Modify

Opened 2 years ago

Closed 20 months ago

#10286 closed defect (fixed)

SIZELIMIT_EXCEEDED error when attempting to authenticate

Reported by: lholcomb2@… Owned by: sandinak
Priority: normal Component: DirectoryAuthPlugin
Severity: normal Keywords:
Cc: Trac Release: 1.0

Description

When trying to authenticate a user we get the following error:

SIZELIMIT_EXCEEDED: {'desc': 'Size limit exceeded'}

We've tried both trunk and 0.11

With trunk we get the error all the time (on every page).

With 0.11 we only get the error when trying to authenticate.

Attachments (0)

Change History (6)

comment:1 Changed 2 years ago by sandinak

  • Status changed from new to assigned

Yep .. this was a major problem I ran into as well. The issue was that the has_user call was returning *all* users in the base_dn. Further it was using LDAP_SUBTREE as a scope.. bad. Here's how i have fixed it for us ( NASA .. our dir has > 10k entries )

  • No longer ever return all users in the LDAP db, but only the users who have logged in once.
  • This may cause some operational issues for people that want to include people in the CC, and are using the AutoCompleteUsers plugin and assume the entire directory is available for search. I am taking that one over too and will re-write it to better handle large ldap directories... and give the admin the option to select Local or all users.
  • group_user expansion wasn't quite right, and returned dupes .. fixed that too

comment:2 Changed 2 years ago by sandinak

Please test 0.5 of DirectoryAuthPlugin when I release it, also note .. you'll have to edit/change your trac.ini with the new variable names .. but they're far more explanitory and worth the change. Respond to this ticket if it fixes it. Thanks.

comment:3 Changed 2 years ago by andy.barreras@…

I'm having exactly the same issue. Please explain request to "test with 0.5 of DirectoryAuthPlugin ". I don't see version numbers in the repository, only the trunk and the 0.11 branch. Neither one works.

comment:4 Changed 21 months ago by anonymous

SO I took a fresh look at the code and I believe people are hitting this for a few different reasons

  • the valid_group_users entry is being evaluated by enumerating all users in a recursive fashion.. this needs to be re-written
  • the user should be a single search, and then search it for groups and recurse vs piling up the users and then compare.
  • I'll refactor this code and update as next iteration.

comment:5 Changed 21 months ago by anonymous

Refactored and testing now .. this HUGELY improved speed.

comment:6 Changed 20 months ago by anonymous

  • Resolution set to fixed
  • Status changed from assigned to closed

Testing completed.

  • renamed things to make it right.
  • cleaned up the configuration.

Add Comment

Modify Ticket

Action
as closed The owner will remain sandinak.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.