Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-13071

Unfiltered LDAP user search will retrieve all users from an LDAP server, which can result in an OOM

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.3.1
    • Fix Version/s: 3.4.0
    • Component/s: LDAP, UI
    • Labels:
    • Story Points:
      2
    • Release Note:
      Yes
    • Sprint:
      Core Team - Sprint 95

      Description

      Reproduce steps:

      1. Go to "security/users" in the UI
      2. Change the "source" to LDAP
      3. Hit enter in the "filter by user ID" box without inputting any data

       

      Observe that all user ID's from the LDAP server are retrieved, and for each one the full user record is retrieved.    This will result in a UI timeout if the LDAP server has a large number of users, or possibly even an OOM.  

       

      Expected:  The UI should limit the number of users retrieved in some way.   This could be a paged result set.  Or it could be as simple as only retrieving at most some arbitrary number o users, such as 1000.

       

       

       

        Attachments

          Issue Links

          relates

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-21389 REST /security/users resource is documented to return max 100 users but can return more

          • Major - Major loss of function.
          • New

            Activity

              People

              Assignee:
              ecobb Eric Cobb
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Peter Lynch Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title