Bug #5504
closed
LDAP error when defining group criteria
Description
If I try to create a Node Group, using a regex for searching, I get the following error:
[2014-09-08 16:59:59] ERROR com.normation.ldap.sdk.RoLDAPConnection - Ignored execption (configured to be ignored)
com.unboundid.ldap.sdk.LDAPSearchException: size limit exceeded
at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3297) ~[unboundid-ldapsdk-2.3.4.jar:2.3.4]
Updated by Vincent MEMBRÉ over 9 years ago
- Category set to Web - Nodes & inventories
- Assignee set to François ARMAND
Thansk Dennis, can you add the criteria you put in the regexp field ??
Thanks!
Updated by Dennis Cabooter over 9 years ago
As discussed on IRC:
17:12 < Vince_McBuche> dnns: What is the value you entered ? so we can
reproduce it :)
17:18 < dnns> software version regex .*winbind.*
17:18 < dnns> for your info:
17:18 < dnns> software version = winbind
17:18 < dnns> does work
17:18 < dnns> (but i need the regex)
Updated by Dennis Cabooter over 9 years ago
When trying this at Search Nodes...
This doesn't work:
Software Name Regex rudder.*
This works:
Software Name = rudder-agent Software Version Regex 2\.11\..*
Updated by Dennis Cabooter over 9 years ago
In the last example, this:
Software Version Regex rudder.*
Should be this:
Software Name Regex rudder.*
Updated by François ARMAND over 9 years ago
- Status changed from New to 8
So, the problem is due to the number of software entries. In more details:
LDAP does not support regex matching on queries. So to handle them, we return all the entries to check for the regex and process the regex on the client side.
On the other hand, there is limits on the number of entries returned by the server.
The conjonction of the two factors lead to the error.
I think there is no reason to limit the number of returned entries, and we should just safe-guard with a time limit for requests.
An other solution is to pre-process the regex query to see if it can be more efficiently translated to a substring query, as it is the case here, so that we have far less response in the common cases.
An other think: we never ever delete software, meaning that their number is strictly rising and so that bug will appear at some point for any people using regex match on software.
I don't see any easy (i.e: without code in the webapp) workaround safe removing softwares from LDAP so that only actuall software will be re-added (and so that the total stay under the limit.
Updated by François ARMAND over 9 years ago
- Status changed from 8 to Pending technical review
- Assignee changed from François ARMAND to Nicolas CHARLES
- Target version changed from 2.6.18 to 2.10.6
- Pull Request set to https://github.com/Normation/rudder/pull/608
Updated by François ARMAND over 9 years ago
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset ff11035dc91c2385e9652b339d593691f276b18c.
Updated by Nicolas CHARLES over 9 years ago
Applied in changeset 1d13f7b689651fe45be42d4a847814544dd546ef.
Updated by Matthieu CERDA over 9 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.10.6, which was released today.
Check out:
- The release announcement: http://www.rudder-project.org/pipermail/rudder-announce/2013-July/000038.html
- The full ChangeLog: http://www.rudder-project.org/foswiki/bin/view/System/Documentation:ChangeLog27
- Download information: https://www.rudder-project.org/site/get-rudder/downloads/
Updated by Matthieu CERDA over 9 years ago
This bug has been fixed in Rudder 2.10.6, which was released today.
Check out:
- The release announcement: http://www.rudder-project.org/pipermail/rudder-announce/2014-October/000109.html
- The full ChangeLog: http://www.rudder-project.org/foswiki/bin/view/System/Documentation:ChangeLog210
- Download information: https://www.rudder-project.org/site/get-rudder/downloads/
Updated by Benoît PECCATTE over 8 years ago
- Target version changed from 2.10.6 to 2.6.18