#3185 SSSD goes offline when the LDAP server returns sizelimit exceeded
Closed: Fixed None Opened 2 years ago by lslebodn.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1375182

Created attachment 1200199
SSSD Domain log for this issue.

Description of problem:
This issue was observed during regression round of the existing performance
suite. This test fails due to a reproduction step mentioned in
https://bugzilla.redhat.com/show_bug.cgi?id=889182#c2 :

for i in `getent group someverylargegroup | tr ',' ' '`; do id $i; done

In the test environment we have approximately 16000 users shared by 3 large
groups (puser10000 to puser26000). There is a delay in fetching the users as
well, while running a user lookup for puser15677 or say puser25788.

Here we are trying to retrieve the large group and then run "id" command on
each user. Group retrieval works fine but id command fails. The id command
works only for the first user and then it fails for others. The work around is
to first execute "getent passwd -s sss <user>" and then run id command which i
manually did.

Version-Release number of selected component (if applicable):
sssd-1.14.0-36.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Setup a 389-DS server with large user-group. lets say 5000 users in a
bulkgroup.

2. Setup SSSD client with ldap provider. See the sssd.conf below:

[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP

[nss]
filter_groups = root
filter_users = root

[pam]

[domain/LDAP]
debug_level = 0xFFF0
id_provider = ldap
ldap_uri = ldap://<SERVER>
ldap_tls_cacert = /etc/openldap/certs/cacert.asc

3. Run the following in a script:
for i in `getent group bulkgroup1 | tr ',' ' '`; do id $i;

Actual results:
id command fails for all users except the first one.

Expected results:
id command should work for all.

Additional info:
SSSD domain log attached.

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
milestone: NEEDS_TRIAGE => SSSD 1.14.2
resolution: => fixed
review: True => 0
selected: =>
status: new => closed
testsupdated: => 0

Metadata Update from @lslebodn:
- Issue set to the milestone: SSSD 1.14.2

2 years ago

Login to comment on this ticket.

Metadata