We're Hiring!

Mattermost, Inc.

LDAP Sync fail on max size error

Console-based LDAP connection passes, and file is formatted correctly, but sync jobs failing.

Error:

Failed to search users in AD/LDAP. Test if the Mattermost server can connect to your AD/LDAP server and try again. — LdapSession.search: Size Limit Exceeded. Try checking your max page size., LDAP Result Code 4 “Size Limit Exceeded”:

the MaxPageSize is set to zero (unlimited).

(this is using SADEMO LDAP built in AWS.)

@stu.doherty

FWIW, the local/Docker install gets the same error.

in the server logs, i see:

*{“level”:“info”,“ts”:1618117177.2334528,“caller”:“mlog/log.go:218”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:"github.com/mattermost/mattermost-server/v5/enterprise/ldap.(LdapSyncWorker).phase1GetLdapUsers-fm"}

{“level”:“info”,“ts”:1618117177.235082,“caller”:“mlog/log.go:218”,“msg”:“Found users with LDAP configured”,“workername”:“EnterpriseLdapSync”,“num_ldap_users”:0}

*{“level”:“info”,“ts”:1618117177.3386252,“caller”:“mlog/log.go:218”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:"github.com/mattermost/mattermost-server/v5/enterprise/ldap.(LdapSyncWorker).phase2GetSamlUsers-fm"}

*{“level”:“info”,“ts”:1618117177.4404762,“caller”:“mlog/log.go:218”,“msg”:“LDAP Sync Phase”,“workername”:“EnterpriseLdapSync”,“current_phase”:"github.com/mattermost/mattermost-server/v5/enterprise/ldap.(LdapSyncWorker).phase3GetLdapUsersFromLdap-fm"}

{“level”:“error”,“ts”:1618117177.5189226,“caller”:“mlog/log.go:232”,“msg”:“Failed job”,“workername”:“EnterpriseLdapSync”,“error”:"LdapSession.getAllLdapUsers: Failed to search users in AD/LDAP. Test if the Mattermost server can connect to your AD/LDAP server and try again., LdapSession.search: Size Limit Exceeded. Try checking your max page size., LDAP Result Code 4 “Size Limit Exceeded”: ",“job_id”:“dtxp8qguxjdudfat4pyqcgkrnr”}

Is the “num_ldap_users":0” meaningful in any way other than “we didn’t find anything”?

Hey Ross - What does your LdapSettings section look like in config.json? Can you share (with passwords and hostname redacted)?

Oh!

Your question tells me I left out something major in the LDAP work – thought I was to be connecting to a pre-configured LDAP with no user/pwd, the one given in the file. (see attached)

In particular, with the given file
“BindUsername”: “”,

“BindPassword”: “”,

showing null, i “assumed” it was somehow open for testing/mocking.

My error – I have never configured LDAP before. Should I do that for the setup, here?

Cheers,
Ross

Screen Shot 2021-04-11 at 5.51.42 PM.png