← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1896121] [NEW] Unable to disable LDAP paging

 

Public bug reported:

Keystone provides a configuration option that allows users to page LDAP
responses [0].

You can disable paging by setting page_size to 0, which should return
all query data from LDAP in a single response.

I have an AD server with 10,000 users and I have paging set to 1,000. I
am able to list users and verified paging is actually working.

If I disable paging by setting it to 0, the request errors:

2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application     raise exception.LDAPSizeLimitExceeded()
2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.

However, if I set page_size to 100000, the request succeeds, even though
I'm requesting all 10,000 users with page sizes of 100000.

I would expect to be able to disable paging without seeing the error
since I'm able to request all LDAP users with huge page sizes.

[0] https://docs.openstack.org/keystone/latest/configuration/config-
options.html#ldap.page_size

** Affects: keystone
     Importance: Undecided
         Status: New


** Tags: ldap

** Tags added: ldap

** Description changed:

  Keystone provides a configuration option that allows users to page LDAP
  responses [0].
  
- You can disable paging by setting page_size to 0, which should result
- all query data coming back from LDAP in a single response.
+ You can disable paging by setting page_size to 0, which should return
+ all query data from LDAP in a single response.
  
  I have an AD server with 10,000 users and I have paging set to 1,000. I
  am able to list users and verified paging is actually working.
  
  If I disable paging, the request errors:
  
  2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application     raise exception.LDAPSizeLimitExceeded()
  2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.
  
  However, if I set page_size to 100000, the request succeeds, even though
  I'm requesting all 10,000 users with page sizes of 100000.
  
  I would expect to be able to disable paging without seeing the error
  since I'm able to request all LDAP users with huge page sizes.
  
  [0] https://docs.openstack.org/keystone/latest/configuration/config-
  options.html#ldap.page_size

** Description changed:

  Keystone provides a configuration option that allows users to page LDAP
  responses [0].
  
  You can disable paging by setting page_size to 0, which should return
  all query data from LDAP in a single response.
  
  I have an AD server with 10,000 users and I have paging set to 1,000. I
  am able to list users and verified paging is actually working.
  
- If I disable paging, the request errors:
+ If I disable paging by setting it to 0, the request errors:
  
  2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application     raise exception.LDAPSizeLimitExceeded()
  2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.
  
  However, if I set page_size to 100000, the request succeeds, even though
  I'm requesting all 10,000 users with page sizes of 100000.
  
  I would expect to be able to disable paging without seeing the error
  since I'm able to request all LDAP users with huge page sizes.
  
  [0] https://docs.openstack.org/keystone/latest/configuration/config-
  options.html#ldap.page_size

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1896121

Title:
  Unable to disable LDAP paging

Status in OpenStack Identity (keystone):
  New

Bug description:
  Keystone provides a configuration option that allows users to page
  LDAP responses [0].

  You can disable paging by setting page_size to 0, which should return
  all query data from LDAP in a single response.

  I have an AD server with 10,000 users and I have paging set to 1,000.
  I am able to list users and verified paging is actually working.

  If I disable paging by setting it to 0, the request errors:

  2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application     raise exception.LDAPSizeLimitExceeded()
  2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.

  However, if I set page_size to 100000, the request succeeds, even
  though I'm requesting all 10,000 users with page sizes of 100000.

  I would expect to be able to disable paging without seeing the error
  since I'm able to request all LDAP users with huge page sizes.

  [0] https://docs.openstack.org/keystone/latest/configuration/config-
  options.html#ldap.page_size

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1896121/+subscriptions