Context Navigation

Modify ↓

#10286 closed defect (fixed)

SIZELIMIT_EXCEEDED error when attempting to authenticate

Reported by:	lholcomb2@…	Owned by:	branson
Priority:	normal	Component:	DirectoryAuthPlugin
Severity:	normal	Keywords:
Cc:		Trac Release:	1.0

Description

When trying to authenticate a user we get the following error:

SIZELIMIT_EXCEEDED: {'desc': 'Size limit exceeded'}

We've tried both trunk and 0.11

With trunk we get the error all the time (on every page).

With 0.11 we only get the error when trying to authenticate.

Attachments (0)

Change History (6)

comment:1 Changed 12 years ago by branson

Status:	new → assigned

Yep .. this was a major problem I ran into as well. The issue was that the has_user call was returning *all* users in the base_dn. Further it was using LDAP_SUBTREE as a scope.. bad. Here's how i have fixed it for us ( NASA .. our dir has > 10k entries )

No longer ever return all users in the LDAP db, but only the users who have logged in once.
This may cause some operational issues for people that want to include people in the CC, and are using the AutoCompleteUsers plugin and assume the entire directory is available for search. I am taking that one over too and will re-write it to better handle large ldap directories... and give the admin the option to select Local or all users.
group_user expansion wasn't quite right, and returned dupes .. fixed that too

comment:2 Changed 12 years ago by branson

Please test 0.5 of DirectoryAuthPlugin when I release it, also note .. you'll have to edit/change your trac.ini with the new variable names .. but they're far more explanitory and worth the change. Respond to this ticket if it fixes it. Thanks.

comment:3 Changed 12 years ago by andy.barreras@…

I'm having exactly the same issue. Please explain request to "test with 0.5 of DirectoryAuthPlugin ". I don't see version numbers in the repository, only the trunk and the 0.11 branch. Neither one works.

comment:4 Changed 12 years ago by anonymous

SO I took a fresh look at the code and I believe people are hitting this for a few different reasons

the valid_group_users entry is being evaluated by enumerating all users in a recursive fashion.. this needs to be re-written

the user should be a single search, and then search it for groups and recurse vs piling up the users and then compare.

I'll refactor this code and update as next iteration.

comment:5 Changed 12 years ago by anonymous

Refactored and testing now .. this HUGELY improved speed.

comment:6 Changed 12 years ago by anonymous

Resolution:	→ fixed
Status:	assigned → closed

Testing completed.

renamed things to make it right.
cleaned up the configuration.

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain branson.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: