[Check_mk (english)] LDAP SIZELIMIT_EXCEEDED: {'desc': 'Size limit exceeded'}

cristian.calin1 · January 8, 2013, 2:57pm

Hello,

I’m getting the following error while trying to use active directory as an authentication source for check_mk (latest git).

The AD hase some 3500 users defined, and all in the same Organizational Unit and the users that need to have access to Check_MK cannot be moved to some sub-OU due to some internal requirements of the organization.

Any ideas how this can be addressed ?

Thanks,

Cristian Calin

Traceback (most recent call last):

File “/omd/sites/gui/share/check_mk/web/htdocs/userdb.py”, line 506, in hook_sync

handler(add_to_changelog, only_username)

File “/omd/sites/gui/share/check_mk/web/plugins/userdb/ldap.py”, line 553, in ldap_sync

ldap_users = ldap_get_users()

File “/omd/sites/gui/share/check_mk/web/plugins/userdb/ldap.py”, line 264, in ldap_get_users

filt, columns = columns):

File “/omd/sites/gui/share/check_mk/web/plugins/userdb/ldap.py”, line 197, in ldap_search

for dn, obj in ldap_connection.search_s(base, scope, filt, columns):

File “/usr/lib64/python2.6/site-packages/ldap/ldapobject.py”, line 516, in search_s

return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)

File “/usr/lib64/python2.6/site-packages/ldap/ldapobject.py”, line 828, in search_ext_s

return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)

File “/usr/lib64/python2.6/site-packages/ldap/ldapobject.py”, line 780, in _apply_method_s

return func(self,*args,**kwargs)

File “/usr/lib64/python2.6/site-packages/ldap/ldapobject.py”, line 510, in search_ext_s

return self.result(msgid,all=1,timeout=timeout)[1]

File “/usr/lib64/python2.6/site-packages/ldap/ldapobject.py”, line 436, in result

res_type,res_data,res_msgid = self.result2(msgid,all,timeout)

File “/usr/lib64/python2.6/site-packages/ldap/ldapobject.py”, line 440, in result2

res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)

File “/usr/lib64/python2.6/site-packages/ldap/ldapobject.py”, line 446, in result3

ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)

File “/usr/lib64/python2.6/site-packages/ldap/ldapobject.py”, line 96, in _ldap_call

result = func(*args,**kwargs)

SIZELIMIT_EXCEEDED: {‘desc’: ‘Size limit exceeded’}

Oleg_Roitburd · January 8, 2013, 8:55pm

Hi,

increasing a value of MaxPageSize in setting of your AD from default
1000 to 4000 is very usefull in this case

Regards
Oleg

···

2013/1/8 <cristian.calin@orange.com>:

Hello,

I’m getting the following error while trying to use active directory as an
authentication source for check_mk (latest git).

The AD hase some 3500 users defined, and all in the same Organizational Unit
and the users that need to have access to Check_MK cannot be moved to some
sub-OU due to some internal requirements of the organization.

Any ideas how this can be addressed ?

Thanks,

Cristian Calin

Traceback (most recent call last):

  File "/omd/sites/gui/share/check_mk/web/htdocs/userdb.py", line 506, in
hook_sync

    handler(add_to_changelog, only_username)

  File "/omd/sites/gui/share/check_mk/web/plugins/userdb/ldap.py", line 553,
in ldap_sync

    ldap_users = ldap_get_users()

  File "/omd/sites/gui/share/check_mk/web/plugins/userdb/ldap.py", line 264,
in ldap_get_users

    filt, columns = columns):

  File "/omd/sites/gui/share/check_mk/web/plugins/userdb/ldap.py", line 197,
in ldap_search

    for dn, obj in ldap_connection.search_s(base, scope, filt, columns):

  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 516, in
search_s

    return
self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)

  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 828, in
search_ext_s

    return
self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)

  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 780, in
_apply_method_s

    return func(self,*args,**kwargs)

  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 510, in
search_ext_s

    return self.result(msgid,all=1,timeout=timeout)[1]

  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 436, in
result

    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)

  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 440, in
result2

    res_type, res_data, res_msgid, srv_ctrls =
self.result3(msgid,all,timeout)

  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 446, in
result3

    ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)

  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 96, in
_ldap_call

    result = func(*args,**kwargs)

SIZELIMIT_EXCEEDED: {'desc': 'Size limit exceeded'}

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu
ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
France Telecom - Orange decline toute responsabilite si ce message a ete
altere, deforme ou falsifie. Merci

This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorization.
If you have received this email in error, please notify the sender and
delete this message and its attachments.
As emails may be altered, France Telecom - Orange shall not be liable if
this message was modified, changed or falsified.
Thank you.

_______________________________________________
checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

LaMi · January 9, 2013, 7:37am

Hello,

there might also be a limit configured in your OpenLDAP client configuration on the Check_MK server. Maybe you have some set in /etc/ldap/ldap.conf?

Regards
Lars

···

On 01/08/2013 03:57 PM, cristian.calin@orange.com wrote:

Hello,

I�m getting the following error while trying to use active directory as
an authentication source for check_mk (latest git).

The AD hase some 3500 users defined, and all in the same Organizational
Unit and the users that need to have access to Check_MK cannot be moved
to some sub-OU due to some internal requirements of the organization.

Any ideas how this can be addressed ?

Thanks,

Cristian Calin

Traceback (most recent call last):

   File "/omd/sites/gui/share/check_mk/web/htdocs/userdb.py", line 506,
in hook_sync

     handler(add_to_changelog, only_username)

   File "/omd/sites/gui/share/check_mk/web/plugins/userdb/ldap.py", line
553, in ldap_sync

     ldap_users = ldap_get_users()

   File "/omd/sites/gui/share/check_mk/web/plugins/userdb/ldap.py", line
264, in ldap_get_users

     filt, columns = columns):

   File "/omd/sites/gui/share/check_mk/web/plugins/userdb/ldap.py", line
197, in ldap_search

     for dn, obj in ldap_connection.search_s(base, scope, filt, columns):

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
516, in search_s

     return
self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
828, in search_ext_s

     return
self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
780, in _apply_method_s

     return func(self,*args,**kwargs)

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
510, in search_ext_s

     return self.result(msgid,all=1,timeout=timeout)[1]

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
436, in result

     res_type,res_data,res_msgid = self.result2(msgid,all,timeout)

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
440, in result2

     res_type, res_data, res_msgid, srv_ctrls =
self.result3(msgid,all,timeout)

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
446, in result3

     ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
96, in _ldap_call

     result = func(*args,**kwargs)

SIZELIMIT_EXCEEDED: {'desc': 'Size limit exceeded'}

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorization.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, France Telecom - Orange shall not be liable if this message was modified, changed or falsified.
Thank you.

_______________________________________________
checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

cristian.calin1 · January 9, 2013, 10:46am

Indeed there is a limit but it cannot be set in ldap.conf since the python implementation is independent of openldap.
My solution was to use a ldap filter and limit the results based on some specific attributes.

Just an idea of how this can be implemented better maybe set/manage this limit from inside WATO.
Also Kerberos support would be nice to mix with this to allow SSO from IE and other kerberised browsers.

···

-----Original Message-----
From: checkmk-en-bounces@lists.mathias-kettner.de [mailto:checkmk-en-bounces@lists.mathias-kettner.de] On Behalf Of Lars Michelsen
Sent: Wednesday, January 09, 2013 9:37 AM
To: checkmk-en@lists.mathias-kettner.de
Subject: Re: [Check_mk (english)] LDAP SIZELIMIT_EXCEEDED: {'desc': 'Size limit exceeded'}

Hello,

there might also be a limit configured in your OpenLDAP client configuration on the Check_MK server. Maybe you have some set in /etc/ldap/ldap.conf?

Regards
Lars

On 01/08/2013 03:57 PM, cristian.calin@orange.com wrote:

Hello,

I'm getting the following error while trying to use active directory
as an authentication source for check_mk (latest git).

The AD hase some 3500 users defined, and all in the same
Organizational Unit and the users that need to have access to Check_MK
cannot be moved to some sub-OU due to some internal requirements of the organization.

Any ideas how this can be addressed ?

Thanks,

Cristian Calin

Traceback (most recent call last):

   File "/omd/sites/gui/share/check_mk/web/htdocs/userdb.py", line
506, in hook_sync

     handler(add_to_changelog, only_username)

   File "/omd/sites/gui/share/check_mk/web/plugins/userdb/ldap.py",
line 553, in ldap_sync

     ldap_users = ldap_get_users()

   File "/omd/sites/gui/share/check_mk/web/plugins/userdb/ldap.py",
line 264, in ldap_get_users

     filt, columns = columns):

   File "/omd/sites/gui/share/check_mk/web/plugins/userdb/ldap.py",
line 197, in ldap_search

     for dn, obj in ldap_connection.search_s(base, scope, filt, columns):

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
516, in search_s

     return
self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,ti
meout=self.timeout)

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
828, in search_ext_s

     return
self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
780, in _apply_method_s

     return func(self,*args,**kwargs)

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
510, in search_ext_s

     return self.result(msgid,all=1,timeout=timeout)[1]

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
436, in result

     res_type,res_data,res_msgid = self.result2(msgid,all,timeout)

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
440, in result2

     res_type, res_data, res_msgid, srv_ctrls =
self.result3(msgid,all,timeout)

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
446, in result3

     ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)

   File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line
96, in _ldap_call

     result = func(*args,**kwargs)

SIZELIMIT_EXCEEDED: {'desc': 'Size limit exceeded'}

______________________________________________________________________
___________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc pas etre diffuses,
exploites ou copies sans autorisation. Si vous avez recu ce message
par erreur, veuillez le signaler a l'expediteur et le detruire ainsi
que les pieces jointes. Les messages electroniques etant susceptibles
d'alteration, France Telecom - Orange decline toute responsabilite si
ce message a ete altere, deforme ou falsifie. Merci

This message and its attachments may contain confidential or
privileged information that may be protected by law; they should not be distributed, used or copied without authorization.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, France Telecom - Orange shall not be liable if this message was modified, changed or falsified.
Thank you.

_______________________________________________
checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

_______________________________________________
checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorization.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, France Telecom - Orange shall not be liable if this message was modified, changed or falsified.
Thank you.