- Go to "security/users" in the UI
- Change the "source" to LDAP
- Hit enter in the "filter by user ID" box without inputting any data
Observe that all user ID's from the LDAP server are retrieved, and for each one the full user record is retrieved. This will result in a UI timeout if the LDAP server has a large number of users, or possibly even an OOM.
Expected: The UI should limit the number of users retrieved in some way. This could be a paged result set. Or it could be as simple as only retrieving at most some arbitrary number o users, such as 1000.