[kolla] [train] [keystone] Number of User/Group entities returned by LDAP exceeded size limit
Albert Braden
ozzzo at yahoo.com
Fri May 19 13:29:17 UTC 2023
We have 200 groups in our LDAP server. We recently started getting an error when we try to list groups:
$ os group list --domain AUTH.OURDOMAIN.COM
Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator. (HTTP 500)
I read the "Additional LDAP integration settings" section in [1] and then tried setting various values of page_size (10, 100, 1000) in the [ldap] section of keystone.conf but that didn't make a difference. What am I missing?
[1] https://docs.openstack.org/keystone/train/admin/configuration.html#identity-ldap-server-set-up
Here's the stack trace:
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application [req-198741c6-58b2-46b1-8622-bae1fc5c5280 d64c83e1ea954c368e9fe08a5d8450a1 47dc15c280c9436fadac4d41f1d54a64 - default default] Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.: keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application Traceback (most recent call last):
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 996, in search_s
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application attrlist, attrsonly)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 689, in wrapper
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application return func(self, conn, *args, **kwargs)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 824, in search_s
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application attrsonly)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 870, in search_s
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 1286, in search_ext_s
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 1224, in _apply_method_s
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application return func(self,*args,**kwargs)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 864, in search_ext_s
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application return self.result(msgid,all=1,timeout=timeout)[1]
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 756, in result
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 760, in result2
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 767, in result3
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application resp_ctrl_classes=resp_ctrl_classes
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 774, in result4
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 340, in _ldap_call
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application reraise(exc_type, exc_value, exc_traceback)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib64/python3.6/site-packages/ldap/compat.py", line 46, in reraise
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application raise exc_value
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 324, in _ldap_call
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application result = func(*args,**kwargs)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application ldap.SIZELIMIT_EXCEEDED: {'msgtype': 100, 'msgid': 2, 'result': 4, 'desc': 'Size limit exceeded', 'ctrls': []}
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application During handling of the above exception, another exception occurred:
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application Traceback (most recent call last):
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application rv = self.dispatch_request()
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application return self.view_functions[rule.endpoint](**req.view_args)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/flask_restful/__init__.py", line 480, in wrapper
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application resp = resource(*args, **kwargs)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/flask/views.py", line 88, in view
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application return self.dispatch_request(*args, **kwargs)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/flask_restful/__init__.py", line 595, in dispatch_request
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application resp = meth(*args, **kwargs)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/api/groups.py", line 59, in get
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application return self._list_groups()
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/api/groups.py", line 86, in _list_groups
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application hints=hints)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/common/manager.py", line 116, in wrapped
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application __ret_val = __f(*args, **kwargs)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/identity/core.py", line 414, in wrapper
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application return f(self, *args, **kwargs)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/identity/core.py", line 424, in wrapper
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application return f(self, *args, **kwargs)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/identity/core.py", line 1329, in list_groups
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application ref_list = driver.list_groups(hints)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/core.py", line 116, in list_groups
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application return self.group.get_all_filtered(hints)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/core.py", line 474, in get_all_filtered
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application for group in self.get_all(query, hints)]
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 1647, in get_all
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application for x in self._ldap_get_all(hints, ldap_filter)]
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/common/driver_hints.py", line 42, in wrapper
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application return f(self, hints, *args, **kwargs)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 1600, in _ldap_get_all
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application attrs)
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 998, in search_s
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application raise exception.LDAPSizeLimitExceeded()
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.
2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application
More information about the openstack-discuss
mailing list