Querying user accounts in the vSphere Web Client fails with the error: Cannot load the users for the selected domain
search cancel

Querying user accounts in the vSphere Web Client fails with the error: Cannot load the users for the selected domain


Article ID: 344334


Updated On:


VMware vCenter Server VMware vSphere ESXi


  • You are unable to query user accounts in vSphere Web Client.
  • This issue occurs when you attempt to add a user to vCenter Server permissions.
  • You see the error:

    Cannot load the users for the selected domain

  • This issue occurs when your directory service is OpenLDAP 2.4 or later.
  • This issue occurs when you are using an Open LDAP identity source within vCenter Single Sign-On.
  • In the C:\ProgramData\VMware\CIS\logs\vmware-ssovmware-sts-idmd.log file, you see entries similar to:

    YYYY-MM-DD 16:51:05,273 ERROR [IdentityManager] Failed to find objects [Criteria : searchString=, domain=SSOTEST.COM] in tenant [vsphere.local]
    YYYY-MM-DD 16:51:05,274 ERROR [ServerUtils] Exception 'com.vmware.identity.interop.ldap.SizeLimitExceededLdapException: Size Limit Exceeded
    LDAP error [code: 4]'
    com.vmware.identity.interop.ldap.SizeLimitExceededLdapException: Size Limit Exceeded
    LDAP error [code: 4]
    at com.vmware.identity.interop.ldap.LdapErrorChecker$4.RaiseLdapError(LdapErrorChecker.java:74)
    at com.vmware.identity.interop.ldap.LdapErrorChecker.CheckError(LdapErrorChecker.java:826)
    at com.vmware.identity.interop.ldap.WinLdapClientLibrary.CheckError(WinLdapClientLibrary.java:588)
    at com.vmware.identity.interop.ldap.WinLdapClientLibrary.ldap_one_paged_search(WinLdapClientLibrary.java:399)
    at com.vmware.identity.interop.ldap.LdapConnection$5.call(LdapConnection.java:588)
    at com.vmware.identity.interop.ldap.LdapConnection$5.call(LdapConnection.java:585)
    at com.vmware.identity.interop.ldap.LdapConnection.execute(LdapConnection.java:60)
    at com.vmware.identity.interop.ldap.LdapConnection.search_one_page_internal(LdapConnection.java:584)at com.vmware.identity.interop.ldap.LdapConnection.paged_search(LdapConnection.java:534)
    at com.vmware.identity.idm.server.provider.ldap.LdapProvider.findUsers(LdapProvider.java:540)
    at com.vmware.identity.idm.server.provider.ldap.LdapProvider.find(LdapProvider.java:1068)
    at com.vmware.identity.idm.server.IdentityManager.find(IdentityManager.java:3698)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
    at sun.rmi.transport.Transport$1.run(Unknown Source)
    at sun.rmi.transport.Transport$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Unknown Source)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

    Note: This log excerpt is an example. Date, time, and environmental variables may vary depending on your environment.


VMware vCenter Server Appliance 6.5.x
VMware vCenter Server 5.5.x
VMware vSphere Web Client 5.5.x
VMware vCenter Server 6.5.x


This issue occurs when the VMware Identity Management (IDM) service experiences a timeout as it attempts to query the vSphere Web Client and reports an exception error.


This is a known issue affecting vSphere Web Client 5.5 and 6.5.
Currently, there is no resolution.

To work around this issue, increase the olcSizeLimit timeout value on the OpenLDAP server(s) to 30000.

Caution: Contact your OpenLDAP administrator to make modifications on the OpenLDAP server(s).

Additional Information

For more information on olcSizeLimit, see the Configuring slapd section in the OpenLDAP web page.

For related information, see the OpenLDAP documentation.
Note: The links in this article were correct as of November 7, 2013. If you find a link is broken, provide feedback and a VMware employee will update the link.

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box.