OUD12c - Searches Against Combined Directories using OUD Proxy Fork-Join WFE Return Error "Result Code: 4 (Size Limit Exceeded)"
(Doc ID 2622893.1)
Last updated on SEPTEMBER 13, 2022
Applies to:
Oracle Unified Directory - Version 12.2.1.3.180322 and laterInformation in this document applies to any platform.
Symptoms
On: 12.2.1.3 version, Proxy & Load-Balancing
Searches against combined directories using OUD Proxy - Fork-Join WFE return error result=4 :
Result Code: 4 (Size Limit Exceeded)
The issue can be reproduced at will with the following steps:
- Configure OUD12c Proxy Join Fork using 2 Directories with limited number of objects returned in a single search result (For example Active Directory that have MaxPageSize - which value controls the maximum number of objects that are returned in a single search result, independent of how large each returned object is. To perform a search where the result might exceed this number of objects, the client must specify the paged search control. This is to group the returned results in groups that are no larger than the MaxPageSize value. To summarize, MaxPageSize controls the number of objects that are returned in a single search result. Default 1000)
- Applying Patch 28328300 as bind to primary & secondary through OUD proxy using Fork-Join WFE to work ( fixed BUG 28052332 and BUG 28130109 )
- Attempt to search into combined directories using a filter with the expected results larger than number of objects that are allowed to be returned in a single search, return error: Result Code: 4 (Size Limit Exceeded)
- Attempt to do a similar search using search page control ( --simplePageSize ), which would be the normal way to handle such searches still return errors and incorrect results.
Sample from search using ForkJoin with 2 Active Directories (1stAD default limit 1000, 2nd AD limit increased to 2000)
without --simplePageSize (get the below result - that might be expected )
$ ./bin/ldapsearch -h lcoalhost -p <LDAP_PORT> -D "<BIND_DN>" -j <password_file> -b "<fork_join_suffix>" -s sub "(objectClass=*)" dn | grep -iac "dn: "
SEARCH operation failed
Result Code: 4 (Size Limit Exceeded)
Additional Information: Operation 'SEARCH' failed in participant 'primary' for entry '<DN_1stParticipant>' Operation 'SEARCH' failed in participant 'secondary' for entry '<DN_2ndParticipant>'
2999
with --simplePageSize (which would be the normal way to handle such searches - get the below result )
$ ./bin/ldapsearch -h lcoalhost -p <LDAP_PORT> -D "<BIND_DN>" -j <password_file> -b "<fork_join_suffix>" --simplePageSize 1000 -s sub "(objectClass=*)" dn | grep -iac "dn: "
SEARCH operation failed
Result Code: 12 (Unavailable Critical Extension)
Additional Information: 00000057: LdapErr: DSID-0C090831, comment: Error processing control, data 0, v2580 Operation 'SEARCH' failed in participant 'secondary' for entry '<DN_2ndParticipant>'
2999
Due to this issue, searches using Fork-Join does not return the expected results from participants Directories.
Changes
Configure OUD12c Proxy Join-Fork against 2 Directories that have limited the number of objects returned in a single search result.
For Active Directories please see :
OUD 12c - What are the Commands to Combine Data from Two Backend LDAPS Using Fork-Join WorkflowElement (Doc ID 2484782.1)
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |