Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

ldap with 100k user Horizon dashboard not letting edit projects

I was able to get keystone to talk to my ldap and i able to log in to the dashboard with a admin AD user in ldap. That work find and great. BTW this on Havana

When I go to add a user to a project/tenant on the dashboard I get the pinwheel of death. After many minutes (15+ if not longer) a simple error pops up that it can not be done.

The problem is my ldap system has close to 110,000 users in the user sub OU. When I did a simple keystone user-list at the command line the output is of all my ldap users and I mean all 110,000 users.

What I see in the logs is when I try and click modify users is every user be validated and then check to see if there in a role then on and on and on and on. I am also thinking it cacheing the username to give me the list to add to a project.

I am use assignment field in keystone to track AD user assigned to a role or project and yes command line adding users is fast and works great. I need the dashboard to work for the Tire1 people that will run this system for me down the line. Giving them CLI access to a linux box is a little bit to extreme.

What really needs to happen is not list all users in LDAP but just those assignments already made in the SQL system. For adding new users that are in LDAP then just a simple search or if i know the users name place and check.

Looking for advice or setting that i over looked.

I did make all the changes in the dashboard config files that are stated on all the pages i found with google.