LDAP iterate (dovecoc 2.2.27)

[Debreczeni Attila]

Dear Dovecot Team,

We would like to use the LDAP iterate for dovecot replication, but I got
this error:

dovecot: auth-worker(10149): Error: ldap(*):
ldap_search(base=ou=mail,o=asd,c=TLD filter=(objectClass=inetMailUser)
failed: Size limit exceeded
dovecot: replicator: Error: User listing returned failure
dovecot: replicator: Error: listing users failed, can't replicate
existing data

When I check the "doveadm replicator status":
...
Total number of known users   1200

But we have more than 10.000 users. When I run the ldapsearch manually,
I get the full list of the mail addresses.

Who can I fix it?

Thank you,
Attila

# dovecot --version
2.2.27 (c0f36b0)

# dovecot -n | filtered
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.8
auth_worker_max_count = 150
default_vsz_limit = 512 M
doveadm_password =  # hidden, use -P to show it
doveadm_port = ***
mail_gid = vmail
mail_plugins = " quota notify replication"
namespace inbox {
 ...
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  mail_replica = tcp:REMOTE_IP
}
replication_dsync_parameters = -d -N -1 -l 30 -U
service aggregator {
  fifo_listener replication-notify-fifo {
    user = vmail
  }
  unix_listener replication-notify {
    user = vmail
  }
}
service auth {
  inet_listener {
    address = LOCAL_IP
    port = LOCAL_PORT
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0600
    user = vmail
  }
}
service dict {
  unix_listener dict {
    group = vmail
    mode = 0600
    user = vmail
  }
}
service lmtp {
  inet_listener lmtp {
    address = LOCAL_IP
    port = LOCAL_PORT
  }
}

service replicator {
  process_min_avail = 1
  unix_listener replicator-doveadm {
    mode = 0600
  }
}

userdb {
  args = /etc/dovecot/dovecot-domain-ldap.conf.ext
  driver = ldap
  result_success = continue-ok
}
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
  result_failure = return-fail
}
protocol imap {
...
}
protocol pop3 {
...
}


# grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext
uris = ldaps://ldap.URL
dn = uid=auth,o=domain,c=TLD
dnpass = ****
sasl_bind = no
tls_ca_cert_dir = /etc/ssl/certs
tls_require_cert = demand
ldap_version = 3
base = ou=mail,o=asd,c=TLD
deref = never
scope = subtree
user_attrs = =home=/dev/null/%Ld/%L{ldap:uid},
mailQuota=quota_rule=*:bytes=%$
user_filter = (objectClass=inetMailUser)
pass_attrs = userPassword=password
pass_filter = (objectClass=inetMailUser)
iterate_attrs = mail=user
iterate_filter = (objectClass=inetMailUser)
default_pass_scheme = PLAIN