LDAP integration via MID server does not fetch all user records - Support and Troubleshooting

LDAP integration via MID server does not fetch all user records Issue This article details the process by which an LDAP client obtains user and group data from an LDAP source, and provides solutions for the issue of incomplete records during LDAP synchronization.

The integration of LDAP creates periodic tasks for syncing user and group information with their respective data sources. However, in some cases, not all records for users and groups are retrieved during the sync process. As a result, the instance may have missing user records, which can lead to login failures.

Cause When LDAP client queries LDAP source, the results are retrieved in batches of few records. Here are the few properties that define this behavior :

ldapprobe_result_set_rows - represents the number of records per batch to respond with over ecc_queue table. Default value is 200. glide.ldap.max_results - represents maximum number of TOTAL RECORDS for a page or query. Default value is 1000. The number of batches on the ecc_queue = "glide.ldap.max_results" / "ldapprobe_result_set_rows" If the LDAP source has more number of records, than the default value of 'glide.ldap.max_results', sometimes the LDAP client will not retrieve all user records.

Resolution To address this issue, it is recommended to adjust the value of the 'glide.ldap.max_results' property to 0, which ensures that all records are retrieved regardless of the number of records present in the LDAP source. It is important to note that this property must be configured at the MID server level within the instance, as the integration takes place through the MID server.