Encoded Packet Size Too Big
by Wojtak, Greg (Superfly)
Every once in a while with SSSD, we run into a problem where we aren't able to get user information or authenticate users. We are using ldap/kerberos against an Active Directory set up over SSL (LDAPS) and we see the following message in the logs:
encoded packet size too big (813957100 > 16777215)
>From what I've been able to gather, this is something to do with the cyrus-sasl package. I've also seen this error pop up when doing operations with the openldap-clients (ldapsearch, ldapmodify). I've found that by specifying the minssf and maxssf values in the ldap* operations that the operations would then succeed.
I'm wondering if the same type of fix would work for SSSD? Is there a way to specify the SSF of the SASL operations that SSSD uses? Is there another workaround for this?
Greg Wojtak
Sr. Unix Systems Engineer
Office: (313) 373-4306
Cell: (734) 718-8472