Posted by 
A few days ago, one of my client’s accounts had a problem. This account could not log in to webmail or email clients. However, the other account could log in normally.
So, I tried to check that account using the “ga” command, and this error appeared
system failure: unable to lookup account via query: (& (zimbraId=096ae205-xxxx-40c5-xxxx-f51bb648a3f7)(objectClass=zimbraAccount)) message: LDAP error - unable to search [ldap: ldap host=null:1: An I/O error occurred while trying to read the response from the server: java.io.IOException: The element indicated that it required 20971564 bytes to hold the value, but this is larger than the maximum of 20971520 bytes that the client has been configured to accept.
However, if I tried another account, the “ga” command worked normally
After doing some research/googling, this was caused by authtoken attribute that had exceeded.
To clear the authtoken, I did this.
su - zimbra vi /tmp/clear-token.ldif
Fill with the following line
dn: uid=USERPROBLEM,ou=people,dc=example,dc=com changetype: modify delete: zimbraAuthTokens
Note: Adjust USERPROBLEM and domain name in line starting with dn. If username is [email protected], the dn should be uid=pulan,ou=people,dc=imanudin,dc=web,dc=id
Save and run the following command
source ~/bin/zmshutil zmsetvars ldapmodify -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password -f /tmp/clear-token.ldif
Please test log in again to webmail or from email client
Good Luck 🙂