Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-10565

LDAP group membership query can fail due to query size limits

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.1
    • Fix Version/s: 3.6.0
    • Component/s: LDAP
    • Labels:
    • Story Points:
      2
    • Sprint:
      Core Team - Sprint 100, Core Sprint 101, Core Sprint 102, Core Sprint 103

      Description

      When we check for a user's LDAP group membership during authorization the query issued retrieves all groups a user is a member of:

      (&(objectClass=group)(&(cn=*)(member=uid=someuser,ou=users,dc=somecorp,dc=com)))
      

      This query (like any LDAP query that retrieves a set) can fail to retreive all results due to query result size limits in the LDAP server. When this happens there is no workaround, the user's group mapping will not work if the group is not in the returned set.

      We should either use a more targeted query, or we should be using a paged result set to retreive all results, rather than trying to get them all in one shot.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              KWright Kristofer Wright [X] (Inactive)
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title