Kevin Risden commented on KNOX-644:

I was able to test it with the embedded ApacheDS server. I had to change the 

Add server.setMaxSizeLimit(LdapServer.NO_SIZE_LIMIT); to 
SimpleLdapDirectoryServer constructor and connect with the admin user instead 
of sam/sam-password. 

Those two changes allowed the paging to work with the embedded ApacheDS server.

I would love to put up a comprehensive patch with tests, but won't get to it 
this week most likely.

> Limit/page results of LDAP group membership search 
> ---------------------------------------------------
>                 Key: KNOX-644
>                 URL: https://issues.apache.org/jira/browse/KNOX-644
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 0.6.0
>            Reporter: Kevin Minder
>            Priority: Critical
>             Fix For: 0.10.0
>         Attachments: KNOX-644-paging.patch, KNOX-644.patch, ad_setup.ps1, 
> create_groups_ldif.py, paging.patch
> Some users are finding that they have >1000 groups that would be returned 
> given how Knox currently implements group lookup. ActiveDirectory currently 
> limits search results to 1000 items and this causes failures that require 
> workarounds at the client side.  Ideally Knox's LDAP group search 
> implementation would either limit/filter the results or page the result set 
> that are unavoidably large.

This message was sent by Atlassian JIRA

Reply via email to