yahoo-eng-team team mailing list archive

[Lance Bragstad <lbragstad@xxxxxxxxx>]

** Also affects: keystone/pike
   Importance: Undecided
       Status: New

** Also affects: keystone/queens
   Importance: Low
     Assignee: prashkre (prashkre)
       Status: Fix Released

** Changed in: keystone/pike
       Status: New => Confirmed

** Changed in: keystone/pike
   Importance: Undecided => Low

** Changed in: keystone/queens
    Milestone: None => queens-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1712415

Title:
  Keystone should handle ldap.SIZELIMIT_EXCEEDED error

Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack Identity (keystone) pike series:
  Confirmed
Status in OpenStack Identity (keystone) queens series:
  Fix Released

Bug description:
  With ldap as identity backend server configured to keystone, GET
  users/groups API is abruptly failing in below stacktrace without
  proper error handling when ldap search results(users/groups) count is
  more than default sizelimit configured on ldap server.

  The size limit is of course as configured at the LDAP server and the
  configuration is beyond the control of OpenStack/keystone. However,
  keystone should have better error handling in this ldap flow so that
  such errors return an appropriate message. (Full stack trace can be
  found in the attachment)

  result = func(*args,**kwargs)
  2017-08-04 11:44:46.368 102104 ERROR keystone.common.wsgi SIZELIMIT_EXCEEDED: {'desc': u'Size limit exceeded'}

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1712415/+subscriptions