knox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <>
Subject [jira] [Commented] (KNOX-644) Limit/page results of LDAP group membership search
Date Sat, 17 Sep 2016 13:36:20 GMT


Larry McCay commented on KNOX-644:

Hi [~risdenk] - I have been reviewing your patches and trying to test them and am unsure whether
you actually think we can even manually test with the demo LDAP server. You point above to
some ApacheDS code that indicates that paging is possible under some constraints.

Would you have happened to actually test it?

I would really like to get paging in while we work on more efficient searches but need to
know how to actually test it - hopefully without having to stand up an AD instance to do so.

> Limit/page results of LDAP group membership search 
> ---------------------------------------------------
>                 Key: KNOX-644
>                 URL:
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 0.6.0
>            Reporter: Kevin Minder
>            Priority: Critical
>             Fix For: 0.10.0
>         Attachments: KNOX-644-paging.patch, KNOX-644.patch, ad_setup.ps1,,
> Some users are finding that they have >1000 groups that would be returned given how
Knox currently implements group lookup. ActiveDirectory currently limits search results to
1000 items and this causes failures that require workarounds at the client side.  Ideally
Knox's LDAP group search implementation would either limit/filter the results or page the
result set that are unavoidably large.

This message was sent by Atlassian JIRA

View raw message