Ad Sync Error - Sizelimit Exceeded

[clicerioneto]

Hi,

Following is the error in the synchronization process AD

Code: [Select]

\n$VAR1 = bless( {
                 '-stacktrace' => 'Unknown error at EBox::UsersAndGroups::uidList Sizelimit exceeded at /usr/share/perl5/EBox/Ldap.pm line 712
EBox::Ldap::_errorOnLdap(\'Net::LDAP::Search=HASH(0xb9139ec)\', \'HASH(0xb87467c)\') called at /usr/share/perl5/EBox/Ldap.pm line 351
EBox::Ldap::search(\'EBox::Ldap=HASH(0xa1e17b8)\', \'HASH(0xb87467c)\') called at /usr/share/perl5/EBox/UsersAndGroups.pm line 1155
EBox::UsersAndGroups::uidList(\'EBox::UsersAndGroups=HASH(0x9b956fc)\') called at /usr/share/perl5/EBox/UsersAndGroups/Model/Users.pm line 161
EBox::UsersAndGroups::Model::Users::ids(\'EBox::UsersAndGroups::Model::Users=HASH(0xb44b980)\') called at /usr/share/perl5/EBox/UsersAndGroups/Model/Users.pm line 109
EBox::UsersAndGroups::Model::Users::precondition(\'EBox::UsersAndGroups::Model::Users=HASH(0xb44b980)\') called at /usr/share/ebox/templates/ajax/modelViewer.mas line 67
HTML::Mason::Commands::__ANON__(\'model\', \'EBox::UsersAndGroups::Model::Users=HASH(0xb44b980)\', \'hasChanged\', \'undef\') called at /usr/share/perl5/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run(\'HTML::Mason::Component::Subcomponent=HASH(0x97dd424)\', \'model\', \'EBox::UsersAndGroups::Model::Users=HASH(0xb44b980)\', \'hasChanged\', \'undef\') called at /usr/share/perl5/HTML/Mason/Request.pm line 1262
eval {...} called at /usr/share/perl5/HTML/Mason/Request.pm line 1252
HTML::Mason::Request::comp(\'undef\', \'undef\', \'model\', \'EBox::UsersAndGroups::Model::Users=HASH(0xb44b980)\', \'hasChanged\', \'undef\') called at /usr/share/ebox/templates/ajax/modelViewer.mas line 28
HTML::Mason::Commands::__ANON__(\'data\', \'undef\', \'dataTable\', \'HASH(0xb44bab8)\', \'model\', \'EBox::UsersAndGroups::Model::Users=HASH(0xb44b980)\', \'hasChanged\', \'undef\', \'tpages\', ...) called at /usr/share/perl5/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run(\'HTML::Mason::Component::FileBased=HASH(0x97dd5ec)\', \'data\', \'undef\', \'dataTable\', \'HASH(0xb44bab8)\', \'model\', \'EBox::UsersAndGroups::Model::Users=HASH(0xb44b980)\', \'hasChanged\', \'undef\', ...) called at /usr/share/perl5/HTML/Mason/Request.pm line 1262
eval {...} called at /usr/share/perl5/HTML/Mason/Request.pm line 1252
HTML::Mason::Request::comp(\'undef\', \'undef\', \'undef\', \'data\', \'undef\', \'dataTable\', \'HASH(0xb44bab8)\', \'model\', \'EBox::UsersAndGroups::Model::Users=HASH(0xb44b980)\', ...) called at /usr/share/perl5/HTML/Mason/Request.pm line 468
eval {...} called at /usr/share/perl5/HTML/Mason/Request.pm line 468
eval {...} called at /usr/share/perl5/HTML/Mason/Request.pm line 418
HTML::Mason::Request::exec(\'HTML::Mason::Request=HASH(0xb860df4)\') called at /usr/share/perl5/HTML/Mason/Interp.pm line 342
HTML::Mason::Interp::exec(\'undef\', \'undef\', \'data\', \'undef\', \'dataTable\', \'HASH(0xb44bab8)\', \'model\', \'EBox::UsersAndGroups::Model::Users=HASH(0xb44b980)\', \'hasChanged\', ...) called at /usr/share/perl5/EBox/CGI/Base.pm line 141
EBox::CGI::Base::_body(\'EBox::CGI::View::DataTable=HASH(0xb82e074)\') called at /usr/share/perl5/EBox/CGI/Base.pm line 180
EBox::CGI::Base::_print(\'EBox::CGI::View::DataTable=HASH(0xb82e074)\') called at /usr/share/perl5/EBox/CGI/Base.pm line 336
EBox::CGI::Base::run(\'EBox::CGI::View::DataTable=HASH(0xb82e074)\') called at /usr/share/perl5/EBox/CGI/Run.pm line 120
EBox::CGI::Run::run(\'EBox::CGI::Run\', \'/Users/View/Users\', \'EBox\') called at /usr/share/ebox/cgi/ebox.cgi line 19
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::handler(\'Apache2::RequestRec=SCALAR(0xb744484)\') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run(\'ModPerl::Registry=HASH(0x85dd874)\') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler(\'ModPerl::Registry=HASH(0x85dd874)\') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler(\'ModPerl::Registry\', \'Apache2::RequestRec=SCALAR(0xb744484)\') called at -e line 0
eval {...} called at -e line 0
',
                 '-file' => '/usr/share/perl5/EBox/Ldap.pm',
                 '-text' => 'Unknown error at EBox::UsersAndGroups::uidList Sizelimit exceeded',
                 '-line' => 712,
                 '-package' => 'EBox::Ldap',
                 'silent' => 0
               }, 'EBox::Exceptions::Internal' );


Code: [Select]

2010/02/11 10:55:05 ERROR> Ldap.pm:710 EBox::Ldap::_errorOnLdap - $VAR1 = {
          'base' => 'ou=Users,dc=brasilecodiesel',
          'attrs' => [
                       'uid',
                       'cn',
                       'givenName',
                       'sn',
                       'homeDirectory',
                       'userPassword',
                       'uidNumber',
                       'gidNumber',
                       'description'
                     ],
          'filter' => 'objectclass=*',
          'scope' => 'one'
        };
2010/02/11 10:55:05 ERROR> Ldap.pm:712 EBox::Ldap::_errorOnLdap - Unknown error at EBox::UsersAndGroups::users Sizelimit exceeded
2010/02/11 10:57:23 ERROR> Ldap.pm:710 EBox::Ldap::_errorOnLdap - $VAR1 = {
          'base' => 'ou=Users,dc=brasilecodiesel',
          'attrs' => [
                       'uid',
                       'uidNumber'
                     ],
          'filter' => 'objectclass=*',
          'scope' => 'one'
        };
2010/02/11 10:57:23 ERROR> Ldap.pm:712 EBox::Ldap::_errorOnLdap - Unknown error at EBox::UsersAndGroups::uidList Sizelimit exceeded


[Saturn2888]

You should give more information like eBox version, which OS, if you got the error on the master or slave, how many users/groups you have. It seems like you have far too many users.

[clicerioneto]

Ebox 1.4.1 - Mode Slave - Windows Ad Sync

Active Directory - Windows 2003 Server Standard Edition SP2

My ad has multiple users and groups organized in several OUs:

Users (active and disabled) - 554
All Groups - 69
OU's - 69

[Saturn2888]

Are the users on the eBox as a master or is the eBox a slave machine?

[clicerioneto]

Ebox Slave

[Saturn2888]

Either it's there are too many users or there's some kind of ID number which is larger than the size eBox is able to take. This might be a bug.

[clicerioneto]

Earlier, the ebox was synchronizing with no errors. After 40 users got errors.

[Saturn2888]

What is the maximum password length of those users?

[clicerioneto]

No password policy is set:

Enforce password history - not defined
Maximum password age - not defined
Minimum password age - not defined
Minimum password length - not defined

As a suggestion, the personal development of ebox could analyze how the process works authentication with Windows AD, the tool CensorNet 3.3r6, Endian or SmoothWall. I had no problem with these tools to sync with AD.

The Ebox is an excellent tool and easy to administer. However, the use of synchronization with Active Directory left to be desired. Still needs improvement.

[Saturn2888]

I'm sure you'll get an answer soon enough. You seem to be one of two people with fairly similar AD issues.

[fbravod]

modify this file /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb/olcOverlay={0}syncprov.ldif
add the follow line
olcSizeLimit: 50000
restart slapd
work for me
sorry for my english

[clicerioneto]

Hi,

This procedure solved the problem, but only 3 groups were synchronized. I have several groups ...
 
Does anyone have any idea how to solve this?

Thanks,
Clicério Neto

[J. A. Calvo]

This procedure solved the problem, but only 3 groups were synchronized. I have several groups ...
 
Does anyone have any idea how to solve this?

Please, try this and tell us if it solves your problem:

http://forum.ebox-platform.com/index.php?topic=2817.msg13428#msg13428

Thanks in advance!

[clicerioneto]

Replication worked. However, even resetting the password is not authenticating. Appears the pop-pup asking for User and password, but failed.

Follow the steps I did:

-Reinstalled the Ebox;
-I upgraded to new version (1.4.3);
-Replace the file "ebox-ad-sync" (http://trac.ebox-platform.com/export/16907/trunk/client/usersandgroups/tools/ebox-ad-sync)
-I did the procedure for replication (http://trac.ebox-platform.com/wiki/Document/Documentation/EBoxActiveDirectorySync)
-At the time of replication has an error again. I made the following procedure:

modify this file /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb/olcOverlay={0}syncprov.ldif
add the follow line
olcSizeLimit: 50000
restart slapd

All User and groups synchronized.                    But............

*******************************************************

To test, I created a new User:

user: test
pass: test
add group: TI

The new User has synchronized the list of users and group (TI). Reset the password for: 123456

I created a Group Policy (Http Proxy - athourize and filter):

Group: IT Policy: allow Time Period: All Time Filter Profile: default

But it did not work. How can I solve this problem? 

[J. A. Calvo]

At the same time you reset the password in your Windows server, could you have a look at the ebox.log file to see if any error happens? (tail -f /var/log/ebox/ebox.log)