<div>                The Keystone documentation [1] appears to indicate that LDAP limitations can be worked around by enabling paging, using the page_size setting. Am I reading it wrong?<br><br>[1] https://docs.openstack.org/keystone/train/admin/configuration.html#identity-ldap-server-set-up            </div>            <div class="yahoo_quoted" style="margin:10px 0px 0px 0.8ex;border-left:1px solid #ccc;padding-left:1ex;">                        <div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">                                <div>                    On Wednesday, May 24, 2023, 02:34:23 AM EDT, Kaster, Jörn <joern.kaster@epg.com> wrote:                </div>                <div><br></div>                <div><br></div>                <div><div id="yiv6784134135"><style type="text/css">#yiv6784134135 P {margin-top:0;margin-bottom:0;}</style><div dir="ltr"><div style="font-family:Calibri, Arial, Helvetica, sans-serif;font-size:12pt;color:rgb(0, 0, 0);" class="yiv6784134135elementToProof">Hello Albert,</div><div style="font-family:Calibri, Arial, Helvetica, sans-serif;font-size:12pt;color:rgb(0, 0, 0);" class="yiv6784134135elementToProof">have seen your message on monday and think that it was replied personaly in the meantime. Anyway.</div><div style="font-family:Calibri, Arial, Helvetica, sans-serif;font-size:12pt;color:rgb(0, 0, 0);" class="yiv6784134135elementToProof">I think this problem is not dedicated to the openstack services. The problem is caused by the ldap server. Which one do you use?</div><div style="font-family:Calibri, Arial, Helvetica, sans-serif;font-size:12pt;color:rgb(0, 0, 0);" class="yiv6784134135elementToProof">Look in the documentation of the ldap server to configure a larger size limit.</div><div style="font-family:Calibri, Arial, Helvetica, sans-serif;font-size:12pt;color:rgb(0, 0, 0);" class="yiv6784134135elementToProof"><br clear="none"></div><div style="font-family:Calibri, Arial, Helvetica, sans-serif;font-size:12pt;color:rgb(0, 0, 0);" class="yiv6784134135elementToProof">greets from here</div><div style="font-family:Calibri, Arial, Helvetica, sans-serif;font-size:12pt;color:rgb(0, 0, 0);" class="yiv6784134135elementToProof">Jörn<br clear="none"></div><div id="yiv6784134135appendonsend"></div><hr style="display:inline-block;width:98%;" tabindex="-1"><div id="yiv6784134135yqt52794" class="yiv6784134135yqt9570179197"><div dir="ltr" id="yiv6784134135divRplyFwdMsg"><font face="Calibri, sans-serif" style="font-size:11pt;" color="#000000"><b>Von:</b> Albert Braden <ozzzo@yahoo.com><br clear="none"><b>Gesendet:</b> Dienstag, 23. Mai 2023 20:35<br clear="none"><b>An:</b> OpenStack Discuss <openstack-discuss@lists.openstack.org><br clear="none"><b>Betreff:</b> Re: [kolla] [train] [keystone] Number of User/Group entities returned by LDAP exceeded size limit</font><div> </div></div><div><p></p><div style="background-color:#FFEB9C;width:100%;border-style:solid;border-color:#cc1010;border-width:1px;padding:2pt;font-size:10pt;font-family:Calibri;color:#cc1010;text-align:left;font-weight:bold;">OUTSIDE-EPG!</div><br clear="none"><p></p><div><div>Nobody replied to this Friday afternoon so I'm trying again:<br clear="none"><br clear="none">On Friday, May 19, 2023, 09:29:17 AM EDT, Albert Braden <ozzzo@yahoo.com> wrote:<br clear="none"><br clear="none"><br clear="none">We have 2052 groups in our LDAP server. We recently started getting an error when we try to list groups:<br clear="none"><br clear="none">$ os group list --domain AUTH.OURDOMAIN.COM<br clear="none">Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator. (HTTP 500)<br clear="none"><br clear="none">I read the "Additional LDAP integration settings" section in [1] and then tried setting various values of page_size (10, 100, 1000) in the [ldap] section of keystone.conf but that didn't make a difference. What am I  missing?<br clear="none"><br clear="none">[1] https://docs.openstack.org/keystone/train/admin/configuration.html#identity-ldap-server-set-up<br clear="none"><br clear="none">Here's the stack trace:<br clear="none"><br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application [req-198741c6-58b2-46b1-8622-bae1fc5c5280 d64c83e1ea954c368e9fe08a5d8450a1 47dc15c280c9436fadac4d41f1d54a64 - default default] Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.: keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application Traceback (most recent call last):<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 996, in search_s<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    attrlist, attrsonly)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 689, in wrapper<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return func(self, conn, *args, **kwargs)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 824, in search_s<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    attrsonly)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 870, in search_s<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 1286, in search_ext_s<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 1224, in _apply_method_s<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return func(self,*args,**kwargs)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 864, in search_ext_s<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return self.result(msgid,all=1,timeout=timeout)[1]<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 756, in result<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 760, in result2<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 767, in result3<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    resp_ctrl_classes=resp_ctrl_classes<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 774, in result4<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 340, in _ldap_call<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    reraise(exc_type, exc_value, exc_traceback)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/compat.py", line 46, in reraise<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    raise exc_value<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 324, in _ldap_call<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    result = func(*args,**kwargs)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application ldap.SIZELIMIT_EXCEEDED: {'msgtype': 100, 'msgid': 2, 'result': 4, 'desc': 'Size limit exceeded', 'ctrls': []}<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application During handling of the above exception, another exception occurred:<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application Traceback (most recent call last):<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    rv = self.dispatch_request()<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return self.view_functions[rule.endpoint](**req.view_args)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/flask_restful/__init__.py", line 480, in wrapper<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    resp = resource(*args, **kwargs)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/flask/views.py", line 88, in view<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return self.dispatch_request(*args, **kwargs)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/flask_restful/__init__.py", line 595, in dispatch_request<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    resp = meth(*args, **kwargs)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/api/groups.py", line 59, in get<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return self._list_groups()<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/api/groups.py", line 86, in _list_groups<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    hints=hints)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/common/manager.py", line 116, in wrapped<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    __ret_val = __f(*args, **kwargs)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/core.py", line 414, in wrapper<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return f(self, *args, **kwargs)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/core.py", line 424, in wrapper<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return f(self, *args, **kwargs)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/core.py", line 1329, in list_groups<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    ref_list = driver.list_groups(hints)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/core.py", line 116, in list_groups<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return self.group.get_all_filtered(hints)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/core.py", line 474, in get_all_filtered<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    for group in self.get_all(query, hints)]<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 1647, in get_all<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    for x in self._ldap_get_all(hints, ldap_filter)]<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/common/driver_hints.py", line 42, in wrapper<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return f(self, hints, *args, **kwargs)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 1600, in _ldap_get_all<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    attrs)<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 998, in search_s<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    raise exception.LDAPSizeLimitExceeded()<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.<br clear="none">2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application </div></div></div></div></div></div></div>            </div>                </div>