(LDAP) respect DB limits of arguments in an IN statement

[blizzz]

Try to get a big list of users or groups from LDAP (you need to have them), for instance via php occ ldap:search --limit=3500 ''. The actual number of users depends on the database in use. When it is too many, you may run into SQLSTATE[HY000]: General error: 7 number of parameters must be between 0 and 65535 (Postgres) or ORA-01795: maximum number of expressions in a list is 1000 (Oracle). Both MySQL/MariaDB and Sqlite do not have a specific limit of arguments, but of total bytes per statement. With 1000 entries (currently limited to 255bytes each) default values are not being exceeded.

Background: when fetching users or groups from LDAP we collect the DN and fetch information from the database. In order to avoid a single read operation per entry, we collect them. Normally we do not need to deal with this huge numbers. Although, depending on the perspective, 1000 is already low. This is relevant when all users or groups are being fetched, which might happen. The prominent case for groups is the users page, as they are not paginated.

[blizzz]

/backport to stable20

[blizzz]

/backport to stable19

[MorrisJobke]

Makes sense 👍

[rullzer]

sure

[nickvergessen]

I guess we could make the querybuilder always log a fatal when running with more than 1k ?

[MorrisJobke]

I guess we could make the querybuilder always log a fatal when running with more than 1k ?

Yep 👍

[blizzz]

I guess we could make the querybuilder always log a fatal when running with more than 1k ?

I had this thought briefly, although more in the direction that it would split it up itself. But didn't want to mess with the query and provoke odd behaviour. Logging a fatal makes sense.