[JAMES-1020] ReadOnlyUsersLDAPRepository should use search instead of list for finding users - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: Trunk
Fix Version/s: 3.0-M1
Component/s: UsersStore & UsersRepository
Labels:
- ldap

Description

The ReadOnlyUsersLDAPRepository uses the SimpleLDAPConnection to call list() on the configured baseDN. That method returns only nodes at the given base node, it does not search the sub scope. It also returns elements that are not really nodes like referrals. The result is a NullPointerException when connecting to ActiveDirectory instances and listing all users.

An attached patch suggests an additional configuration parameter for the userObjectClass and calls search() instead of list() with a SearchCriteria set to search the given base and the sub scope as an alternative implementation.

It seems that the SimpleLDAPConnection which is created once, can timout and cause all subsequent queries to fail with socket exceptions.

We should consider using spring-ldap to handle pooling and connection cleanup.

http://www.springsource.org/ldap

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

JAMES-1020-1.txt
18/Jun/10 22:05
3 kB
Jeff Huff

Activity

People

Assignee:: Norman Maurer

Reporter:: Jeff Huff

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 18/Jun/10 22:03

Updated:: 19/Jun/10 15:58

Resolved:: 19/Jun/10 15:58