Error on Synchronising Groups

Tomcatter

I am receiving the following error when attempting to synchronize groups:

ldap.synchronizeGroups
{}
{
  "code": 4,
  "message": " Code: 0x4",
  "name": "Error",
  "stack": "Error:  Code: 0x4
    at Function.parse (/usr/local/lib/node_modules/xo-server-auth-ldap/node_modules/ldapts/StatusCodeParser.ts:61:16)
    at Client._sendSearch (/usr/local/lib/node_modules/xo-server-auth-ldap/node_modules/ldapts/Client.ts:648:30)
    at Client.search (/usr/local/lib/node_modules/xo-server-auth-ldap/node_modules/ldapts/Client.ts:610:5)
    at AuthLdap._synchronizeGroups (/usr/local/lib/node_modules/xo-server-auth-ldap/src/index.js:340:45)
    at Api.#callApiMethod (file:///usr/local/lib/node_modules/xo-server/src/xo-mixins/api.mjs:366:20)"
}

Configuration of the Synchronize groups is:

Filter = (ObjectClass=group)
ID Attribute = dn
Displayname Attribute = cn
group attribute = member
User Attribute = dn

I have tried to mirror the settings as per:
https://xcp-ng.org/forum/topic/3760/ldap-plugin-syncing-groups-from-windows-ad-server-2016-help/3?_=1709316308851

and I am still receiving the same error as above.

pdonias

Hi @Tomcatter, it looks like the search result for LDAP groups is reaching the size limit configured in your Active Directory. Make sure that the group filter is correct and wouldn't return more objects than you'd want to.

If you're still getting the error and you're confident about the amount of groups that you're going to import to XO, you can increase the MaxPageSize value of your AD's LDAP policy: https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/view-set-ldap-policy-using-ntdsutil

olivierlambert

@julien-f feel free to point to the right person here to assist

julien-f

@pdonias Can you take a look at this please?

pdonias

Hi @Tomcatter, it looks like the search result for LDAP groups is reaching the size limit configured in your Active Directory. Make sure that the group filter is correct and wouldn't return more objects than you'd want to.

If you're still getting the error and you're confident about the amount of groups that you're going to import to XO, you can increase the MaxPageSize value of your AD's LDAP policy: https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/view-set-ldap-policy-using-ntdsutil

Tomcatter

@pdonias Thank you for the response.

I confirmed a smaller amount of groups resolved the issue, we simply created an OU which we then searched on for specific groups related to XCP / XOA

pdonias

@Tomcatter Great!