That's been a "don't do that" for quite a while, but we might finally have a solution in havana:
https://blueprints.launchpad.net/keystone/+spec/pagination-backend-support On Wed, Aug 7, 2013 at 3:56 PM, Miller, Mark M (EB SW Cloud - R&D - Corvallis) <[email protected]> wrote: > Hello,**** > > ** ** > > I ran into an issue/problem with keystone and it is ok to simply tell me > to “don’t do that”, but I am wondering how others approach this problem. * > *** > > ** ** > > I have the keystone H-2 split backend code connected the HP Enterprise > Directory which is humongous in size. From that directory I have only one > user configured with a project role in keystone. When I performed the > following REST API call:**** > > GET: http://15.253.58.141:35357/v3/users**** > > ** ** > > The keystone server took almost an hour and a half to process my request > before responding with the correct information:**** > > ** ** > > 2013-07-28 08:54:24 DEBUG [keystone.common.ldap.core] LDAP bind: > dn=cn=CloudOSKeystoneDev, ou=Applications, o=hp.com**** > > 2013-07-28 08:54:25 DEBUG [keystone.common.ldap.core] In get_connection > 6 user: cn=CloudOSKeystoneDev, ou=Applications, o=hp.com**** > > 2013-07-28 08:54:25 DEBUG [keystone.common.ldap.core] MY query in > _ldap_get_all filter: None, query: (&(objectClass=hpPerson))**** > > 2013-07-28 08:54:25 DEBUG [keystone.common.ldap.core] LDAP search: > dn=ou=People,o=hp.com, scope=2, query=(&(objectClass=hpPerson)), > attrs=['None', 'userPassword', 'hpStatus', 'mail', 'cn']**** > > 2013-07-28 10:20:10 INFO [access] 15.253.57.88 - - > [28/Jul/2013:17:20:10 +0000] "GET > http://15.253.58.141:35357/v3/usersHTTP/1.0"; 200 87832184 > **** > > 2013-07-28 10:20:25 DEBUG [eventlet.wsgi.server] 15.253.57.88 - - > [28/Jul/2013 10:20:25] "GET /v3/users HTTP/1.1" 200 87832342 5160.268039** > ** > > ** ** > > REST API response:**** > > ** ** > > {**** > > "user": {**** > > "name": "[email protected]",**** > > "links": {**** > > "self": "http://localhost:5000/v3/users/[email protected]"* > *** > > },**** > > "enabled": "Active",**** > > "domain_id": "default",**** > > "email": "[email protected]",**** > > "id": "[email protected]"**** > > }**** > > }**** > > ** ** > > After completing my request I found that Keystone was locked up and > required a stop/start service command to get it responding again. How do > other people with ldap backends handle this problem?**** > > ** ** > > Thanks,**** > > ** ** > > Mark**** > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- -Dolph
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
