This article explains a potential cause of the system log for the LDAP interface administrative limit exceeded event. The error message received:

FAILURE: LDAP operation failed because an administrative limit has been exceeded. Please contact support for assistance.

• LDAP interface
• Rate limits

The Rate limit may be exceeded for the API calls as per the End-user rate limits. The account attempts more than 4 BIND requests per second and exceeds the rate limit. 

• Use a different Okta Read Only Administrator account for each unique app, or multiple accounts per App, to connect to the LDAP Interface. This will reduce the chances of exceeding the per-user authentication limit (4/second). 
  • ​​​​​​​See How to Create Custom Admin Roles for more details on how to create Administrator roles in Okta. 
• If possible, throttle or batch the LDAP requests originating from 3rd party applications.
• Follow Rate limit best practices to keep the rate limit within the target. 
• If the above steps do not resolve the issue, contact Okta Support for further assistance.

Related References

• Additional rate limits
• Rate limits overview
• Per-user limits