Please pardon any lack of knowledge, I am a young sysadmin still learning PVE.
I am in an environment where we have ~40,000 users in Active Directory. This proves to be an issue when syncing through BIND, and I'm assuming LDAP would result in the same issue since it's a restriction that Proxmox has in place on config file sizes. The 1MiB limit placed on individual config file sizes allows for (I believe) less than 10,000 users in the user.cfg file.
Trying to change this value manually has been tedious and in order for us to move forward with Proxmox in our environment, we need a clean solution to this problem. We wouldn't need more than 100 users authenticating into the nodes, but we have a vast infrastructure that is tied in with our current AD environment, and the creation and management of a separate Active Directory instance would just add more complexity to this environment.
From what I understand, this restriction is in place to prevent excessive memory usage and allow for easier synchronization between hosts. I believe we have the resources to allow synchronization of slightly larger config files between hosts. Of course, not everyone would have these capabilities so it would be unreasonable to expect a change to be made that prevents others from being able to use Proxmox on their hardware. However, if there were some way to make this setting easier to change for an individual user, then this problem would be much less of a hassle.
Below is the error and references to others having this issue:
https://forum.proxmox.com/threads/memdb_max_file_size-on-pmxcfs-is-too-small-1-mib.136392/
https://forum.proxmox.com/threads/proxmox-ldap-sync-hard-limit-on-number-of-users.91320/
Sublinks from the above thread:
https://bugzilla.proxmox.com/show_bug.cgi?id=3492
https://git.proxmox.com/?p=pve-cluster.git;a=commit;h=a8df0863b5851dacb4f76ae6364ac1a02fbd56db
I am in an environment where we have ~40,000 users in Active Directory. This proves to be an issue when syncing through BIND, and I'm assuming LDAP would result in the same issue since it's a restriction that Proxmox has in place on config file sizes. The 1MiB limit placed on individual config file sizes allows for (I believe) less than 10,000 users in the user.cfg file.
Trying to change this value manually has been tedious and in order for us to move forward with Proxmox in our environment, we need a clean solution to this problem. We wouldn't need more than 100 users authenticating into the nodes, but we have a vast infrastructure that is tied in with our current AD environment, and the creation and management of a separate Active Directory instance would just add more complexity to this environment.
From what I understand, this restriction is in place to prevent excessive memory usage and allow for easier synchronization between hosts. I believe we have the resources to allow synchronization of slightly larger config files between hosts. Of course, not everyone would have these capabilities so it would be unreasonable to expect a change to be made that prevents others from being able to use Proxmox on their hardware. However, if there were some way to make this setting easier to change for an individual user, then this problem would be much less of a hassle.
Below is the error and references to others having this issue:
Code:
Warning: unable to close filehandle GEN17 properly: File too large at /usr/share/perl5/PVE/Tools.pm line 254.
TASK ERROR: syncing users and groups failed: unable to write '/etc/pve/user.cfg.tmp.1630' - File too largehttps://forum.proxmox.com/threads/memdb_max_file_size-on-pmxcfs-is-too-small-1-mib.136392/
https://forum.proxmox.com/threads/proxmox-ldap-sync-hard-limit-on-number-of-users.91320/
Sublinks from the above thread:
https://bugzilla.proxmox.com/show_bug.cgi?id=3492
https://git.proxmox.com/?p=pve-cluster.git;a=commit;h=a8df0863b5851dacb4f76ae6364ac1a02fbd56db
