AD sync userman sizelimit exceeded

Hello, I try to sync the FreePBX users with our AD which is rather large (about 5000 users with a lot of OU and groups).

it appears to be connected but I can’t login.

When I try to do a manual sync, I get the following error message.

[Whoops\Exception\ErrorException]
ldap_search(): Partial search results returned: Sizelimit exceeded

First, is that a good idea to sync with such a large directory ? We do not need the entire directory to be synced, but I don’t know if I can specify multiple user sources.

Also is there a way to increase the sizelimit parameter ?

thanks for any answers and best regards

Laurent

No. This is a limitation of php 5.3

https://sourceforge.net/p/adldap/discussion/358759/thread/17c74ca8/

Will be resolved in the sangoma 7 distro.

1 Like

I have finished the work to allow more than 1000 users/groups. This change will also allow us to implement numerous features people have asked for.

userman version 14.0.1alpha7

Hi, currently at 13.0.75.3, but running into this same situation on a server that is to go live within the next week. We are unable to retrieve all the users (close to 1000) with this same error message.

[Whoops\Exception\ErrorException]
ldap_search(): Partial search results returned: Sizelimit exceeded

Yes. This is an issue in 13 that is resolved in 14 as stated previously in the reply right before yours.

Is there any way to get this update into the aforementioned v13 system though? Understand it’s beta… Really needing the AD integration, but I’m up against a large (just under 1k users) AD infrastructure. It appears to require php > 5.3…

Unfortunately no.

Hi Andrew,

Following up a bit further on User Management, and specifically the LDAP integration. We are having way too many issues with this.

Currently at FreePBX 13.0.190.7, LDAP integrated to Windows 2012 server. Late last week, early this week, we increased the maxPageSize on the server LDAP configuration from 1000 to 5000. Also changed the BaseDN to limit number of entries (needed to move the primary security group into that OU as well). Previously, we were not syncing at all because the AD ldap_search was too large (previous discussions).

Sync is set for “daily”

Associating default UCP Permissions with the Security Group, so it is critical.

The Security group “disappeared” this morning. That is, it was not showing in User Manager AT ALL.

Thus, no users could log into the web GUI, Softkeys on phones did not work (DND, Voicemail in particular).

Re-ran “fwconsole userman sync --verbose”, which did bring it back, but had to reset all permissions.

We find ourselves having to babysit this process too much, causing bad impression on the users, so hoping some further attention can be paid to this module at the current release level until 14 comes out.

Thoughts / feedback? Can I provide further information to help troubleshoot?

My thoughts on this would be to not use it. I am sorry for your troubles but if you feel it’s that much of a pain point then I advise to not use it. We would like to get these issues worked on but it’ll only happen in 14 and I am not sure when (14 has the same issues, besides page-length).