[JAMES-1020] ReadOnlyUsersLDAPRepository should use search instead of list for finding users - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: Trunk
Fix Version/s: 3.0-M1
Component/s: UsersStore & UsersRepository
Labels:
- ldap

Description

The ReadOnlyUsersLDAPRepository uses the SimpleLDAPConnection to call list() on the configured baseDN. That method returns only nodes at the given base node, it does not search the sub scope. It also returns elements that are not really nodes like referrals. The result is a NullPointerException when connecting to ActiveDirectory instances and listing all users.

An attached patch suggests an additional configuration parameter for the userObjectClass and calls search() instead of list() with a SearchCriteria set to search the given base and the sub scope as an alternative implementation.

It seems that the SimpleLDAPConnection which is created once, can timout and cause all subsequent queries to fail with socket exceptions.

We should consider using spring-ldap to handle pooling and connection cleanup.

http://www.springsource.org/ldap

Attachments

JAMES-1020-1.txt
18/Jun/10 22:05
3 kB
Jeff Huff

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Norman Maurer

Reporter:: Jeff Huff

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 18/Jun/10 22:03

Updated:: 19/Jun/10 15:58

Resolved:: 19/Jun/10 15:58

Agile

View on Board

ReadOnlyUsersLDAPRepository should use search instead of list for finding users

Details

Description

Attachments

Attachments

Activity

People

Dates

Agile

Slack

Issue deployment