LDAP import errors - search Sizelimit exceeded and Couldn't find row

Hello!
I’m facing the LDAP import problem - import is failing with error “LDAP search failed Sizelimit exceeded” and “Couldn’t find row”. I’m attaching my log file and LDAP import settings bellow.

Settings:

Set($LDAPHost,‘ldap.mycorp.com’);
Set($LDAPBase, ‘ou=pages,o=corp.com’);
Set($LDAPFilter, ‘(&(objectClass=corpPerson))’);
Set($LDAPMapping, { Name => ‘mail’, # required
EmailAddress => ‘mail’,
RealName => ‘cn’});
Set($LDAPGroupBase, ‘ou=memberlist,ou=corpgroups,o=corp.com’);
Set($LDAPGroupFilter, ‘(&(cn = Groups))’);
Set($LDAPGroupFilter, ‘(|(CN=Lab Team)(CN=Requesters))’);
Set($LDAPGroupMapping, { Name => ‘cn’,
Member_Attr => ‘uniqueMember’,
Member_Attr_Value => ‘dn’ });

And Log:

[11672] [Fri Jul 26 00:47:42 2019] [debug]: Using internal Perl HTML -> text conversion (/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:1479)

[11672] [Fri Jul 26 00:47:42 2019] [debug]: The RTAddressRegexp option is not set in the config. Not setting this option results in additional SQL queries to check whether each address belongs to RT or not. It is especially important to set this option if RT receives emails on addresses that are not in the database or config. (/opt/rt4/sbin/…/lib/RT/Config.pm:600)

[11672] [Fri Jul 26 00:47:43 2019] [debug]: RT::Ticket=HASH(0x92d7120) tried to load a bogus ticket: 2 (/opt/rt4/sbin/…/lib/RT/Ticket.pm:149)

[11672] [Fri Jul 26 00:47:43 2019] [debug]: RT::Ticket=HASH(0x92d6e38) tried to load a bogus ticket: 1 (/opt/rt4/sbin/…/lib/RT/Ticket.pm:149)

[11700] [Fri Jul 26 00:48:09 2019] [debug]: Using internal Perl HTML -> text conversion (/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:1479)

[11700] [Fri Jul 26 00:48:09 2019] [debug]: The RTAddressRegexp option is not set in the config. Not setting this option results in additional SQL queries to check whether each address belongs to RT or not. It is especially important to set this option if RT receives emails on addresses that are not in the database or config. (/opt/rt4/sbin/…/lib/RT/Config.pm:600)

[11700] [Fri Jul 26 00:48:09 2019] [debug]: connecting to ldap.mycorp.com (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:400)

[11700] [Fri Jul 26 00:48:09 2019] [debug]: binding anonymously (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:411)

[11700] [Fri Jul 26 00:48:09 2019] [debug]: searching with: base => ‘ou=pages,o=corp.com’ filter => ‘(&(objectClass=corpPerson))’ scope => ‘sub’ (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:477)

[11700] [Fri Jul 26 00:53:02 2019] [error]: LDAP search failed Sizelimit exceeded (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:482)

[11700] [Fri Jul 26 00:53:05 2019] [debug]: search found 0 objects (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:511)

[11700] [Fri Jul 26 00:53:05 2019] [debug]: No users found, no import (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:566)

[11700] [Fri Jul 26 00:53:05 2019] [debug]: connecting to ldap.mycorp.com (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:400)

[11700] [Fri Jul 26 00:53:05 2019] [debug]: binding anonymously (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:411)

[11700] [Fri Jul 26 00:53:05 2019] [debug]: searching with: base => ‘ou=memberlist,ou=corpgroups,o=corp.com’ filter => ‘(|(CN=Lab Team)(CN=Requesters))’ scope => ‘sub’ (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:477)

[11700] [Fri Jul 26 00:53:05 2019] [debug]: search found 2 objects (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:511)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: Processing group Requesters (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1187)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: Group Requesters already exists as 30, updating their data (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1232)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: no change (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1234)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: Processing group membership for Requesters (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1389)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: searching with: base => ‘uid=60897,c=us,ou=pages,o=corp.com’ filter => ‘(&(objectClass=corpPerson))’ scope => ‘base’ (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:477)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: search found 1 objects (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:511)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: p22@us.corp.com in LDAP, adding to RT (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1471)

[11700] [Fri Jul 26 00:53:07 2019] [warning]: Unable to load p22@us.corp.com: Couldn’t find row (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1477)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: Imported 1/2 groups (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1149)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: Processing group Lab Team (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1187)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: Group Lab Team already exists as 29, updating their data (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1232)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: no change (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1234)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: Processing group membership for Lab Team (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1389)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: searching with: base => ‘uid=5D897,c=us,ou=pages,o=corp.com’ filter => ‘(&(objectClass=corpPerson))’ scope => ‘base’ (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:477)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: search found 1 objects (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:511)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: las@us.corp.com in LDAP, adding to RT (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1471)

[11700] [Fri Jul 26 00:53:07 2019] [warning]: Unable to load las@us.corp.com: Couldn’t find row (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1477)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: searching with: base => ‘uid=5D897,c=us,ou=pages,o=corp.com’ filter => ‘(&(objectClass=corpPerson))’ scope => ‘base’ (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:477)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: search found 1 objects (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:511)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: rss@us.corp.com in LDAP, adding to RT (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1471)

[11700] [Fri Jul 26 00:53:07 2019] [warning]: Unable to load rss@us.corp.com: Couldn’t find row (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1477)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: searching with: base => ‘uid=5G8897,c=us,ou=pages,o=corp.com’ filter => ‘(&(objectClass=corpPerson))’ scope => ‘base’ (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:477)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: search found 1 objects (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:511)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: a123@us.corp.com in LDAP, adding to RT (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1471)

[11700] [Fri Jul 26 00:53:07 2019] [warning]: Unable to load a123@us.corp.com: Couldn’t find row (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1477)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: searching with: base => ‘uid=7D2897,c=us,ou=pages,o=corp.com’ filter => ‘(&(objectClass=corpPerson))’ scope => ‘base’ (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:477)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: search found 1 objects (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:511)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: k123@us.corp.com in LDAP, adding to RT (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1471)

[11700] [Fri Jul 26 00:53:07 2019] [warning]: Unable to load k123@us.corp.com: Couldn’t find row (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1477)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: searching with: base => ‘uid=2J97,c=us,ou=pages,o=corp.com’ filter => ‘(&(objectClass=corpPerson))’ scope => ‘base’ (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:477)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: search found 1 objects (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:511)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: q123@corp.com in LDAP, adding to RT (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1471)

[11700] [Fri Jul 26 00:53:07 2019] [warning]: Unable to load q123@corp.com: Couldn’t find row (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1477)

[11700] [Fri Jul 26 00:53:07 2019] [debug]: Imported 2/2 groups (/opt/rt4/sbin/…/lib/RT/LDAPImport.pm:1149)

Please help!

Thanks,
Larry

Hi Larry

You could try this: Set($LDAPSizeLimit, 1000);
from here: https://docs.bestpractical.com/rt/4.4.0/RT/LDAPImport.html

regards
garry

Hi Garry,
As soon I use it (even with 100000) I’m getting:

LDAP search failed Insufficient access

But I think it works - I was able to import users anyway without setting the size limit.
As far as the second error - I’ve forgotten to add “Set($LDAPImportGroupMembers, 1);” to import missing users before adding them to the user group.

There may be limits on the size of the search results on the LDAP server end of things as well.
Our general limit is 50 results. We have to make special accounts with “unlimited” results for things like LDAPImport from RT.

How to prevent users who is not in the LDAP groups from login into the RT? I’ve removed my self from the LDAP group and deleted my user from RT, but still can login and open a ticket