Directory Sync only pulling a partial list of users/groups from LDAP

I have Duo authproxy v5.7.3-b74215e running on a CentOS 7.7 instance, communicating with an OpenLDAP server. DirectorySync + authproxy seems to work fine until I try to add groups. I see only a partial list of groups in the list. I see the following error in the authproxy log:

2022-09-06T12:11:07.993886+0000 [L■■■■■■■■■■■■■■■■■■■■l,XXXXXXXXXXXXXXXXXXXXXXXXXXXX,client] C<-S LDAPMessage(id=4, value=L■■■■■■■■■■■■■■■■■■■■(objectName='cn=xxx_roles,uid=xxx,ou=people,dc=foo,dc=com', attributes=[('cn', ['xxx_roles']), ('entryUUID', ['xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx']), ('entryDN', ['cn=xxx_roles,uid=xxx,ou=people,dc=foo,dc=com'])]), controls=None)
2022-09-06T12:11:07.994194+0000 [L■■■■■■■■■■■■■■■■■■■■l,XXXXXXXXXXXXXXXXXXXXXXXXXXXX,client] C<-S LDAPMessage(id=4, value=LDAPSearchResultDone(resultCode=4), controls=None)
2022-09-06T12:11:07.994462+0000 [duoauthproxy.lib.log#critical] Unexpected error handling message
        Traceback (most recent call last):
          File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/Twisted-21.2.0-py3.8.egg/twisted/internet/tcp.py", line 246, in doRead
            return self._dataReceived(data)
          File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/Twisted-21.2.0-py3.8.egg/twisted/internet/tcp.py", line 251, in _dataReceived
            rval = self.protocol.dataReceived(data)
          File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/ldaptor-19.1.0-py3.8.egg/ldaptor/protocols/ldap/ldapclient.py", line 75, in dataReceived

          File "/opt/duoauthproxy/usr/local/lib/python3.8/site-packages/ldaptor-19.1.0-py3.8.egg/ldaptor/protocol
2022-09-06T12:11:07.995823+0000 [duoauthproxy.lib.log#error] Paging cookie not found!

So it’s clearly a paging issue with returned data from LDAP. But I have no idea how to correct this.

Does anyone have ideas? Thanks.

What flavor of OpenLDAP? Do you know if it supports OID 1.2.840.113556.1.4.319? That’s what the Duo Authentication Proxy requests, and the response back from your LDAP server includes controls=None instead of responding with paging controls OR the error code indicating the paging control isn’t supported .