I'm trying to configure LDAP and am hitting the following error:
ERROR ScopedLDAPConnection - Search for DN 'CN=Users,DC=Domain,DC=Com' gave error: Size limit exceeded
What does this error mean?
Size Limit Exceeded is an LDAP server error indicating that the search request was unable to return all entries due to a limit. The problem encountered is that the users or groups you are looking for may have been in the 1001+ entries and are not being returned.
In AD, the default size limit is typically 1000 entries. The LDAP server error is usually followed by an error indicating the number of entries returned which is a few entries less than the actual size limit. There is nothing you can do to change this limit unless you are the LDAP server administrator.
In Splunk, you can use filters to reduce the number of LDAP entries returned so that you do not hit this limit.