Public bug reported: Keystone provides a configuration option that allows users to page LDAP responses [0].
You can disable paging by setting page_size to 0, which should return all query data from LDAP in a single response. I have an AD server with 10,000 users and I have paging set to 1,000. I am able to list users and verified paging is actually working. If I disable paging by setting it to 0, the request errors: 2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application raise exception.LDAPSizeLimitExceeded() 2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator. However, if I set page_size to 100000, the request succeeds, even though I'm requesting all 10,000 users with page sizes of 100000. I would expect to be able to disable paging without seeing the error since I'm able to request all LDAP users with huge page sizes. [0] https://docs.openstack.org/keystone/latest/configuration/config- options.html#ldap.page_size ** Affects: keystone Importance: Undecided Status: New ** Tags: ldap ** Tags added: ldap ** Description changed: Keystone provides a configuration option that allows users to page LDAP responses [0]. - You can disable paging by setting page_size to 0, which should result - all query data coming back from LDAP in a single response. + You can disable paging by setting page_size to 0, which should return + all query data from LDAP in a single response. I have an AD server with 10,000 users and I have paging set to 1,000. I am able to list users and verified paging is actually working. If I disable paging, the request errors: 2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application raise exception.LDAPSizeLimitExceeded() 2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator. However, if I set page_size to 100000, the request succeeds, even though I'm requesting all 10,000 users with page sizes of 100000. I would expect to be able to disable paging without seeing the error since I'm able to request all LDAP users with huge page sizes. [0] https://docs.openstack.org/keystone/latest/configuration/config- options.html#ldap.page_size ** Description changed: Keystone provides a configuration option that allows users to page LDAP responses [0]. You can disable paging by setting page_size to 0, which should return all query data from LDAP in a single response. I have an AD server with 10,000 users and I have paging set to 1,000. I am able to list users and verified paging is actually working. - If I disable paging, the request errors: + If I disable paging by setting it to 0, the request errors: 2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application raise exception.LDAPSizeLimitExceeded() 2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator. However, if I set page_size to 100000, the request succeeds, even though I'm requesting all 10,000 users with page sizes of 100000. I would expect to be able to disable paging without seeing the error since I'm able to request all LDAP users with huge page sizes. [0] https://docs.openstack.org/keystone/latest/configuration/config- options.html#ldap.page_size -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1896121 Title: Unable to disable LDAP paging Status in OpenStack Identity (keystone): New Bug description: Keystone provides a configuration option that allows users to page LDAP responses [0]. You can disable paging by setting page_size to 0, which should return all query data from LDAP in a single response. I have an AD server with 10,000 users and I have paging set to 1,000. I am able to list users and verified paging is actually working. If I disable paging by setting it to 0, the request errors: 2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application raise exception.LDAPSizeLimitExceeded() 2020-09-17 21:03:46.836 45 ERROR keystone.server.flask.application keystone.exception.LDAPSizeLimitExceeded: Number of User/Group entities returned by LDAP exceeded size limit. Contact your LDAP administrator. However, if I set page_size to 100000, the request succeeds, even though I'm requesting all 10,000 users with page sizes of 100000. I would expect to be able to disable paging without seeing the error since I'm able to request all LDAP users with huge page sizes. [0] https://docs.openstack.org/keystone/latest/configuration/config- options.html#ldap.page_size To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1896121/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
