User sync will fail while importing users from LDAP groups with more than 1500 members

Problem

When a user tries to login, it throws an error saying "Login failed: User '<Usernam>' could not be authenticated."  This happens even though the group is there in Datameer and the user account is also part of that group.

Cause

One possible reason of this issue is if a group contains more than 1500 members, LDAP search will fail to retrieve group information for any of those users. This results in Datameer not able to sync that user intoits cache.

This is seems to come from the LDAP Policy value: MaxValRange

"MaxValueRange controls the number of values that are returned on a single attribute on a single object. Default"1500 Hard Limit: 5000"

Solution

 

Increate MaxValRange to a value larger than number of users within the specified group.More about the parameter can be found at LDAP Wiki page on MaxValRange