During an aggregation using the Active Directory connector, the following error is returned:
LDAP: error code 12 - 00000057: LdapErr: DSID-0C090831, comment: Error processing control, data 0, v2580
The event log on the Windows host will show the Internal Event:
"The LDAP server has exceeded the limit of the LDAP Maximum Result Set Size."
This error is a result of the Active Directory Domain Controller server's configuration. The MaxResultSetSize is too low. The administrator of the server must increase the maximum result set size. The standard guidance, if the server has enough memory, is to increase the limit to 250 MB or great, from the default of 262 KB, provided the server has sufficient memory to handle these requests.
Refer to the Microsoft documentation for additional context and guidance.
Where is this error seen on the IDN side? I am troubleshooting an issue where at least 1 AD account doesn't appear to be aggerating into IDN. The account doesn't show in either the account list or the uncorrelated report for that AD source. As a result when IDN is trying to create the AD that fails since the sAMMAccount name already exists.
Hi @swcoleman, please work with SailPoint support team. There might be a different error or issue.