lists.arthurdejong.org
RSS feed

nslcd <passwd(all)> ldap_result() failed: Administrative limit exceeded

[Date Prev][Date Next] [Thread Prev][Thread Next]

nslcd <passwd(all)> ldap_result() failed: Administrative limit exceeded



Hi Folks,

I’ve got an Ubuntu 18.04 machine doing anonymous lookups to a central LDAP 
server but am experiencing intermittent authentication issues.

I’m pretty sure the following log item in /var/log/syslog explains the problem:

        nslcd <passwd(all)> ldap_result() failed: Administrative limit exceeded

What I suspect is happening is that nslcd is asking for the entire list of all 
our campus LDAP users (over 20k), and that LDAP server is not okay with this.

In fact, the LDAP client machine only has less than 5 users.

Please let me know if there are any ways to fix or rectify this issue.

Thanks in advance for any suggestions and/or ideas.

The two relevant files are below, with obfuscated LDAP name.

Cheers, Doug

% cat /etc/nslcd.conf

uid nslcd
gid nslcd
uri ldap://ldap.example.com
base dc=org,dc=edu
tls_cacertdir /etc/openldap/cacerts
map passwd homeDirectory "/home/$uid"
idle_timelimit 240
# automatically added on upgrade of nslcd package
tls_cacertfile /etc/ssl/certs/ca-certificates.crt

% cat /etc/ldap.conf

base dc=ucsc,dc=edu
uri ldap://ldap.example.com
ldap_version 3
pam_password md5
ssl start_tls
tls_cacertdir /etc/openldap/cacerts
SIZELIMIT 50

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/