Konrad Windszus created OAK-3117:
------------------------------------
Summary: Support disabling group lookup in LDAP
Key: OAK-3117
URL: https://issues.apache.org/jira/browse/OAK-3117
Project: Jackrabbit Oak
Issue Type: Improvement
Components: auth-ldap
Affects Versions: 1.3.2
Reporter: Konrad Windszus
Currently the LdapIdentityProvider together with the DefaultSyncHandler will
always perform a search to query the group memberships of a user. It would be
good if one could disable that (e.g. by leaving the {{group.baseDN}} empty or
by having a dedicated property for that).
Reasoning:
For some company LDAPs a search on the group memberships is just very
expensive. Therefore very often the group membership is maintained somewhere
else for 3rd party systems.
Such an option was also available in CRX2 by using {{autocreate=createUser}}
(http://docs.adobe.com/docs/en/crx/2-3/administering/ldap_authentication.html#Auto%20Creation)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
