My Oracle Support Banner

ODSEE - Search Results in err=11 (Administrative Limit Exceeded) When Binding Anonymously (Doc ID 1322157.1)

Last updated on JULY 26, 2023

Applies to:

Oracle Directory Server Enterprise Edition - Version 5.1 and later
Information in this document applies to any platform.


1) Entries with an anonymous bind can not be returned because the search results in err=11.

From the access log -

[27/Apr/2011:16:07:37 -0400] conn=1531486 op=-1 msgId=-1 - fd=165 slot=165 LDAP connection from <IP> to <IP>
[27/Apr/2011:16:07:37 -0400] conn=1531486 op=0 msgId=1 - SRCH base="ou=people,ou=intranet,dc=SUFFIX_DN" scope=2 filter="(uid=*345*)" attrs="dn"
[27/Apr/2011:16:07:37 -0400] conn=1531486 op=0 msgId=1 - RESULT err=11 tag=101 nentries=7 etime=0
[27/Apr/2011:16:07:37 -0400] conn=1531486 op=1 msgId=2 - UNBIND
[27/Apr/2011:16:07:37 -0400] conn=1531486 op=1 msgId=-1 - closing - U1
[27/Apr/2011:16:07:37 -0400] conn=1531486 op=-1 msgId=-1 - closed.

2) The nsslapd-allidsthreshold (allids) is greater than the total number of entries in the database.
In this example, the allids is 300k, and the total number of entries is 239529.

nsslapd-allidsthreshold: 300000

The total number of entries can be found in the errors log.
For example -

[26/Apr/2011:19:43:49 -0400] - INFO: 239529 entries in the directory database.

By default, the allids configuration is 4000.


3) There is no index configured for the attribute used in the search filter.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.