You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2016/09/17 13:36:20 UTC
[jira] [Commented] (KNOX-644) Limit/page results of LDAP group
membership search
[ https://issues.apache.org/jira/browse/KNOX-644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15499032#comment-15499032 ]
Larry McCay commented on KNOX-644:
----------------------------------
Hi [~risdenk] - I have been reviewing your patches and trying to test them and am unsure whether you actually think we can even manually test with the demo LDAP server. You point above to some ApacheDS code that indicates that paging is possible under some constraints.
Would you have happened to actually test it?
I would really like to get paging in while we work on more efficient searches but need to know how to actually test it - hopefully without having to stand up an AD instance to do so.
> Limit/page results of LDAP group membership search
> ---------------------------------------------------
>
> Key: KNOX-644
> URL: https://issues.apache.org/jira/browse/KNOX-644
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.6.0
> Reporter: Kevin Minder
> Priority: Critical
> Fix For: 0.10.0
>
> Attachments: KNOX-644-paging.patch, KNOX-644.patch, ad_setup.ps1, create_groups_ldif.py, paging.patch
>
>
> Some users are finding that they have >1000 groups that would be returned given how Knox currently implements group lookup. ActiveDirectory currently limits search results to 1000 items and this causes failures that require workarounds at the client side. Ideally Knox's LDAP group search implementation would either limit/filter the results or page the result set that are unavoidably large.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)