[
https://issues.apache.org/jira/browse/KNOX-644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15415487#comment-15415487
]
Larry McCay commented on KNOX-644:
----------------------------------
[~risdenk] - I've created a KIP for trying to rationalize what we need to do
for LDAP improvements in the 0.10.0 release. See:
https://cwiki.apache.org/confluence/display/KNOX/KIP-1+LDAP+Improvements
One thing that I am wondering is whether the integration of the Hadoop Groups
Mapping facility into Knox would satisfy much of the performance and limits
pain that we are experiencing. Can you tell me whether you have similar issues
with group lookup inside of Hadoop and which groups mapping implementation you
generally use?
> Limit/page results of LDAP group membership search
> ---------------------------------------------------
>
> Key: KNOX-644
> URL: https://issues.apache.org/jira/browse/KNOX-644
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.6.0
> Reporter: Kevin Minder
> Priority: Critical
> Fix For: 0.10.0
>
> Attachments: KNOX-644-paging.patch, KNOX-644.patch, ad_setup.ps1,
> create_groups_ldif.py, paging.patch
>
>
> Some users are finding that they have >1000 groups that would be returned
> given how Knox currently implements group lookup. ActiveDirectory currently
> limits search results to 1000 items and this causes failures that require
> workarounds at the client side. Ideally Knox's LDAP group search
> implementation would either limit/filter the results or page the result set
> that are unavoidably large.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
