Parameter:
LDAPMaxEntriesReturnedShort description: Upper bound for the number of entries the LDAP task returns per search request (DoS protection and performance).
Profile
Parameter | LDAPMaxEntriesReturned |
Category | General |
Component | Server |
Available since | 9.0.1 |
Supported versions | 9.0.1, 10.0, 11.0, 12.0, 14.0, 14.5, 14.5.1 |
GUI equivalent | Configuration document (LDAP tab) |
Possible values | Integer (0 = unlimited; typical values 500–5000) |
Description
LDAPMaxEntriesReturned restricts how many hits the Domino LDAP task returns per request at most. Protects against accidental (objectClass=*) sweeps and against DoS attempts.For address book lookups in mail clients, 500–1000 is usually sufficient; identity providers (e.g. SailPoint, OneIdentity) often need 5000–10000.
Example configuration
LDAPMaxEntriesReturned=2000
Notes & pitfalls
- A Configuration document entry overrides the
notes.inisetting.
- Use the value
0(unlimited) only in highly secured environments.
- Pairs with
LDAPMaxAttributesPerEntry,LDAPSearchTimeoutLimit.
- When the limit is exceeded, clients receive code 4 (
sizeLimitExceeded) – the returned hits remain usable.
- The change takes effect after a restart of the LDAP task (
restart task ldap).