You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Kevin Risden (JIRA)" <ji...@apache.org> on 2016/07/31 02:23:20 UTC

[jira] [Commented] (KNOX-644) Limit/page results of LDAP group membership search

    [ https://issues.apache.org/jira/browse/KNOX-644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15400917#comment-15400917 ] 

Kevin Risden commented on KNOX-644:
-----------------------------------

I also have a patch that implements paging, but that doesn't seem to help the issue of >100 groups with the embedded LDAP server. I haven't tested the paging against AD yet. For that patch with paging, it is going to require KNOX-508. For AD specifically, it would make sense to solve it with KNOX-461 and avoid the searching each group for the user.

> Limit/page results of LDAP group membership search 
> ---------------------------------------------------
>
>                 Key: KNOX-644
>                 URL: https://issues.apache.org/jira/browse/KNOX-644
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 0.6.0
>            Reporter: Kevin Minder
>            Priority: Critical
>             Fix For: Future
>
>         Attachments: KNOX-644.patch
>
>
> Some users are finding that they have >1000 groups that would be returned given how Knox currently implements group lookup. ActiveDirectory currently limits search results to 1000 items and this causes failures that require workarounds at the client side.  Ideally Knox's LDAP group search implementation would either limit/filter the results or page the result set that are unavoidably large.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)