Size limit exceeded when querying AD with more than 1000 entries
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Undecided
|
Jose Castro Leon |
Bug Description
When the objects retrieved via LDAP module surpass 1000, Active Directory refuses the query operation with an exception 'size limit exceeded'.
2012-11-27 08:10:11 ERROR [root] {'desc': 'Size limit exceeded'}
Traceback (most recent call last):
File "/usr/lib/
result = method(context, **params)
File "/usr/lib/
return {'users': self.identity_
File "/usr/lib/
return f(*args, **kw)
File "/usr/lib/
return self.user.get_all()
File "/usr/lib/
for x in self._ldap_
File "/usr/lib/
return conn.search_
File "/usr/lib/
res = self.conn.
File "/usr/lib64/
return self.search_
File "/usr/lib64/
return self.result(
File "/usr/lib64/
res_
File "/usr/lib64/
res_type, res_data, res_msgid, srv_ctrls = self.result3(
File "/usr/lib64/
ldap_result = self._ldap_
File "/usr/lib64/
result = func(*args,
SIZELIMIT_EXCEEDED: {'desc': 'Size limit exceeded'}
2012-11-27 08:10:11 DEBUG [keystone.
2012-11-27 08:10:11 DEBUG [keystone.
2012-11-27 08:10:11 DEBUG [keystone.
2012-11-27 08:10:11 DEBUG [keystone.
2012-11-27 08:10:11 DEBUG [keystone.
2012-11-27 08:10:11 DEBUG [keystone.
2012-11-27 08:10:11 DEBUG [keystone.
Changed in keystone: | |
status: | New → Confirmed |
Changed in keystone: | |
milestone: | none → grizzly-rc1 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | grizzly-rc1 → 2013.1 |
It seems than a paged search on the LDAP server should work, but paged controls are only available with LDAP v3...