You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by tr...@apache.org on 2015/07/08 08:26:46 UTC
svn commit: r1689798 -
/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
Author: tripod
Date: Wed Jul 8 06:26:46 2015
New Revision: 1689798
URL: http://svn.apache.org/r1689798
Log:
OAK-2874 [ldap] enable listUsers to work for more than 1000 external users
Modified:
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1689798&r1=1689797&r2=1689798&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Wed Jul 8 06:26:46 2015
@@ -33,6 +33,7 @@ import javax.net.ssl.SSLContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.pool.impl.GenericObjectPool;
+import org.apache.directory.api.ldap.codec.controls.search.pagedSearch.PagedResultsDecorator;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.cursor.CursorException;
import org.apache.directory.api.ldap.model.cursor.SearchCursor;
@@ -43,10 +44,13 @@ import org.apache.directory.api.ldap.mod
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.message.Response;
+import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.message.SearchRequest;
import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
+import org.apache.directory.api.ldap.model.message.SearchResultDone;
import org.apache.directory.api.ldap.model.message.SearchResultEntry;
import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.api.ldap.model.message.controls.PagedResults;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.name.Rdn;
import org.apache.directory.ldap.client.api.AbstractPoolableLdapConnectionFactory;
@@ -630,36 +634,62 @@ public class LdapIdentityProvider implem
? "(&" + filter + ')'
: filter.toString();
- // Create the SearchRequest object
- SearchRequest req = new SearchRequestImpl();
- req.setScope(SearchScope.SUBTREE);
- req.addAttributes(SchemaConstants.ALL_USER_ATTRIBUTES);
- req.setTimeLimit((int) config.getSearchTimeout());
- req.setBase(new Dn(idConfig.getBaseDN()));
- req.setFilter(searchFilter);
+ // do paged searches (OAK-2874)
+ int pageSize = 1000;
+ byte[] cookie = null;
- // Process the request
List<Entry> result = new LinkedList<Entry>();
- SearchCursor searchCursor = null;
- try {
- searchCursor = connection.search(req);
- while (searchCursor.next()) {
- Response response = searchCursor.get();
+ do {
- // process the SearchResultEntry
- if (response instanceof SearchResultEntry) {
- Entry resultEntry = ((SearchResultEntry) response).getEntry();
- result.add(resultEntry);
- if (log.isDebugEnabled()) {
- log.debug("search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn());
+ // Create the SearchRequest object
+ SearchRequest req = new SearchRequestImpl();
+ req.setScope(SearchScope.SUBTREE);
+ req.addAttributes(SchemaConstants.ALL_USER_ATTRIBUTES);
+ req.setTimeLimit((int) config.getSearchTimeout());
+ req.setBase(new Dn(idConfig.getBaseDN()));
+ req.setFilter(searchFilter);
+
+ PagedResults pagedSearchControl = new PagedResultsDecorator(connection.getCodecService());
+ pagedSearchControl.setSize(pageSize);
+ pagedSearchControl.setCookie(cookie);
+ req.addControl(pagedSearchControl);
+
+ // Process the request
+ SearchCursor searchCursor = null;
+ try {
+ searchCursor = connection.search(req);
+ while (searchCursor.next()) {
+ Response response = searchCursor.get();
+
+ // process the SearchResultEntry
+ if (response instanceof SearchResultEntry) {
+ Entry resultEntry = ((SearchResultEntry) response).getEntry();
+ result.add(resultEntry);
+ if (log.isDebugEnabled()) {
+ log.debug("search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn());
+ }
}
}
+
+ SearchResultDone done = searchCursor.getSearchResultDone();
+ cookie = null;
+ if (done.getLdapResult().getResultCode() == ResultCodeEnum.UNWILLING_TO_PERFORM) {
+ break;
+ }
+
+ PagedResults ctrl = (PagedResults) done.getControl(PagedResults.OID);
+ if (ctrl != null) {
+ cookie = ctrl.getCookie();
+ }
+
+ } finally {
+ if (searchCursor != null) {
+ searchCursor.close();
+ }
}
- } finally {
- if (searchCursor != null) {
- searchCursor.close();
- }
- }
+
+ } while (cookie != null);
+
if (log.isDebugEnabled()) {
log.debug("search below {} with {} found {} entries.", idConfig.getBaseDN(), searchFilter, result.size());
}