MaxResultsExceededException occurs during LDAP repository search

Express (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository > Virtual member manager > Troubleshoot and Support > Support issues and limitations > LDAP repository issues

MaxResultsExceededException occurs during LDAP repository search

Follow the steps listed here to troubleshoot when a MaxResultsExceededException occurs.

Problem

The following or similar MaxResultsExceededException occurs when retrieving search results from the LDAP server:
com.ibm.websphere.wim.exception.MaxResultsExceededException:
CWWIM1018E search results exceeds the 4500 maximum search limit.
This exception is thrown when the number of entries in the search results retrieved from the LDAP server exceeds the value of the maxSearchResults parameter specified in wimconfig.xml file.

Solution

When the application calls the virtual member manager search() method, use the countLimit parameter to pass a value to truncate search results when that value is reached. In the following sample data graph, the countLimit is set to 4, which means that the results are truncated when 4 entries are retrieved from the LDAP server.
<sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim">
<wim:Root>
<wim:controls xsi:type="wim:SearchControl" countLimit="4" expression="//entities[@xsi:type='PersonAccount' and uid='*']">
<wim:properties>uid
</wim:properties>
<wim:properties>cn
</wim:properties>
<wim:properties>sn
</wim:properties>
<wim:properties>mail
</wim:properties>
</wim:controls>
</wim:Root>
</sdo:datagraph> 
If the countLimit parameter is not set when the application calls the search() method, then all entries are retrieved from the LDAP server. If the number of entries retrieved from the LDAP server exceeds the maxSearchResults value, the MaxResultsExceededException occurs.
To ensure that this exception is not thrown, set the value of countLimit to be less than the value of maxSearchResults.
The maxSearchResults and searchTimeOut properties set limits on searches made by the search() method. The searchCountLimit and searchTimeLimit properties set limits on group, ancestor, or descendant searches in an LDAP repository.
The following are sample values for these properties:

maxSearchResults=”110000”
searchTimeOut=”600000”
searchCountLimit=”500”
searchTimeLimit”120000”

We cannot set the value of maxSearchResults using the administrative console or command line interface. We can set it manually by editing the wimconfig.xml file. The default value is 4500.

Related topics

SearchControl DataObject
Lightweight Directory Access Protocol performance settings
IdMgrRepositoryConfig command group

Parent topic: LDAP repository issues

+
Search Tips | Advanced Search