Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ldap] LDAP query fails to fetch user/group data with lots of results #40482

Closed
nicpenning opened this issue Aug 9, 2024 · 4 comments · Fixed by #40662
Closed

[ldap] LDAP query fails to fetch user/group data with lots of results #40482

nicpenning opened this issue Aug 9, 2024 · 4 comments · Fixed by #40662
Assignees
Labels
Team:Security-Service Integrations Security Service Integrations Team

Comments

@nicpenning
Copy link
Contributor

Using the 0.0.1 Entity Analytics Active Directory integration on 8.15.0, I have not been able to ingest user/group data.

In the event logs I see the following error log:

message : Error running full sync
log.origin.file.name : activedirectory/activedirectory.go
log.origin.function : github.com/elastic/beats/v7/x-pack/filebeat/input/entityanalytics/provider/activedirectory.(*adInput).Run
error.message : failed to get group details: LDAP Result Code 4 "Size Limit Exceeded": 
failed to get user details: LDAP Result Code 4 "Size Limit Exceeded": 

For confirmed bugs, please report:

  • Version: 8.15.0
  • Operating System: Windows Server 2019
  • Steps to Reproduce: Have an active directory environment where you have more than 15K+ users and 1k+ groups.
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Aug 9, 2024
@efd6 efd6 added Team:Security-Service Integrations Security Service Integrations Team and removed needs_team Indicates that the issue/PR needs a Team:* label labels Aug 12, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@nicpenning
Copy link
Contributor Author

With the paging, I still get an OOM error and it crashes with no results. I will post more details later. I tried paging at 256 and 1000 with the same behavior. Stay tuned.

@nicpenning
Copy link
Contributor Author

Still did not succeed when running on Windows.

However, using the paging in 0.2.0 on a Linux OS, I successfully pulled in data. Trouble now is it seems to be doing a full sync every 15 minutes. I suppose that is a different issue, though.

So currently Linux works (to a degree) but Windows does not. Doing some offline conversations, this may be due to how command prompt handles the results but I will that to @efd6 to convey.

@nicpenning
Copy link
Contributor Author

Excited to test this as it becomes available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Team:Security-Service Integrations Security Service Integrations Team
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants