Project

General

Profile

Bug #5504

LDAP error when defining group criteria

Added by Dennis Cabooter almost 6 years ago. Updated over 4 years ago.

Status:
Released
Priority:
1
Category:
Web - Nodes & inventories
Target version:
Severity:
User visibility:
Effort required:
Priority:

Description

If I try to create a Node Group, using a regex for searching, I get the following error:

[2014-09-08 16:59:59] ERROR com.normation.ldap.sdk.RoLDAPConnection - Ignored execption (configured to be ignored)
com.unboundid.ldap.sdk.LDAPSearchException: size limit exceeded
    at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3297) ~[unboundid-ldapsdk-2.3.4.jar:2.3.4]

Related issues

Related to Rudder - Bug #5308: Searching node by software name regexp failsRejected2014-07-24Actions
#1

Updated by Vincent MEMBRÉ almost 6 years ago

  • Category set to Web - Nodes & inventories
  • Assignee set to François ARMAND

Thansk Dennis, can you add the criteria you put in the regexp field ??

Thanks!

#2

Updated by Dennis Cabooter almost 6 years ago

As discussed on IRC:

17:12 < Vince_McBuche> dnns: What is the value you entered ? so we can 
                       reproduce it :)
17:18 < dnns> software version regex .*winbind.*
17:18 < dnns> for your info:
17:18 < dnns> software version = winbind
17:18 < dnns> does work
17:18 < dnns> (but i need the regex)
#3

Updated by Dennis Cabooter almost 6 years ago

When trying this at Search Nodes...

This doesn't work:

Software Name Regex rudder.*

This works:

Software Name = rudder-agent
Software Version Regex 2\.11\..*
#4

Updated by Dennis Cabooter almost 6 years ago

In the last example, this:

Software Version Regex rudder.*

Should be this:

Software Name Regex rudder.*
#5

Updated by Vincent MEMBRÉ almost 6 years ago

Thanks Dennis, i edited the comment!

#6

Updated by François ARMAND almost 6 years ago

  • Status changed from New to 8

So, the problem is due to the number of software entries. In more details:

LDAP does not support regex matching on queries. So to handle them, we return all the entries to check for the regex and process the regex on the client side.

On the other hand, there is limits on the number of entries returned by the server.

The conjonction of the two factors lead to the error.

I think there is no reason to limit the number of returned entries, and we should just safe-guard with a time limit for requests.
An other solution is to pre-process the regex query to see if it can be more efficiently translated to a substring query, as it is the case here, so that we have far less response in the common cases.

An other think: we never ever delete software, meaning that their number is strictly rising and so that bug will appear at some point for any people using regex match on software.

I don't see any easy (i.e: without code in the webapp) workaround safe removing softwares from LDAP so that only actuall software will be re-added (and so that the total stay under the limit.

#7

Updated by François ARMAND almost 6 years ago

  • Target version set to 2.6.18
#8

Updated by François ARMAND almost 6 years ago

  • Status changed from 8 to Pending technical review
  • Assignee changed from François ARMAND to Nicolas CHARLES
  • Target version changed from 2.6.18 to 2.10.6
  • Pull Request set to https://github.com/Normation/rudder/pull/608
#9

Updated by François ARMAND almost 6 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
#11

Updated by Matthieu CERDA over 5 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.10.6, which was released today.
Check out:

#12

Updated by Matthieu CERDA over 5 years ago

This bug has been fixed in Rudder 2.10.6, which was released today.
Check out:

#13

Updated by Benoît PECCATTE over 4 years ago

  • Target version changed from 2.10.6 to 2.6.18

Also available in: Atom PDF