Ldap sizelimit exceeded

[jberanek]

Hi all, I recently upgraded MRBS to version 1.10 and found bug (2482) so I upgraded from source.

After the upgrade everithing seem working fine, but when I try to get a report and start date is today a get an error in the browser and get no report.

Apache logs show an error:

ldap_search(): Partial search results returned: Sizelimit exceeded, /var/www/html/lib/MRBS/Auth/AuthLdap.php, 551

If I change date to a day after today, I get the report.

Thanks in advance.

regards.

Reported by: asierran

Original Ticket: mrbs/bugs/522

[jberanek]

I forgot: I have a very large directory.

Original comment by: asierran

[jberanek]

I also found I was affected with bug #2048 https://sourceforge.net/p/mrbs/support-requests/2048/

As a workaround I've edited configuration, and added a ldap_filter ("objectCategory=person";) and created an array of base dn.

Now I get no errors, nor in reports or editing entrys.

When editing entry as an admin y only see users from one of the base ous.

Original comment by: asierran

[jberanek]

Yes, there's a problem with very large directories. I think that the proper fix is that MRBS needs to do paged searches. In the meantime, if you are using the latest development code from the main branch, there's a config setting, $get_display_names_all_at_once = false; that will stop MRBS trying to get all the users in one go. The trade-off though is that reports will usually take much longer to produce as MRBS will have to do a separate search for each user. See the extract below from systemdefaults.inc.php for more details:

// Determines whether MRBS should get all the display names at once when
// asked to get a single display name.  MRBS converts usernames to display
// names when displaying bookings and in reports.  This can be an expensive
// operation when using an external authentication type, eg 'db_ext', 'ldap'
// or 'wix', and it is usually much faster to retrieve all the names at once
// when getting the first name, especially when producing large reports.  However
// sometimes retrieving all the names can take a very long time, eg when
// working with a very large LDAP directory, and it can be better just to retrieve
// each name when needed.
$get_display_names_all_at_once = true;

Original comment by: campbell-m

[jberanek]

Thanks @cimorrison.

Yes, I am using the latests development code.

I've tried that config setting (after rolling back configurations of filters and base ous).

Now reports seems fine.

Creating entries with administrator account still gives sizelimit exceeded.

Original comment by: asierran

[jberanek]

Creating entries with administrator account still gives sizelimit exceeded.

Yes, for that you will need to set

$auth['admin_can_only_book_for_self'] = true;

This will mean that admins won't be able to create entries in the name of other people, but I'm afraid that there's no way around that until we implement paged searches.

Original comment by: campbell-m

[jberanek]

Great, thanks Campell, also for your quick response.

Original comment by: asierran