Alfresco 4, AD 2008 R2, user import fails

Question asked by rocketrog on Apr 4, 2012
Latest reply on Apr 18, 2012 by ashex
I have read a lot about this and found many similar posts but no answers. I have alfresco community v4. I am trying to synchronize users and groups with our 2008 R2 Active Directory domain. The import fails with LDAP error code 12. From what I have read, alfresco works well with AD 2003. The paged results problem only shows up with AD 2008 R2. Does anyone have a fix?

Here is LDAP error 12
2012-04-03 13:55:06,330  WARN  [security.sync.ChainingUserRegistrySynchronizer] [Thread-1] Failed initial synchronize with user registries
org.alfresco.error.AlfrescoRuntimeException: 03030000 User and group import failed
   at org.apache.catalina.startup.Bootstrap.main(
Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 12 - 00002040: SvcErr: DSID-031401E7, problem 5010 (UNAVAIL_EXTENSION), data 0
]; remaining name 'OU=NIDs,OU=WSU Accounts,DC=ad,DC=wsu,DC=edu'

I tried setting queryBatchSize=0. That was interesting; it changed the LDAP error code to 4. I also changed my userSearchBase and was able to import fewer than 1000 users. LDAP error 12 shows up whenever I try to import all users.

This is what I get if I set queryBatchSize=0
 2012-04-03 12:49:53,609  ERROR [security.sync.ChainingUserRegistrySynchronizer] [Thread-1] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 03030000 User and group import failed
Caused by: javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'OU=NIDs,OU=WSU Accounts,DC=ad,DC=wsu,DC=edu'
   at com.sun.jndi.ldap.LdapCtx.mapErrorCode(

There are web pages about this problem in AD 2008 R2 and the pagedResultsControl, specifically here

Can I work around LDAP error 12 by changing the properties file or is it a problem with AD 2008 R2?

Groups are imported BTW, but there are only a few dozen of them.
Authentication also works.