)
at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:652)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:420)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:360)
Caused by: netscape.ldap.LDAPException: error result (4); Sizelimit exceeded
at netscape.ldap.LDAPConnection.checkMsg(Unknown Source)
at netscape.ldap.LDAPConnection.checkSearchMsg(Unknown Source)
at netscape.ldap.LDAPSearchResults.fetchResult(Unknown Source)
at netscape.ldap.LDAPSearchResults.hasMoreElements(Unknown Source)
at weblogic.security.providers.authentication.LDAPAtnNameList.advance(LDAPAtnNameList.java:98)
… 164 more
>
The exception happens after browsing through 1000 Users or Groups, a thousand being the default MaxPageSize on AD. By default, Microsoft Active Directory, which is a part of Windows 2000 Server, allows the fetching of only 1000 entries per single search request. As stated, this restriction is called MaxPageSize. The MaxPageSize value of the LDAPAdminLimits attribute controls the number of records that can be returned for an LDAP query. The default number is 1,000 records. If there are more than 1,000 items returned, Active Directory sees this maximum value and will return nothing. Microsoft Support says that “unless you have been instructed by Microsoft Product Support Services to use a different value, you should set this value back to 1,000”. Note that the tool that is used to lower the value of MaxPageSize, ntdsutil.exe, can equally be used to increase it, although it would seem Microsoft does not recommend this.
The Microsoft Active Directory Authentication Provider has been configured. But on WLS admin console or EM console, it was observed that listed users is up to 1000 users.
The Active Directory server by default is restricting the number of objects that are returned in a single search result.
MaxPageSize – This value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSize value. To summarize, MaxPageSize controls the number of objects that are returned in a single search result.
Default value: 1,000
To increase MaxPageSize value at AD side to a higher number.
Follow the instructions provided below for setting the MaxPageSize value to a custom value(e.g:3000) from default(1000)
C:> ntdsutil
ntdsutil: ldap policies
ldap policy: connections
server connections: connect to server $Server_Name
Binding to $Server_Name ...
Connected to $Server_Name using credentials of locally logged on user.
ldap policy: show values
Policy Current(New)
MaxPoolThreads 4
MaxDatagramRecv 4096
MaxReceiveBuffer 10485760
InitRecvTimeout 120
MaxConnections 5000
MaxConnIdleTime 900
MaxPageSize 1000
MaxQueryDuration 120
MaxTempTableSize 10000
MaxResultSetSize 262144
MaxNotificationPerConn 5
MaxValRange 1500
ldap policy: set MaxPageSize to 3000
ldap policy: Show Values
Policy Current(New)
MaxPoolThreads 4
MaxDatagramRecv 4096
MaxReceiveBuffer 10485760
InitRecvTimeout 120
MaxConnections 5000
MaxConnIdleTime 900
MaxPageSize 1000(3000)
MaxQueryDuration 120
MaxTempTableSize 10000
MaxResultSetSize 262144
MaxNotificationPerConn 5
MaxValRange 1500
ldap policy : commit changes
ldap policy : q
ntdsutil : q