LDAP login failing with value exceeds 524288 byte limit


When i try to login with LDAP. we are suddenly seeing these exceptions. Not all users are affected.

data-displayname=“log_message”>2020-06-23T10:18:03.826Z [ERROR] core: failed to register token lease during login request: request_path=auth/ldap/login/john error=“failed to persist lease entry: put failed due to value being too large: Unexpected response code: 413 (Value exceeds 524288 byte limit)”

what exactly the issue.


What version of Consul + Vault are you on?
You’re hitting the 512kb limit of a KV entry for Consul.

How many groups are the ldap users a part of that are having problems? It could be the metadata for a user is too large, but that is crazy to think it’d be 512kb of ldap data… Or, you have something else going on with leases not expiring. How long is the lease for your LDAP auth endpoint?

Googling that error will give you a few places to look, ie running tidy and cleaning up leases if thats the case… But also you can look into Consul to see which areas might be amiss https://learn.hashicorp.com/vault/monitoring/inspecting-data-consul

we are using default lease setting from the vault. we have nt tuned the ldap.
After deleting the lease and recreate the user in auth/ldap it worked.