#7112 user-show command fails when sizelimit is configured to number <= number of entity which is user member of
Closed: fixed 4 years ago Opened 4 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1478322

Description of problem:
When admin set the global size limit (ipa config-mod) to the lower or equal
number than the amount of any entity which is user member of (user group,
netgroup, role, HBAC rule, Sudo rule) then the 'ipa user show' command fails
with following error:

CLI:
ipa: ERROR: Configured size limit exceeded

API:
ERROR: 4215
"Configured size limit exceeded"
"SizeLimitExceeded"

So, the same behavior in CLI and API. Also other commands which internally
callsuser-show fails (i.e. pwpolicy-show).

Version-Release number of selected component (if applicable):
ipa-4.4.0-12, ipa-4.5.0-21.el7_4.1
Haven't tried older versions yet.

How reproducible:
100%

Steps to Reproduce (in WebUI):
1. Create a user in IPA
2. Create 5 user groups
3. Go to User details facet
4. Click on "User groups" tab
5. Add all created user groups
6. Everything works as expected (default sizelimit is 100)
7. Go to IPA Server -> Configuration
8. Change Search size limit to 4
9. Go back to Identity -> open user created in step 1
10. Hit 'Refresh' button
11. Error dialog is shown


Steps to Reproduce (CLI):
1. $ ipa user-add tuser --first=test --last=user
2. $ ipa usergroup-add tgroup1-5
3. $ ipa group-add-member tgroup1-5 --users=tuser
4. $ ipa user-show tuser
5. everything works properly -> user record is shown
6. $ ipa config-mod --searchrecordslimit=5
7. $ ipa user-show tuser
8. size limit error


Actual results:
Got sizelimit error

Expected results:
Get user record

Additional info:

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1478322

4 years ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1478322

4 years ago

Metadata Update from @rcritten:
- Issue assigned to rcritten

4 years ago

I think the search for group membership should be unlimited.

master:

  • 418421d Collect group membership without a size limit

ipa-4-6:

  • b516ad8 Collect group membership without a size limit

ipa-4-5:

  • c27d015 Collect group membership without a size limit

Metadata Update from @stlaz:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

4 years ago

Login to comment on this ticket.

Metadata