[
https://issues.apache.org/jira/browse/OAK-3117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14629834#comment-14629834
]
Konrad Windszus commented on OAK-3117:
--------------------------------------
Actually this is already possible through the property
{{user.membershipNestingDepth=0}} on the DefaultSyncHandler.
> Support disabling group lookup in LDAP
> --------------------------------------
>
> Key: OAK-3117
> URL: https://issues.apache.org/jira/browse/OAK-3117
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: auth-ldap
> Affects Versions: 1.3.2
> Reporter: Konrad Windszus
>
> Currently the LdapIdentityProvider together with the DefaultSyncHandler will
> always perform a search to query the group memberships of a user. It would be
> good if one could disable that (e.g. by leaving the {{group.baseDN}} empty or
> by having a dedicated property for that).
> Reasoning:
> For some company LDAPs a search on the group memberships is just very
> expensive. Therefore very often the group membership is maintained somewhere
> else for 3rd party systems.
> Such an option was also available in CRX2 by using {{autocreate=createUser}}
> (http://docs.adobe.com/docs/en/crx/2-3/administering/ldap_authentication.html#Auto%20Creation)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
