Open LDAP users are not getting synchronized

Open LDAP users are not getting synchronized

When using Open LDAP in server.log following message is encountered during the synchronization:

WARN 2019-10-09T16:55:36,068+0530 [*LdapSynchronizer.RestartRunnable*] server.ldap.LdapSearcher: Error performing an LDAP search, no more results will be retrieved
javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3206) ~[?:1.8.0_144]
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100) ~[?:1.8.0_144]
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891) ~[?:1.8.0_144]
	at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.getNextBatch(AbstractLdapNamingEnumeration.java:148) ~[?:1.8.0_144]
	at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMoreImpl(AbstractLdapNamingEnumeration.java:217) ~[?:1.8.0_144]
	at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.hasMore(AbstractLdapNamingEnumeration.java:189) ~[?:1.8.0_144]
	at com.spotfire.server.ldap.LdapSearcher.lookupUsingPagedResultsControl(LdapSearcher.java:93) ~[server.jar:?]
	at com.spotfire.server.userdir.ldap.LdapProvider.lookupPrincipals(LdapProvider.java:1106) ~[server.jar:?]
	at com.spotfire.server.userdir.ldap.LdapProvider.lookupPrincipals(LdapProvider.java:1052) ~[server.jar:?]
	at com.spotfire.server.userdir.ldap.LdapProvider.loadUsers(LdapProvider.java:347) ~[server.jar:?]
	at com.spotfire.server.userdir.ldap.LdapProvider.loadDirectory(LdapProvider.java:311) ~[server.jar:?]
	at com.spotfire.server.userdir.ldap.LdapSynchronizer.synchronize(LdapSynchronizer.java:226) ~[server.jar:?]
	at com.spotfire.server.userdir.ldap.LdapSynchronizer.lambda$new$0(LdapSynchronizer.java:126) ~[server.jar:?]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_144]

The users that should be found within the context name specified in the LDAP configuration will not be able to log in.
  Adjust the page size limits in Spotfire. The suggested solution depends on which of the two Open LDAP limits are reached.

Scenario 1 
Your TIBCO Spotfire Server (TSS) settings are set to use a "user search filter" and get users from contexts so the total numbers of entries returned from Open LDAP is 1600 for example. You are using the default "page size" in your LDAP setting in TSS which is 1000. 

This will fail with the "[LDAP: error code 4 - Sizelimit Exceeded]" error as the size.pr in Open LDAP is set to 500 while the equivalent setting in TSS is set to 1000

Solution 
Set the page size in TSS to 500 or less. To set the page size open UI Configuration Tool, navigate to Configuration tab, select User Directory: LDAP from the left pane, on the right side in LDAP settings scroll down and expand Advanced settings. Modify field Page size, save the configuration and restart TSS. 


Scenario 2 
Your TSS settings are set to use a "user search filter" and get users from contexts so the total numbers of entries returned from Open LDAP is 2500 for example. You are using the default "page size" in your LDAP setting in TSS which is 1000.

This will initially fail with the "[LDAP: error code 4 - Sizelimit Exceeded]" error as the size.pr in Open LDAP is set to 500 while the equivalent setting in TSS is set to 1000. If/when you change the "Page size" in TSS to 500, you will still get the same Size limit error, since the search is returning more than 2000 entries.

Solution 
Edit the size.prtotal in your Open LDAP settings to a higher number.