Modify

Opened 5 years ago

Closed 4 years ago

#10286 closed defect (fixed)

SIZELIMIT_EXCEEDED error when attempting to authenticate

Reported by: lholcomb2@… Owned by: branson
Priority: normal Component: DirectoryAuthPlugin
Severity: normal Keywords:
Cc: Trac Release: 1.0

Description

When trying to authenticate a user we get the following error:

SIZELIMIT_EXCEEDED: {'desc': 'Size limit exceeded'}

We've tried both trunk and 0.11

With trunk we get the error all the time (on every page).

With 0.11 we only get the error when trying to authenticate.

Attachments (0)

Change History (6)

comment:1 Changed 5 years ago by branson

Status: newassigned

Yep .. this was a major problem I ran into as well. The issue was that the has_user call was returning *all* users in the base_dn. Further it was using LDAP_SUBTREE as a scope.. bad. Here's how i have fixed it for us ( NASA .. our dir has > 10k entries )

  • No longer ever return all users in the LDAP db, but only the users who have logged in once.
  • This may cause some operational issues for people that want to include people in the CC, and are using the AutoCompleteUsers plugin and assume the entire directory is available for search. I am taking that one over too and will re-write it to better handle large ldap directories... and give the admin the option to select Local or all users.
  • group_user expansion wasn't quite right, and returned dupes .. fixed that too

comment:2 Changed 5 years ago by branson

Please test 0.5 of DirectoryAuthPlugin when I release it, also note .. you'll have to edit/change your trac.ini with the new variable names .. but they're far more explanitory and worth the change. Respond to this ticket if it fixes it. Thanks.

comment:3 Changed 5 years ago by andy.barreras@…

I'm having exactly the same issue. Please explain request to "test with 0.5 of DirectoryAuthPlugin ". I don't see version numbers in the repository, only the trunk and the 0.11 branch. Neither one works.

comment:4 Changed 4 years ago by anonymous

SO I took a fresh look at the code and I believe people are hitting this for a few different reasons

  • the valid_group_users entry is being evaluated by enumerating all users in a recursive fashion.. this needs to be re-written
  • the user should be a single search, and then search it for groups and recurse vs piling up the users and then compare.
  • I'll refactor this code and update as next iteration.

comment:5 Changed 4 years ago by anonymous

Refactored and testing now .. this HUGELY improved speed.

comment:6 Changed 4 years ago by anonymous

Resolution: fixed
Status: assignedclosed

Testing completed.

  • renamed things to make it right.
  • cleaned up the configuration.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain branson.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.