Currently CURSOR_ENTRY_LIMIT is hardcoded to 100000:
This effectively limits the number of indexed entries that can be searched and sorted. This can be a problem when a server is utilised as CTS for OpenAM and the token reaper search (where coreTokenExpirationDate is less than the current date) returns >100k entries.
Whilst the hard coded limit is likely there to protect server resources, it is critical that expired tokens can be deleted efficiently.
CURSOR_ENTRY_LIMIT should be a configurable parameter, ideally on a per-user basis. This parameter should only be changed under guidance and the potential risks understood. Probably best implemented as a hidden property.