ODSEE - Search Results in err=11 (Administrative Limit Exceeded) When Binding Anonymously (Doc ID 1322157.1)

Last updated on JULY 05, 2017

Applies to:

Oracle Directory Server Enterprise Edition - Version 5.1 and later
Information in this document applies to any platform.
***Checked for relevance on 06-Feb-2013***

Symptoms


1) Entries with an anonymous bind can not be returned because the search results in err=11.

From the access log -

[27/Apr/2011:16:07:37 -0400] conn=1531486 op=-1 msgId=-1 - fd=165 slot=165 LDAP connection from x.x.x.x to x.x.x.x
[27/Apr/2011:16:07:37 -0400] conn=1531486 op=0 msgId=1 - SRCH base="ou=people,ou=intranet,dc=company,dc=com" scope=2 filter="(uid=*345*)" attrs="dn"
[27/Apr/2011:16:07:37 -0400] conn=1531486 op=0 msgId=1 - RESULT err=11 tag=101 nentries=7 etime=0
[27/Apr/2011:16:07:37 -0400] conn=1531486 op=1 msgId=2 - UNBIND
[27/Apr/2011:16:07:37 -0400] conn=1531486 op=1 msgId=-1 - closing - U1
[27/Apr/2011:16:07:37 -0400] conn=1531486 op=-1 msgId=-1 - closed.



2) The nsslapd-allidsthreshold (allids) is greater than the total number of entries in the database.
In this example, the allids is 300k, and the total number of entries is 239529.

nsslapd-allidsthreshold: 300000

The total number of entries can be found in the errors log.
For example -

[26/Apr/2011:19:43:49 -0400] - INFO: 239529 entries in the directory database.

By default, the allids configuration is 4000.

 

3) There is no index configured for the attribute used in the search filter.

 

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms