JeremyL.99370 (Customer) asked a question.
Hello, I'm trying to setup the LDAP agent and on both Windows and Linux I get the following error when I try to configure the agent:
cause=LDAPException(resultCode=4 (size limit exceeded), numEntries=1, numReferences=0, errorMessage='size limit exceeded', ldapSDKVersion=5.0.0, revision=cd5405842a48f17a07f646f536e2c0ce93b0ba05')
I think one issue might be the search filter, can I override that?
A bit of the redacted process is below:
Enter the base URL for your Okta organization (e.g. https://acme.okta.com): <custom domain>
Enter your LDAP server hostname: ldap.rippling.com
Enter your LDAP admin DN: <admin cn>
Enter your LDAP admin password (it will not be displayed):
Enter your base DN: ou=users,<our rippling org>,dc=rippling,dc=com
Use SSL (y/n)? [n]: y
Enter SSL port: 636
Enter your LDAP server port: 389
[ 2020-07-28 22:32:53.048 ] [ main ] [ INFO ] [LdapAgentRuntime:37] - Starting Okta LDAP Agent
Jul 28, 2020 10:32:53 PM org.springframework.context.support.ClassPathXmlApplicationContext prepareRefresh
INFO: Refreshing org.springframework.context.support.ClassPathXmlApplicationContext@52a86356: startup date [Tue Jul 28 22:32:53 GMT 2020]; root of context hierarchy
Jul 28, 2020 10:32:53 PM org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitions
INFO: Loading XML bean definitions from class path resource [spring/OktaLDAPAgent.xml]
[ 2020-07-28 22:32:54.244 ] [ main ] [ INFO ] [LdapAgentConfigLoader:215] - LDAP validation started.
[ 2020-07-28 22:32:54.245 ] [ main ] [ INFO ] [LdapAgent:106] - Trying to connect to the LDAP server connectionUri=ldap.rippling.com:636
[ 2020-07-28 22:32:54.256 ] [ main ] [ INFO ] [UnboundIDLdapClient:118] - Making SSL connection
[ 2020-07-28 22:32:54.446 ] [ main ] [ INFO ] [UnboundIDLdapClient:132] - Attempting to connect to ldap.rippling.com:636 ...
[ 2020-07-28 22:32:55.125 ] [ main ] [ INFO ] [UnboundIDLdapClient:138] - Successfully connected to ldap.rippling.com:636!
[ 2020-07-28 22:32:55.320 ] [ main ] [ INFO ] [UnboundIDLdapClient:142] - Connected bind successful
[ 2020-07-28 22:32:55.974 ] [ main ] [ INFO ] [LdapAgent:108] - Successfully connected to LDAP server connectionUri=ldap.rippling.com:636
[ 2020-07-28 22:32:56.126 ] [ main ] [ INFO ] [UnboundIDLdapClient:176] - Received LDAP BindResult = BindResult(resultCode=0 (success), messageID=1, hasServerSASLCredentials=false)
[ 2020-07-28 22:32:56.260 ] [ main ] [ INFO ] [WrappedConnectionPool:71] - Search DN=cn=ldapadmin,ou=users,dc=<our org>,dc=rippling,dc=com
[ 2020-07-28 22:32:56.261 ] [ main ] [ INFO ] [WrappedConnectionPool:72] - Search Filter=(&(objectClass=person))
[ 2020-07-28 22:32:56.262 ] [ main ] [ INFO ] [LdapUtil:72] - [LDAP => ldap.rippling.com:636] Operation=SearchRequest BaseDN=<admin DN> Filter=(&(objectClass=person)) Scope=SUB Attributes={uid,pwdReset}
[ 2020-07-28 22:32:56.404 ] [ main ] [ INFO ] [WrappedConnectionPool:93] - Paged search: SearchResultEntry=SearchResult(resultCode=0 (success), messageID=3, entriesReturned=0, referencesReturned=0, responseControls={SimplePagedResultsControl(pageSize=0, isCritical=true)})
[ 2020-07-28 22:32:56.406 ] [ main ] [ INFO ] [LdapAgent:116] - Validating base dn=ou=users,dc=<Rippling org>,dc=rippling,dc=com
[ 2020-07-28 22:32:56.957 ] [ main ] [ ERROR ] [LdapAgentRuntime:81] - Agent encountered an error: message=Failed to query for dn ou=users,dc=<rippling org>,dc=rippling,dc=com, cause=LDAPException(resultCode=4 (size limit exceeded), numEntries=1, numReferences=0, errorMessage='size limit exceeded', ldapSDKVersion=5.0.0, revision=cd5405842a48f17a07f646f536e2c0ce93b0ba05')
com.okta.ldap_agent.exceptions.LdapSearchException: Failed to query for dn ou=users,dc=<rippling org>,dc=rippling,dc=com
at com.okta.ldap_agent.client.unboundid.UnboundIDLdapClient.validateDn(UnboundIDLdapClient.java:863)
at com.okta.ldap_agent.connectors.ldap.LdapConnectorExecutorImpl.validateDn(LdapConnectorExecutorImpl.java:107)
at com.okta.ldap_agent.LdapAgent.validateBaseDn(LdapAgent.java:117)
at com.okta.ldap_agent.config.LdapAgentConfigLoader.performValidateLdapSetting(LdapAgentConfigLoader.java:218)
at com.okta.ldap_agent.config.LdapAgentConfigLoader.setupOrStartAgent(LdapAgentConfigLoader.java:206)
at com.okta.ldap_agent.LdapAgentRuntime.main(LdapAgentRuntime.java:55)
Caused by: com.unboundid.ldap.sdk.LDAPSearchException: size limit exceeded
at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3818)
at com.unboundid.ldap.sdk.LDAPConnection.getEntry(LDAPConnection.java:1849)
at com.okta.ldap_agent.client.unboundid.WrappedLdapConnectionImpl.getEntry(WrappedLdapConnectionImpl.java:103)
at com.okta.ldap_agent.client.unboundid.UnboundIDLdapClient.validateDn(UnboundIDLdapClient.java:861)
... 5 common frames omitted
Failed verifying LDAP settings, please try again
Hello, Catalin here from Okta support,
As the issue is addressing your LDAP integration, we will gladly help you find the issue, but in order for us to troubleshoot and investigate internally, you will have to open a case in which every bit of information that you can find about it must be shown.
This being said, I recommend opening a case using the "Get support" from the lower right part of this page so we can further delve into the issue.
Thank you!