groupOfUniqueNames with more than 500 members begins to remove memberships when editing

leenooks / phpLDAPadmin

phpLDAPadmin - Web based LDAP administration tool

www.phpldapadmin.org

GNU General Public License v2.0

538 stars 171 forks source link

groupOfUniqueNames with more than 500 members begins to remove memberships when editing #194

Closed RogerSik closed 1 year ago

RogerSik commented 1 year ago

Describe the bug When modifying membership of groupOfUniqueNames which has more than 500 members, random existing users will be "thrown" out.

Example screenshots:

Group with 527 members: 10_13-30-00

Only adding one user to this group. Screen of action what will happen: 10_13-31-04

-> Removing membershop of multiple users

To Reproduce Steps to reproduce the behavior:

Add to groupOfUniqueNames more than 500 members with "modify group members" button
Save changes
See result

Expected behavior It should be possible to add more users, when a group grows with the time over 500 memberships.

Desktop (please complete the following information):

OS: Windows 11
Browser: Edge
Version: 110.0.1578.63

This errors also happens on Mac Safari.

We use phpldapadmin in version 1.25 with the "osixia/phpldapadmin:latest" docker container.

RogerSik commented 1 year ago

More information because of troubleshooting:

When accepting the removation of the users. The removed users are still there but they are also available to be added to the group.

RogerSik commented 1 year ago

We are running slapd 2.4.49 on Ubuntu 20.04.

brenard commented 1 year ago

It's may due to limit in number of objects returned by a search. As a work-around, you could increase this limit (see https://www.openldap.org/doc/admin24/limits.html). To properly fix this problem, we could implement paged search in this context but it will be works only on LDAP v3 connection.

RogerSik commented 1 year ago

The olclimit is set to 1000 because we have other applications which also had the issue.

If that is the issue than viewing the group should also be an issue but its not. Only adding. When extending the group with a line and not with the "selector" modify group it is working fine.

brenard commented 1 year ago

Ok, I reproduce the problem and finally found that this problem is due to PHP max_input_vars INI parameter defaulty set to 1000.

; How many GET/POST/COOKIE input variables may be accepted
max_input_vars = 1000

You have to increase this value to handle more than ~500 users because old and new values are passed in POST. Don't forget to restart apache2 or php-fpm after setting this parameter.

Note: phpLDAPadmin could try to set this parameter automatically but it's not really reliable, so I think it's preferable that users set it manually.

RogerSik commented 1 year ago

Many thanks @brenard, will try it this week.

RogerSik commented 1 year ago

Works 👍 so im closing this issue.