Symptoms:

• You are unable to query user accounts in vSphere Web Client.
• This issue occurs when you attempt to add a user to vCenter Server permissions.
• You see the error: Cannot load the users for the selected domain
• This issue occurs when your directory service is OpenLDAP 2.4 or later.
• This issue occurs when you are using an Open LDAP identity source within vCenter Single Sign-On.
• In the C:\ProgramData\VMware\CIS\logs\vmware-ssovmware-sts-idmd.log file, you see entries similar to:
  
  YYYY-MM-DDTHH:MM:SS.Z ERROR [IdentityManager] Failed to find objects [Criteria : searchString=, domain=example.COM] in tenant [vsphere.local]
  YYYY-MM-DDTHH:MM:SS.Z ERROR [ServerUtils] Exception 'com.vmware.identity.interop.ldap.SizeLimitExceededLdapException: Size Limit Exceeded
  LDAP error [code: 4]'
  com.vmware.identity.interop.ldap.SizeLimitExceededLdapException: Size Limit Exceeded
  LDAP error [code: 4]
  at com.vmware.identity.interop.ldap.LdapErrorChecker$4.RaiseLdapError(LdapErrorChecker.java:74)
  at com.vmware.identity.interop.ldap.LdapErrorChecker.CheckError(LdapErrorChecker.java:826)
  at com.vmware.identity.interop.ldap.WinLdapClientLibrary.CheckError(WinLdapClientLibrary.java:588)
  at com.vmware.identity.interop.ldap.WinLdapClientLibrary.ldap_one_paged_search(WinLdapClientLibrary.java:399)
  at com.vmware.identity.interop.ldap.LdapConnection$5.call(LdapConnection.java:588)
  at com.vmware.identity.interop.ldap.LdapConnection$5.call(LdapConnection.java:585)
  at com.vmware.identity.interop.ldap.LdapConnection.execute(LdapConnection.java:60)
  at com.vmware.identity.interop.ldap.LdapConnection.search_one_page_internal(LdapConnection.java:584)at com.vmware.identity.interop.ldap.LdapConnection.paged_search(LdapConnection.java:534)
  at com.vmware.identity.idm.server.provider.ldap.LdapProvider.findUsers(LdapProvider.java:540)
  at com.vmware.identity.idm.server.provider.ldap.LdapProvider.find(LdapProvider.java:1068)
  at com.vmware.identity.idm.server.IdentityManager.find(IdentityManager.java:3698)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
  at sun.rmi.transport.Transport$1.run(Unknown Source)
  at sun.rmi.transport.Transport$1.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at sun.rmi.transport.Transport.serviceCall(Unknown Source)
  at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
  at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)
  at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
  at java.lang.Thread.run(Unknown Source)
  
  Note: This log excerpt is an example. Date, time, and environmental variables may vary depending on your environment.

VMware vCenter Server Appliance 6.5.x
VMware vCenter Server 5.5.x
VMware vSphere Web Client 5.5.x
VMware vCenter Server 6.5.x

This issue occurs when the VMware Identity Management (IDM) service experiences a timeout as it attempts to query the vSphere Web Client and reports an exception error.

This is a known issue affecting vSphere Web Client 5.5 and 6.5.

Currently, there is no resolution.

To work around this issue, increase the olcSizeLimit timeout value on the OpenLDAP server(s) to 30000.

Caution: Contact your OpenLDAP administrator to make modifications on the OpenLDAP server(s).