diff --git a/src/pam_ipahbac.c b/src/pam_ipahbac.c
index 8224e7e..fff956c 100644
--- a/src/pam_ipahbac.c
+++ b/src/pam_ipahbac.c
@@ -229,6 +229,7 @@ int ipa_check_hbac(char* ldapservers, const char* base, const char* binduser, co
 	const char* filter="(&(objectclass=ipahbacrule)(ipaenabledflag=true)(accessruletype=allow))";
 	char* attrs[] = { "memberuser", "memberhost", "memberservice", "usercategory", "hostcategory", "servicecategory", NULL } ;
 	int ldap_version=LDAP_VERSION3;
+	int ldap_sizelimit=1000;
 	LDAP* ld=NULL;
 	LDAPMessage* msg=NULL;
 	LDAPMessage* entry=NULL;
@@ -248,6 +249,12 @@ int ipa_check_hbac(char* ldapservers, const char* base, const char* binduser, co
 		return 0;
 	}
 
+	if (debug) syslog(LOG_DEBUG,"ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &ldap_sizelimit)\n");
+	if( ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &ldap_sizelimit) != LDAP_OPT_SUCCESS ) {
+		syslog(LOG_ERR,"Error setting LDAP sizelimit\n");
+		return 0;
+	}
+
 	if (debug) syslog(LOG_DEBUG,"ldap_bind_s(ld, binduser, bindpw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS )\n");
 	if( (retval = ldap_bind_s(ld, binduser, bindpw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS ) {
 		syslog(LOG_ERR,"Error binding to LDAP: %s\n", ldap_err2string(retval));