knox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin Risden (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KNOX-644) Limit/page results of LDAP group membership search
Date Mon, 19 Sep 2016 00:58:20 GMT

    [ https://issues.apache.org/jira/browse/KNOX-644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15501935#comment-15501935
] 

Kevin Risden commented on KNOX-644:
-----------------------------------

I was able to test it with the embedded ApacheDS server. I had to change the following:

Add server.setMaxSizeLimit(LdapServer.NO_SIZE_LIMIT); to SimpleLdapDirectoryServer constructor
and connect with the admin user instead of sam/sam-password. 

Those two changes allowed the paging to work with the embedded ApacheDS server.

I would love to put up a comprehensive patch with tests, but won't get to it this week most
likely.

> Limit/page results of LDAP group membership search 
> ---------------------------------------------------
>
>                 Key: KNOX-644
>                 URL: https://issues.apache.org/jira/browse/KNOX-644
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 0.6.0
>            Reporter: Kevin Minder
>            Priority: Critical
>             Fix For: 0.10.0
>
>         Attachments: KNOX-644-paging.patch, KNOX-644.patch, ad_setup.ps1, create_groups_ldif.py,
paging.patch
>
>
> Some users are finding that they have >1000 groups that would be returned given how
Knox currently implements group lookup. ActiveDirectory currently limits search results to
1000 items and this causes failures that require workarounds at the client side.  Ideally
Knox's LDAP group search implementation would either limit/filter the results or page the
result set that are unavoidably large.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message