yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #83928
[Bug 1896121] [NEW] Unable to disable LDAP paging
Public bug reported:
Keystone provides a configuration option that allows users to page LDAP
responses [0].
You can disable paging by setting page_size to 0, which should return
all query data from LDAP in a single response.
I have an AD server with 10,000 users and I have paging set to 1,000. I
am able to list users and verified paging is actually working.
If I disable paging by setting it to 0, the request errors:
2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application raise exception.LDAPSizeLimitExceeded()
2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.
However, if I set page_size to 100000, the request succeeds, even though
I'm requesting all 10,000 users with page sizes of 100000.
I would expect to be able to disable paging without seeing the error
since I'm able to request all LDAP users with huge page sizes.
[0] https://docs.openstack.org/keystone/latest/configuration/config-
options.html#ldap.page_size
** Affects: keystone
Importance: Undecided
Status: New
** Tags: ldap
** Tags added: ldap
** Description changed:
Keystone provides a configuration option that allows users to page LDAP
responses [0].
- You can disable paging by setting page_size to 0, which should result
- all query data coming back from LDAP in a single response.
+ You can disable paging by setting page_size to 0, which should return
+ all query data from LDAP in a single response.
I have an AD server with 10,000 users and I have paging set to 1,000. I
am able to list users and verified paging is actually working.
If I disable paging, the request errors:
2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application raise exception.LDAPSizeLimitExceeded()
2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.
However, if I set page_size to 100000, the request succeeds, even though
I'm requesting all 10,000 users with page sizes of 100000.
I would expect to be able to disable paging without seeing the error
since I'm able to request all LDAP users with huge page sizes.
[0] https://docs.openstack.org/keystone/latest/configuration/config-
options.html#ldap.page_size
** Description changed:
Keystone provides a configuration option that allows users to page LDAP
responses [0].
You can disable paging by setting page_size to 0, which should return
all query data from LDAP in a single response.
I have an AD server with 10,000 users and I have paging set to 1,000. I
am able to list users and verified paging is actually working.
- If I disable paging, the request errors:
+ If I disable paging by setting it to 0, the request errors:
2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application raise exception.LDAPSizeLimitExceeded()
2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.
However, if I set page_size to 100000, the request succeeds, even though
I'm requesting all 10,000 users with page sizes of 100000.
I would expect to be able to disable paging without seeing the error
since I'm able to request all LDAP users with huge page sizes.
[0] https://docs.openstack.org/keystone/latest/configuration/config-
options.html#ldap.page_size
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1896121
Title:
Unable to disable LDAP paging
Status in OpenStack Identity (keystone):
New
Bug description:
Keystone provides a configuration option that allows users to page
LDAP responses [0].
You can disable paging by setting page_size to 0, which should return
all query data from LDAP in a single response.
I have an AD server with 10,000 users and I have paging set to 1,000.
I am able to list users and verified paging is actually working.
If I disable paging by setting it to 0, the request errors:
2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application raise exception.LDAPSizeLimitExceeded()
2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.
However, if I set page_size to 100000, the request succeeds, even
though I'm requesting all 10,000 users with page sizes of 100000.
I would expect to be able to disable paging without seeing the error
since I'm able to request all LDAP users with huge page sizes.
[0] https://docs.openstack.org/keystone/latest/configuration/config-
options.html#ldap.page_size
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1896121/+subscriptions