If you encounter errors with the Secure LDAP service, follow the instructions below.
My LDAP client is unable to connect to the Secure LDAP serviceTo troubleshoot connectivity from your LDAP client to the Secure LDAP service, see Secure LDAP connectivity testing.
The ADMIN_LIMIT_EXCEEDED error appears if your LDAP quota is exhausted.
When you use a broader scope unnecessarily, the LDAP service needs to perform unnecessary searches that count towards your quota. You can avoid this situation by ensuring you're not using LDAP queries with a search base that's too broad for what's needed.
For example, if your application asks for group base DN, the LDAP queries work fine if you enter dc=example,dc=com
. However, this forces the Secure LDAP service to search for all objects within your directory (including users and groups).
Instead, enter ou=Groups,dc=example,dc=com
to ensure the Secure LDAP service searches only groups. Similarly, enter ou=Sales,ou=Users,dc=example,dc=com
to search users in the Sales organizational unit, OR enter ou=Users,dc=example,dc=com
to search only users and not groups.
If you need help with these steps, please contact Google Support.
Excessive LDAP queries with Splunk
When connecting Splunk to the Secure LDAP service, be sure to use Splunk version 8.1.4 or later. When using older Splunk versions such as Splunk version 8.1.3, excessive LDAP queries might be sent to the LDAP server, which could result in your LDAP quota being exhausted quickly. For more information about Splunk version 8.1.3 issues, see Splunk known issues.