The time limit in the search request is incorrectly treated as milliseconds. According to RFC 2251 the time limit should be in seconds. The following example is done using OpenLDAP's command line tool:

  ldapsearch -h localhost -p 10389 -D uid=admin,ou=system -w secret -b "dc=example,dc=com" -l 100

The -l 100 parameter indicates that the time limit is set to 100 seconds. However, the search operation stops in less than a second with error message "Time limit exceeded". Some other LDAP client (e.g. Softerra) might specify a time limit by default, so it will affect the results.

This could be the cause of the problem: in SearchHandler.java:82, the time limit is being passed directly from SearchRequest to SearchControls. According to the documents in the code, the time limit in SearchRequest is in seconds, but the time limit in SearchControls is in milliseconds, so it should have been multiplied by 1000.