[
https://issues.apache.org/jira/browse/KNOX-644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15400917#comment-15400917
]
Kevin Risden commented on KNOX-644:
-----------------------------------
I also have a patch that implements paging, but that doesn't seem to help the
issue of >100 groups with the embedded LDAP server. I haven't tested the paging
against AD yet. For that patch with paging, it is going to require KNOX-508.
For AD specifically, it would make sense to solve it with KNOX-461 and avoid
the searching each group for the user.
> Limit/page results of LDAP group membership search
> ---------------------------------------------------
>
> Key: KNOX-644
> URL: https://issues.apache.org/jira/browse/KNOX-644
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.6.0
> Reporter: Kevin Minder
> Priority: Critical
> Fix For: Future
>
> Attachments: KNOX-644.patch
>
>
> Some users are finding that they have >1000 groups that would be returned
> given how Knox currently implements group lookup. ActiveDirectory currently
> limits search results to 1000 items and this causes failures that require
> workarounds at the client side. Ideally Knox's LDAP group search
> implementation would either limit/filter the results or page the result set
> that are unavoidably large.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
