
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">

Hello Albert,</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">

have seen your message on monday and think that it was replied personaly in the meantime. Anyway.</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">

I think this problem is not dedicated to the openstack services. The problem is caused by the ldap server. Which one do you use?</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">

Look in the documentation of the ldap server to configure a larger size limit.</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">

greets from here</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">

Jörn<br>

</div>

<div id="appendonsend"></div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>Von:</b> Albert Braden <ozzzo@yahoo.com><br>

<b>Gesendet:</b> Dienstag, 23. Mai 2023 20:35<br>

<b>An:</b> OpenStack Discuss <openstack-discuss@lists.openstack.org><br>

<b>Betreff:</b> Re: [kolla] [train] [keystone] Number of User/Group entities returned by LDAP exceeded size limit</font>

<div> </div>

</div>

<div>

<p></p>

<div style="background-color:#FFEB9C; width:100%; border-style:solid; border-color:#cc1010; border-width:1px; padding:2pt; font-size:10pt; line-height:12p; font-family:Calibri; color:#cc1010; text-align:left; font-weight:bold">

OUTSIDE-EPG!</div>

<br>

<p></p>

<div>

<div>Nobody replied to this Friday afternoon so I'm trying again:<br>

<br>

On Friday, May 19, 2023, 09:29:17 AM EDT, Albert Braden <ozzzo@yahoo.com> wrote:<br>

<br>

<br>

We have 2052 groups in our LDAP server. We recently started getting an error when we try to list groups:<br>

<br>

$ os group list --domain AUTH.OURDOMAIN.COM<br>

Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator. (HTTP 500)<br>

<br>

I read the "Additional LDAP integration settings" section in [1] and then tried setting various values of page_size (10, 100, 1000) in the [ldap] section of keystone.conf but that didn't make a difference. What am I  missing?<br>

<br>

[1] https://docs.openstack.org/keystone/train/admin/configuration.html#identity-ldap-server-set-up<br>

<br>

Here's the stack trace:<br>

<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application [req-198741c6-58b2-46b1-8622-bae1fc5c5280 d64c83e1ea954c368e9fe08a5d8450a1 47dc15c280c9436fadac4d41f1d54a64 - default default] Number of User/Group entities returned by LDAP exceeded size limit.

 Contact your LDAP administrator.: keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application Traceback (most recent call last):<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 996, in search_s<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    attrlist, attrsonly)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 689, in wrapper<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return func(self, conn, *args, **kwargs)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 824, in search_s<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    attrsonly)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 870, in search_s<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 1286, in search_ext_s<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 1224, in _apply_method_s<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return func(self,*args,**kwargs)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 864, in search_ext_s<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return self.result(msgid,all=1,timeout=timeout)[1]<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 756, in result<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 760, in result2<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 767, in result3<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    resp_ctrl_classes=resp_ctrl_classes<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 774, in result4<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 340, in _ldap_call<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    reraise(exc_type, exc_value, exc_traceback)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/compat.py", line 46, in reraise<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    raise exc_value<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 324, in _ldap_call<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    result = func(*args,**kwargs)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application ldap.SIZELIMIT_EXCEEDED: {'msgtype': 100, 'msgid': 2, 'result': 4, 'desc': 'Size limit exceeded', 'ctrls': []}<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application During handling of the above exception, another exception occurred:<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application Traceback (most recent call last):<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    rv = self.dispatch_request()<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return self.view_functions[rule.endpoint](**req.view_args)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/flask_restful/__init__.py", line 480, in wrapper<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    resp = resource(*args, **kwargs)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/flask/views.py", line 88, in view<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return self.dispatch_request(*args, **kwargs)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/flask_restful/__init__.py", line 595, in dispatch_request<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    resp = meth(*args, **kwargs)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/api/groups.py", line 59, in get<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return self._list_groups()<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/api/groups.py", line 86, in _list_groups<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    hints=hints)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/common/manager.py", line 116, in wrapped<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    __ret_val = __f(*args, **kwargs)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/core.py", line 414, in wrapper<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return f(self, *args, **kwargs)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/core.py", line 424, in wrapper<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return f(self, *args, **kwargs)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/core.py", line 1329, in list_groups<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    ref_list = driver.list_groups(hints)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/core.py", line 116, in list_groups<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return self.group.get_all_filtered(hints)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/core.py", line 474, in get_all_filtered<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    for group in self.get_all(query, hints)]<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 1647, in get_all<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    for x in self._ldap_get_all(hints, ldap_filter)]<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/common/driver_hints.py", line 42, in wrapper<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    return f(self, hints, *args, **kwargs)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 1600, in _ldap_get_all<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    attrs)<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application  File "/usr/lib/python3.6/site-packages/keystone/identity/backends/ldap/common.py", line 998, in search_s<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application    raise exception.LDAPSizeLimitExceeded()<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator.<br>

2023-05-15 20:18:41.932 36 ERROR keystone.server.flask.application </div>

</div>

</div>

</body>

</html>