0 Replies Latest reply on Oct 16, 2020 6:45 PM by Thad Esser

    ARDBC LDAP - Is there a limit for multivalued attributes?

    Thad Esser
      Share This:

      I was curious if anyone knew of a limit to the number of values that can be returned for a multivalued attribute on an LDAP Vendor Form?  If so, is there a Remedy config for it or is it a hard limit?


      Reference doc:  https://docs.bmc.com/docs/ars2002/supporting-object-creation-909634727.html#Supportingobjectcreation-64413   (Server is ARS 20.02)


      We have an ARDBC LDAP Vendor form for Active Directory groups and one of the fields on it is "members", which uses the multivalued attribute notation, "member[*;]", to return all the members in the group into that one field.  This has been in place for years and works almost all of the time, except when it doesn't.  The cases where it doesn't work are for the AD groups that have a lot of members.  In those cases, it returns an empty member list.  The limit has seemed to be around 1000, although the one that hit us today was around 1500.


      In Centralized Config, the "ARDBC-LDAP-Page-Size" setting is set to 10000, which was an attempt a while back to get around the default 999.  Having it at 10,000 seemed to help, however, I've come to learn/accept that Microsoft says no more than 1000 (reference: https://docs.microsoft.com/en-us/windows/win32/adsi/retrieving-large-results-sets) and I really should set it back to the default 999.


      The "ARDBC-LDAP-Connect-Timeout" is set to 120.  Results come back faster than that and there's no timeouts in the log files.  No other errors in the logs, even at the TRACE level.


      Any ideas on what else to look at?