Idea Details

Extended LDAP definition at hub configuration

Last activity 05-29-2019 08:21 PM
Gregor WOLF's profile image
10-28-2016 07:54 AM

In a large UIM environment where hubs are configured with LDAP authentication following errors were seen in hub.log files:


LDAP attribute [userPrincipalName] could not be validated and
checking ldap config: ldap_search_ext_s: 'Size limit exceeded'


Increasing the size limit by changing MaxPageSize in Active Directory was not recommended by Microsoft (

The problem can be avoided by defining a more tightened filter in LDAP Settings of hub configuration:


Group Container (DN)
User Container (DN)


Group Container (DN)
User Container (DN)


Unfortunately the new definition limits the user and groups, because actually only one Group/User Container can be defined. It should be possible to define more than one branch, maybe separated by ";" to avoid this limitation.



Idea opened on customer request.