Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1478322
Description of problem: When admin set the global size limit (ipa config-mod) to the lower or equal number than the amount of any entity which is user member of (user group, netgroup, role, HBAC rule, Sudo rule) then the 'ipa user show' command fails with following error: CLI: ipa: ERROR: Configured size limit exceeded API: ERROR: 4215 "Configured size limit exceeded" "SizeLimitExceeded" So, the same behavior in CLI and API. Also other commands which internally callsuser-show fails (i.e. pwpolicy-show). Version-Release number of selected component (if applicable): ipa-4.4.0-12, ipa-4.5.0-21.el7_4.1 Haven't tried older versions yet. How reproducible: 100% Steps to Reproduce (in WebUI): 1. Create a user in IPA 2. Create 5 user groups 3. Go to User details facet 4. Click on "User groups" tab 5. Add all created user groups 6. Everything works as expected (default sizelimit is 100) 7. Go to IPA Server -> Configuration 8. Change Search size limit to 4 9. Go back to Identity -> open user created in step 1 10. Hit 'Refresh' button 11. Error dialog is shown Steps to Reproduce (CLI): 1. $ ipa user-add tuser --first=test --last=user 2. $ ipa usergroup-add tgroup1-5 3. $ ipa group-add-member tgroup1-5 --users=tuser 4. $ ipa user-show tuser 5. everything works properly -> user record is shown 6. $ ipa config-mod --searchrecordslimit=5 7. $ ipa user-show tuser 8. size limit error Actual results: Got sizelimit error Expected results: Get user record Additional info:
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1478322
Metadata Update from @rcritten: - Issue assigned to rcritten
I think the search for group membership should be unlimited.
https://github.com/freeipa/freeipa/pull/1109
master:
ipa-4-6:
ipa-4-5:
Metadata Update from @stlaz: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.