Issue: Active Directory windows authentication is not working. When checking the logs, you may see a message similar to the following:

 

[ERROR] [http-8080-3] [com.ephesoft.dcma.user.connectivity.impl.MSActiveDirectoryConnectivity] – No result found[LDAP: error code 4 – Sizelimit Exceeded]

javax.naming.SizeLimitExceededException: [LDAP: error code 4 – Sizelimit Exceeded]; remaining name ‘dc=ephesoft,dc=com’

                

 

Solution:

Limit the groups to a subset of group names by configuring user-connectivity.properties
user.msactivedirectory_group_search_filter={can be blank by default}

If the above doesn’t filter the AD path to an acceptable level, you can further filter AD groups by specifying individual context paths by configuring user-connectivity.properties
user.msactivedirectory_context_path={can be blank by default}
where you would specify the path of each group you want the system to find separated by ;;

For example:

Using user.msactivedirectory_context_path=

Say following users that need access to ephesoft belong to two active directory groups named EphesoftAdmins and EphesoftUsers

Set:

user.msactivedirectory_group_search_filter=(cn=Ephesoft*)

****

Using user.msactivedirectory_context_path=

Say the full distinguished name for the following groups you want to have access are:
ephesoftgroup1 is cn=ephesoftgroup1,ou=itdept,ou=usa,dc=ephesoft,dc=com 
operatorgroup2 is cn=operatorgroup2,ou=operations,ou=usa,dc=ephesoft,dc=com 

Set:
user.msactivedirectory_context_path=ou=itdept,ou=usa;;ou=operations,ou=usa

Was this article helpful to you?

Walter Lee