Problem with synch. LDAP read/write

We have 3 environment in our company, development, pre-production and production. The development is running LL 9.7.1 (win2K0) and 2 other, 9.5.1.(Win2K0)All 3 environment running directory service for synch.We use ldap read/write and the ldap server is running Win2K3. All 3 environment sync on the same serverSince june 4 where we changed the ldap server, when we make a sync, we don't have problem during the pass 1, we sync approximately 1700 groups for dev and approximately 2500 for pre-prod and production. After that, we sync the users without problem (approximately 12000). Next, the pass2 for group is starting and the sync stop after 1000 group. We have the problem for all 3 environment. The sync stop witouht any error. The log is ending with "Synchronization completed". Can someone help me with this weird problem, why the sync stop after 1000 group during the pass 2.Thanks !

Find more posts tagged with

Comments

Louis_Routhier

We did a network trace and found an LDAP error but it seems according to google that this error is quite rare... Anyone ever seen it in the past?000020EF: SvcErr: DSID-020513C7, problem 5012 (DIR_ERROR), data 8333

Dwayne_Cornelius

I'm assuming you are using Active Directory, since that's the only place this would be seen. The problem lies with the number of user in the member attribute for a particular group. By default, AD will only return a certain number of items at one time. The number of items is determined by maxValRange. In Windows 2000 the default is 1000 at a time. In Windows 2003/ADAM, it's 1500 but that 1500 is configurable. It can be changed, but it's not advisable for performance reasons.The better news is that there are patches available to fix this problem. However, I don't recall the numbers.