mandriva

Ticket #153 (new defect)

Opened 1 year ago

Last modified 1 year ago

Several entries in LDAP

Reported by: Jarbas Peixoto Júnior <jarbas.junior@gmail.com> Assigned to: cdelfosse@mandriva.com
Priority: normal Milestone:
Component: mmc-web-base Version: 2.2.0
Severity: normal Keywords:
Cc:

Description

I have 64174 entries in ldap. 

slapcat > /tmp/all.ldif
grep ^dn: /tmp/all.ldif | wc -l
64174

I have 53057 user in one container: 

grep ou=Pessoas,ou=Usuarios,dc=previdencia,dc=gov,dc=br$ /tmp/all.ldif | wc -l
53057

My php.ini has: 

max_execution_time = 60     ; Maximum execution time of each script, in seconds
max_input_time = 60 ; Maximum amount of time each script may spend parsing request data
memory_limit = 64M      ; Maximum amount of memory a script may consume (16MB

When I click in the any Group (in MMC), I receive 

Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 51821538 bytes) in /usr/share/mmc/includes/xmlrpc.inc.php on line 188

What can I do?

Attachments

Change History

12/19/07 08:49:26 changed by cdelfosse@mandriva.com

Hello,

you should try to raise the memory_limit option. Maybe memory_limit = 128M will work.

12/19/07 12:25:42 changed by Jarbas Peixoto Júnior <jarbas.junior@gmail.com>

Ok. Works (with a delay of 15 seconds for the php create html) for me with: 

max_execution_time = 120     ; Maximum execution time of each script, in seconds
max_input_time = 120 ; Maximum amount of time each script may spend parsing request data
memory_limit = 160M      ; Maximum amount of memory a script may consume (16MB)

But if I have a million users?

I think the way to make "all" users can be replaced by a field where the administrator tell the "uid" to be included through a consulting the ldap.

12/19/07 15:31:49 changed by cdelfosse@mandriva.com

Sure, the current design of this page does not scale at all... Do you know how other LDAP management applications made their "group member management page" so that it scales ? Btw, your design suggestion sounds good.

Regards,

12/22/07 12:15:11 changed by anonymous

Searching on the internet and all the tools I found LPG (phpldapadmin, ldap-admin-manager, etc.) has the same limitation, or are not prepared for a large number of entries in ldap.

Basic idea:

1) All "initial screens (in the URL that contains action-index)" (users, groups, etc.) should not show all the entries contained in LDAP. Why? Because the large number of entries in LDAP involve a large processing LDAP server to return all entries, resulting also in a high consumption of memory for PHP can store and process these entries, and generate a huge HTML, resulting also in a high consumption of memory by the browser to display any content.

2) What show how default Nothing. That's right, nothing should be shown before the user fill a field of FILTER (already exists in modules, users and groups), that is, only make a search on ldap (and later viewing on the screen) if the filter is not NULL. If this filter results in a large amount of entries in LDAP we have the problem. How to solve? Using a variable (eg SizeLimit?) in the file. INI to indicate the maximum entries which must be returned by a query LDAP. If a "ldapsearch" result in more entries that "SizeLimit?" a notice must be displayed (eg SizeLimit? Excedido - Refine your search). This notice serves as a warning, telling the user that there are more entries that allows SizeLimit? view.

3) The management of the groups, the issue should not display all users that are not part of the group (aiming include power users in the group). Now, iImagine a group with all users. We will have the same problem. How to solve? When editing a group show the details of the group (description, cn, gid, ..). A combo must allow a user to search and return if it is a member of the group or not. "Uid" is stored in the entry of the group, but the presentation of the member to the user, can be made with attributes "displayName, email" that identify the user better than the "uid"

I hope I have been able to collaborate

This text was translated by the translator google.

Add/Change #153 (Several entries in LDAP)




Change Properties
Action