Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP not working up 1.000 users #39

Closed
andbrslz opened this issue Jul 3, 2020 · 11 comments
Closed

LDAP not working up 1.000 users #39

andbrslz opened this issue Jul 3, 2020 · 11 comments

Comments

@andbrslz
Copy link

andbrslz commented Jul 3, 2020

When you have more than a thousand users the error is displayed and it is not possible to login with any ldap user

ERROR:
[15:29:41] [ERR] [25] Emby.Server.Implementations.HttpServer.HttpListenerHost: Error processing request. URL: http://localhost/Users/authenticatebyname
LdapException: Sizelimit Exceeded (4) Sizelimit Exceeded

System (please complete the following information):

  • OS: Linux Ubuntu
  • Virtualization:Docker
  • Clients: All
  • Jellyfin Version: 10.5.5
  • Installed Plugins: LDAP v6
  • Reverse Proxy: nginx
@joshuaboniface
Copy link
Member

Sounds like a limitation of how we're doing LDAP with the plugin. It returns a full list of users using the Novell library, then parses that list. That error is coming from the Novell library itself, so that must be a hard limit there.

Are all 1000+ users actually Jellyfin users? If not, you could probably limit the search string to only catch them (for instance using an enabledService field), but if not this might be a hard limit. I'll do some digging.

@joshuaboniface joshuaboniface transferred this issue from jellyfin/jellyfin Jul 6, 2020
@joshuaboniface
Copy link
Member

@andyhoo Can you enable debug logging in the Jellyfin server and send the full logs of the LDAP transaction? I'm curious if some of the other messages give more info about where this is happening. My own LDAP instance has nowhere near that many users so reproducing might be hard.

@joshuaboniface
Copy link
Member

Checking their docs (https://www.novell.com/documentation/developer/ldapcsharp/?page=/documentation/developer/ldapcsharp/cnet/data/bovtz77.html) there's no mention of a limit, but 1000 doesn't seem that large to me. More logging will hopefully provide clues.

@Hayajiro
Copy link

Hayajiro commented Jul 9, 2020

The limit is enforced by the respective LDAP-Server. You can try increasing the limit on your LDAP-Server. Alternatively, one could implement paged search, but documentation on implementing it isn't all that great, as far as I've seen.

However, limiting the query to those users that really need access to Jellyfin (e.g. by a group etc.) should also "circumvent" the issue.

Also, please make sure not to open multiple issues with the same topic. This is a duplicate of #35 (also created by you).

@Rob4001
Copy link

Rob4001 commented Jul 27, 2020

@Ciapa is correct, I use this library (albeit an older version) in my day job and it is a LDAP server mandated limit, generally on ActiveDirectory based servers but some implementations also include it: https://ldapwiki.com/wiki/MaxPageSize

My suggestion would be to include a configuration option to enable either Simple or VLV Paging to the searches, Example here: https://github.com/dsbenghe/Novell.Directory.Ldap.NETStandard/blob/master/original_samples/Samples.Controls/VLVControl.cs

I may have some time over the next few days to get a PR together, perhaps add a few tests

@oddstr13 oddstr13 mentioned this issue Jul 30, 2020
Closed
@crobibero crobibero mentioned this issue Aug 20, 2020
Closed
@h3ge
Copy link

h3ge commented Mar 6, 2021

Is it really necessary to evaluate all users?

For user group checks I usually use something like this:

(&(memberOf:1.2.840.113556.1.4.1941:=CN=MyUserGroup,DC=Groups,DC=dummy,DC=local)(objectClass=user)(sAMAccountName=%ESCAPEDUSERNAME%))

If several attributes are to be used as login name, the filter must be adapted accordingly.

@sphaero
Copy link

sphaero commented Feb 7, 2023

I'm running into this issue as well and I cannot create a filter which only results <1000 users. Why is there a query for the full list of users anyway?

@sphaero
Copy link

sphaero commented Feb 7, 2023

Not sure why this is closed but I'm running into this with 10.8.8-1 with the plugin from the catalog.

Feb 07 15:41:41 pong jellyfin[9161]: [15:41:41] [ERR] Error processing request. URL POST /ldap/LdapUserSearch.
Feb 07 15:41:41 pong jellyfin[9161]: LdapException: Size Limit Exceeded (4) Size Limit Exceeded
Feb 07 15:41:41 pong jellyfin[9161]: LdapException: Matched DN:

@sphaero sphaero mentioned this issue Feb 7, 2023
Closed
@ParhamGhafouri
Copy link

Greetings,

I have this problem on my organization with more than 1000 users to query from LDAP server and still facing "Base Search: Size Limit Exceeded" and "Failure: User Filter: Size Limit Exceeded". was wonder if there is any workaround to fix this problem.

@sphaero
Copy link

sphaero commented Feb 28, 2023

Better move your attention to #139. We need to implement the ldap plugin differently. It's quite a trivial fix but requires understanding LDAP. I'm still evaluating Jellyfin so I have no time yet to work on it.

@ParhamGhafouri
Copy link

Greetings and Thanks , I did post on #139

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@Rob4001 @sphaero @joshuaboniface @Hayajiro @andbrslz @h3ge @ParhamGhafouri