OpenStack Dashboard (Horizon)

Horizon cannot display >1.5K users from LDAP

Bug #1496045 reported by Paul Karikh on 2015-09-15

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Dashboard (Horizon)	Opinion	Medium	Paul Karikh	OpenStack Dashboard (Horizon) next

Bug Description

If Keystone is set up with LDAP and there is a lot of users (look like 1500 users if an the threshold value), Horizon can't fetch all users from domain and shows error "Error: Unable to retrieve user list."
There is no issues if number of users in LDAP is much smaller.
Also fetching 1K users from LDAP takes too long time (in comparsion with MySQL).
Affected pages:
identity/users
identity/domains (cannot list domain members)

Revision history for this message

David Lyle (david-lyle) wrote on 2015-11-24:

There is no reason to list all 1K users. Any place where the user is choosing from a large number of users, there should be a filter box to perform server side API filtering to reduce the number of results. A bug to insure that behavior is in place in all locations of the UI where needed is a more appropriate bug.

Changed in horizon:
status:	New → Won't Fix

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-27: Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/250869

Changed in horizon:
assignee:	nobody → Paul Karikh (pkarikh)
status:	Won't Fix → In Progress

OpenStack Infra (hudson-openstack) on 2016-02-13

Changed in horizon:
assignee:	Paul Karikh (pkarikh) → Timur Sufiev (tsufiev-x)

Timur Sufiev (tsufiev-x) on 2016-02-14

Changed in horizon:
assignee:	Timur Sufiev (tsufiev-x) → Paul Karikh (pkarikh)

Rob Cresswell (robcresswell-deactivatedaccount) on 2016-04-19

Changed in horizon:
importance:	Undecided → Medium
milestone:	none → next

Revision history for this message

SeanBoran (sean-boran) wrote on 2016-08-05:

I just came across this limitation.

By setting the following one can limit the number of users shown (see also https://bugs.launchpad.net/keystone/+bug/1501698 which shows the commit earlier this year to include that feature)
[identity]
list_limit = 50

So now when one goes to horizon/identity/domains/ in the browser and then selects “manage members” from the dropdown for the LDAP domain, a list of 50 users pops up (and there are no errors such as SIZELIMIT_EXCEEDED).

The problem: One can see 50 users and search for a user within that list, however one cannot search for others users .
Domain Groups have the same limitation.

To me it looks like support for LDAP paging needs to be added e.g. http://jeftek.com/219/avoid-changing-the-maxpagesize-ldap-query-policy

Revision history for this message

Lucas H. Xu (xuh-2) wrote on 2017-02-23:

Hey Paul, are you still working on this?

Changed in horizon:
status:	In Progress → Opinion

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-01: Change abandoned on horizon (master)

Change abandoned by Rob Cresswell (<email address hidden>) on branch: master
Review: https://review.openstack.org/250869
Reason: Due to inactivity and merge conflict

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.