Deployment & Management

jchoucq · ‎2021-10-21

Hi everybody,

does anybody try to sync active directory users from an AD Global Catalog to gets users from multiple domains ?

There is a great article https://community.qlik.com/t5/Knowledge/Sync-Active-Directory-users-from-multiple-domains-with-Advan..., but for the moment, in my customer's environment, we can't make it work.

Even with a ldap filter, that must give us many few users we can see in the log file, the error below. It is mentionned the the size limit was exceeded, but what kind of size is it ?

Exception when fetching data from 'MyDomain' of type Repository.UserDirectoryConnectors.LDAP.AdvancedLDAP The size limit was exceeded↵↓Couldn't retrieve users from directory: 'MyDomain' of type Repository.UserDirectoryConnectors.LDAP.AdvancedLDAP

However, when using ldapadmin tool with the same filter and account, it seems working, i mean the size limit error seems not be thrown by windows ad.

Doest anyody succeed in create on specific advanced ldap connector to get users from multiple domains ?

Have a good day.

Joh

Alexis_Touet · ‎2021-11-03

Hi @jchoucq

Looking at the error, it looks like it refers to the page size of search.

I can see this setting on the advanced properties, could you please try a value (for example 2000) and try to increase it by doubling it.

Best regards,

Please don't forget to mark a correct resolution or answer to your problem or question as correct, as it will help other members to find solutions more easily 😉

jchoucq · ‎2021-11-04

Hi @Alexis_Touet thank you for your answer, in fact the advanced ldap connector has a strange behavior, even if you add an ldap filter, it recovers all the groups of the user, for the whole directory regardless the initial filter. In my case, it represents a huge number of objects what causes the error !

changing the page size parameter does not have an impact, I don’t know why it has been put as a solution.

best regards

johann

Alexis_Touet · ‎2021-11-04

Hi @jchoucq

Have you checked if the same LDAP filter works on an external tool such as LDAPAdmin https://community.qlik.com/t5/Knowledge/LDAP-Server-Testing-using-LDAP-Admin-tool/ta-p/1710642 ? And also confirm that the attributes of your LDAP are similar to what is set on the Directory entry attributes? (with LDAP admin you can see the attributes of your environment by clicking on a user or group )

Some articles that can also help:

https://community.qlik.com/t5/Knowledge/Qlik-Sense-Example-of-a-LDAP-filter-to-sync-users-in-a-group...

https://community.qlik.com/t5/Knowledge/Qlik-Sense-on-Windows-Configuring-and-testing-LDAP-filters-f...

Best regards,

Please don't forget to mark a correct resolution or answer to your problem or question as correct, as it will help other members to find solutions more easily 😉

jchoucq · ‎2021-11-08

thanks for your answer @Alexis_Touet

with the same ldap filter in LDAP Admin, we get 148 objects (users + groups), and we get an error with qlik sense, due to the fact that Qlik Sense add something in the filter that try to give all groups, regardless the initial filter.

Look what we find in the logs : Initiating search on base DN dc=MyDmain,dc=ad with filter (objectClass=group)

Johann

Deployment & Management

Sync Active Directory users from multiple domains with Advanced LDAP

Client Managed