LDAP test fails with “size limit exceeded”?
0
I’ve filled in the ldap query fields, taking my data from a script that we use routinely in production.
When I click on the “Test” button, I get a “size limit exceeded” error in red at the top of the page.
If I click on the “Sync” button, I get a much more verbose error, starting with this:
Tags: asked August 27, 2012
Exception at /rest/settings/authentication/ldap/sync/ Size limit exceeded Request Method: GET Request URL: http://servername/rest/settings/authentication/ldap/sync/?_=1346082733649 Django Version: 1.4 Python Executable: C:\GitStack\apache\bin\httpd.exe Python Version: 2.7.2We do have a large number of ldap users (10**5), so I hope you’re not testing by blindly pulling down all the users. What do I need to change to get this working?
2 Answers
0
accepted
To answer my own question:
Yes, GitStack tries to download all the users matching the filter-expression as a "test" of connectivity.
LDAP supports limiting the number of responses returned by a query, both for performance and security reasons.
In large enterprise environments, this is definitely going to be active - you don't need to be able to list all the users in order to authenticate one at a time.
I'd suggest that the "test" operation take a special parameter- user name to look up, and that you only try matching one at a time, instead of the current model.
For those who may follow me, I worked around this by:
- Setting my "filter" to include a single username (&(...real filter stuff)(account-name=my-account-name))
- Save the settings
- Run the test
- Remove the (account-name=my-account-name) part of the filter
- Save again.
0
I would like to add more info on the subject. GitStack only pull one time (when you click on "sync") user names (no password or anything else). Theses users names are used to configure your repositories.
When a git client connect to GitStack, only one small request is perform to the LDAP server to check for the user credentials.
Your Answer
Please login to post questions.