Policy Store reporting (objectClass=smServerCommand4) Size limit exceeded
search cancel

Policy Store reporting (objectClass=smServerCommand4) Size limit exceeded


Article ID: 276985


Updated On:




When an Administrator makes any changes in the AdminUI, Policy Server will create/update/delete those objects in the Policy Store.

This will require informing all other Policy Servers to fetch these changes and that is done by creating a journal (or smServerCommand4 objects) in the Policy Store.

Policy Servers will periodically look for smServerCommand4 objects in the Policy Store with the created timestamp and read the contained instruction to flush cache and reload necessary objects.


When there are too many smServerCommand4 objects in the CA Directory Policy Store and returning "size limit exceeded" or "admin limit exceeded", policy store is growing in size and policy servers are not in sync such as a Policy Server #1 may authorize a user but Policy Server #2 rejects the user.


In CA Directory, there is a limit of how many objects can be returned in a single query.

set max-op-size = 4000;


Above returns 4000 objects at max but if there are more than the above specified number of objects then the "size limit exceeded" will be in the response without returning any of the actual objects.

This limits Policy Server from making a list of stale smServerCommand4 objects so they start growing.


And as 0 objects are being returned, other Policy Servers are not able to fetch the instruction to flush and reload the new/updated objects causing the policy store sync issue.


Increase the max-op-size to a number that is higher than the number of accumulated smServerCommand4 objects.

For example, if there are 42k smServerCommand4 objects then set it to 50k.

Then run "dxserver init {DSA_Name}" to load the new configuration.


Moment later, all the accumulated smServerCommand4 objects would have been removed.


You do not need to manually clear those smServerCommand4 objects.
As long as the max-op-size is high enough to read all the smServerCommand4 objects, Policy Server will clear them automatically.