AD aggregation error - [LDAP: error code 12 - 00000057: LdapErr: DSID-0C090831

5 Kudos

Symptoms

During an aggregation using the Active Directory connector, the following error is returned:

LDAP: error code 12 - 00000057: LdapErr: DSID-0C090831, comment: Error processing control, data 0, v2580

The event log on the Windows host will show the Internal Event:

"The LDAP server has exceeded the limit of the LDAP Maximum Result Set Size."

Solution

This error is a result of the Active Directory Domain Controller server's configuration. The MaxResultSetSize is too low. The administrator of the server must increase the maximum result set size. The standard guidance, if the server has enough memory, is to increase the limit to 250 MB or great, from the default of 262 KB, provided the server has sufficient memory to handle these requests.

Refer to the Microsoft documentation for additional context and guidance.

swcoleman · ‎Jan 26, 2024

Where is this error seen on the IDN side? I am troubleshooting an issue where at least 1 AD account doesn't appear to be aggerating into IDN. The account doesn't show in either the account list or the uncorrelated report for that AD source. As a result when IDN is trying to create the AD that fails since the sAMMAccount name already exists.

dinesh_mishra · ‎Jan 28, 2024

Hi @swcoleman, please work with SailPoint support team. There might be a different error or issue.

AD aggregation error - [LDAP: error code 12 - 00000057: LdapErr: DSID-0C090831