Skip to main content
Announcements
July 15, NEW Customer Portal: Initial launch will improve how you submit Support Cases. IMPORTANT DETAILS
cancel
Showing results for 
Search instead for 
Did you mean: 
jchoucq
Partner - Creator III
Partner - Creator III

Sync Active Directory users from multiple domains with Advanced LDAP

Hi everybody,
 
does anybody try to sync active directory users from an AD Global Catalog to gets users from multiple domains ?
There is a great article https://community.qlik.com/t5/Knowledge/Sync-Active-Directory-users-from-multiple-domains-with-Advan..., but for the moment, in my customer's environment, we can't make it work.
 
Even with a ldap filter, that must give us many few users we can see in the log file, the error below. It is mentionned the the size limit was exceeded, but what kind of size is it ?
 
Exception when fetching data from 'MyDomain' of type Repository.UserDirectoryConnectors.LDAP.AdvancedLDAP The size limit was exceeded↵↓Couldn't retrieve users from directory: 'MyDomain' of type Repository.UserDirectoryConnectors.LDAP.AdvancedLDAP
 
However, when using ldapadmin tool with the same filter and account, it seems working, i mean the size limit error seems not be thrown by windows ad.
 
Doest anyody succeed in create on specific advanced ldap connector to get users from multiple domains ?
Have a good day.
 
Joh
Labels (1)
4 Replies
Alexis_Touet
Former Employee
Former Employee

Hi @jchoucq 

Looking at the error, it looks like it refers to the page size of search. 

I can see this setting on the advanced properties, could you please try a value (for example 2000) and try to increase it by doubling it. 

Best regards,

Please don't forget to mark a correct resolution or answer to your problem or question as correct, as it will help other members to find solutions more easily 😉
jchoucq
Partner - Creator III
Partner - Creator III
Author

Hi @Alexis_Touet thank you for your answer, in fact the advanced ldap connector has a strange behavior, even if you add an ldap filter, it recovers all the groups of the user, for the whole directory regardless the initial filter. In my case, it represents a huge number of objects what causes the error !

changing the page size parameter does not have an impact, I don’t know why it has been put as a solution.

best regards

johann

Alexis_Touet
Former Employee
Former Employee

Hi @jchoucq 

Have you checked if the same LDAP filter works on an external tool such as LDAPAdmin https://community.qlik.com/t5/Knowledge/LDAP-Server-Testing-using-LDAP-Admin-tool/ta-p/1710642  ? And also confirm that the attributes of your LDAP are similar to what is set on the Directory entry attributes? (with LDAP admin you can see the attributes of your environment by clicking on a user or group )

Alexis_Touet_1-1636050535140.png

Some articles that can also help:

https://community.qlik.com/t5/Knowledge/Qlik-Sense-Example-of-a-LDAP-filter-to-sync-users-in-a-group...

https://community.qlik.com/t5/Knowledge/Qlik-Sense-on-Windows-Configuring-and-testing-LDAP-filters-f...

Best regards, 


Please don't forget to mark a correct resolution or answer to your problem or question as correct, as it will help other members to find solutions more easily 😉
jchoucq
Partner - Creator III
Partner - Creator III
Author

thanks for your answer @Alexis_Touet 

with the same ldap filter in LDAP Admin, we get 148 objects (users + groups), and we get an error with qlik sense, due to the fact that Qlik Sense add something in the filter that try to give all groups, regardless the initial filter.

Look what we find in the logs : Initiating search on base DN dc=MyDmain,dc=ad with filter (objectClass=group)

Johann