Open SchaffnerMi opened 9 months ago
The error is sent by your active directory in response to the modify statement sent by LSC. This is not a LSC error, it looks like some security restrictions on the AD side on the service account that is used to access your AD.
Hello,
I'm agree with you the error com from AD but I don't think it's a right issue (we have no problem with small groups). The problem is that AD doesn't handle more than 1500 changes at one time for changing a multi-valued attribute. The problem seam's to be adressed wtih the ticket #255.
We have found that adding a time limit under LDAP filters helps:
<interval>60</interval>
But with very large groups we still have the problem.
Hello,
it seems that we can't do anything on LSC side, it's a limit on Active Directory
This article explains it: https://learn.microsoft.com/fr-fr/archive/blogs/askds/administrative-limit-for-this-request-was-exceeded-error-from-active-directory
They do not really give a solution. A workaround can be to split into different groups.
Hello,
I was wondering if anyone was experiencing this issue with large AD member groups.
Dec 08 09:46:31 - ERROR - Error while modifying entry CN=GG_VIE_student,ou=structures,ou=uds,ou=groups,dc=ad,dc=unistra,dc=fr in directory :javax.naming.LimitExceededException: [LDAP: error code 11 - 00002024: SvcErr: DSID-031A1217, problem 5008 (ADMIN_LIMIT_EXCEEDED), data 0
This group "GG_VIE" contains 2582 users.
In order to bypass this issue we tried several things:
1- Page Size: