https://bugzilla.redhat.com/show_bug.cgi?id=808042 (Red Hat Enterprise Linux 6)
Description of problem: Version-Release number of selected component (if applicable): ipa-server-2.2.0-7.el6.x86_64 How reproducible: Steps to Reproduce: 1. Create hostgroup 2. Add more than 2000 members to this hostgroup 3. Try removing a member. Actual results: See the following error message every other time while removing a member. "ipa: ERROR: hostgroup772150: host group not found" Expected results: Member should be removed successfully. Additional info: [root@primenova ~]# ipa -d hostgroup-remove-member hostgroup772150 --hosts=host816.lab.eng.pnq.redhat.com ... ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer ipa: DEBUG: cert valid True for "CN=primenova.lab.eng.pnq.redhat.com,O=LAB.ENG.PNQ.REDHAT.COM" ipa: DEBUG: handshake complete, peer = 10.65.201.100:443 ipa: DEBUG: Created connection context.xmlclient ipa: DEBUG: raw: hostgroup_remove_member(u'hostgroup772150', all=False, raw=False, version=u'2.32', host=(u'host816.lab.eng.pnq.redhat.com',)) ipa: DEBUG: hostgroup_remove_member(u'hostgroup772150', all=False, raw=False, version=u'2.32', host=(u'host816.lab.eng.pnq.redhat.com',)) ipa: INFO: Forwarding 'hostgroup_remove_member' to server u'http://primenova.lab.eng.pnq.redhat.com/ipa/xml' ipa: DEBUG: NSSConnection init primenova.lab.eng.pnq.redhat.com ipa: DEBUG: connect_socket_family: host=primenova.lab.eng.pnq.redhat.com port=443 family=PR_AF_INET ipa: DEBUG: connecting: 10.65.201.100:443 ipa: DEBUG: handshake complete, peer = 10.65.201.100:443 ipa: DEBUG: Caught fault 4001 from server http://primenova.lab.eng.pnq.redhat.com/ipa/xml: hostgroup772150: host group not found ipa: DEBUG: Destroyed connection context.xmlclient ipa: ERROR: hostgroup772150: host group not found [root@primenova ~]# Script used to populate data: #!/bin/bash domain="lab.eng.pnq.redhat.com" ipa sudocmd-add "/bin/ls" ipa sudocmd-add "/bin/rm" ipa hostgroup-add hostgroup772150 --desc="hostgroup772150" for j in {1..253}; do for i in {1..253}; do echo Secret123 | kinit admin ipa dnsrecord-add $domain host$j$i --a-rec=1.1.$j.$i ipa user-add user$j$i --first=user$j$i --last=user$j$i ipa host-add host$j$i.$domain ipa hostgroup-add hostgrp$j$i --desc="hostgrp$j$i" ipa hostgroup-add-member hostgrp$j$i --hosts=host$j$i.$domain ipa hostgroup-add-member hostgroup772150 --hosts=host$j$i.$domain ipa hbacrule-add hbacrulehost$j$i ipa hbacrule-add-user hbacrulehost$j$i --users=user$j$i ipa hbacrule-add-service hbacrulehost$j$i --hbacsvcs=sshd ipa hbacrule-add-sourcehost hbacrulehost$j$i --hostgroups=hostgrp$j$i ipa hbacrule-add-host hbacrulehost$j$i --hostgroups=hostgrp$j$i ipa sudorule-add sudorulehost$j$i --desc="sudorulehost$j$i" ipa sudorule-add-user sudorulehost$j$i --users=user$j$i ipa sudorule-add-host sudorulehost$j$i --hosts=host$j$i.$domain ipa sudorule-add-host sudorulehost$j$i --hostgroups=hostgrp$j$i ipa sudorule-add-allow-command sudorulehost$j$i --sudocmds="/bin/ls" ipa sudorule-add-deny-command sudorulehost$j$i --sudocmds="/bin/rm" done done
attachment freeipa-mkosek-248-raise-proper-exception-when-ldap-limits-are-exceeded.patch
Patch freeipa-mkosek-248-raise-proper-exception-when-ldap-limits-are-exceeded.patch sent for review
The issue can be reproduced with the script that was posted to the Bug description.
Before the patch, NotFound error is returned:
ipa hostgroup-add-member hostgroup772150 --hosts=foo1.example.com ipa: ERROR: hostgroup772150: host group not found
When the patch is applied:
# ipa hostgroup-add-member hostgroup772150 --hosts=foo1.example.com ipa: ERROR: limits exceeded for this query
master: a663e83
ipa-2-2: 4a48efe
Metadata Update from @dpal: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/04
Login to comment on this ticket.