I'm writing an LDAP query to return every account with a UID on an eDirectory server. These accounts will then be cached into a hashmap for use later. The filter I'm using is (&(UID=*)) but I'm getting the following exception:
Caught: LDAPSearchException(resultCode=53 (unwilling to perform), numEntries=0, numReferences=0, errorMessage='unwilling to perform', responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)})
LDAPSearchException(resultCode=53 (unwilling to perform), numEntries=0, numReferences=0, errorMessage='unwilling to perform', responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)})
at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3059)
at com.unboundid.ldap.sdk.LDAPInterface$search.call(Unknown Source)
This query code works fine if I change the filter to be something more specific like (&(UID=a*)) but it seems to fail anytime it's a query that will return a lot of rows. I double check every query in Apache Directory Studio and they all work there with no problems.
Is there some kind of limit for eDirectory queries? If so, what can I do to get around this limit and cache attributes from every account into a hashmap? I have code working that runs multiple queries for all UIDs starting with a, b, c, etc for the entire alphabet but I'm afraid I may not be getting every account this way.
In the comment, you suggest that ROOT is the base DN. Are you sure that the base DN is correct?
If you enable tracing on the eDirectory server (DStrace with +LDAP flag) and try this query, what do you see? Likely you will get a more helpful error. As Jeemster in the comments notes, the query itself is fine, rather you are likely having a different error.