Project

General

Profile

Bug #329

groups ACLs do not work against LDAP

Added by Matt Jones almost 18 years ago. Updated over 17 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
metacat
Target version:
Start date:
11/26/2001
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
329

Description

The use of a "group" principal does not work when the AuthLdap adapter is
working. This was traced to problems in the get Groups() and getUsers() methods
of AuthLdap.

History

#1 Updated by Matt Jones almost 18 years ago

Fixed these problems by fixing the ldapbase parameter to accomodate the new UID
styles and by changing the search algorithm against LDAP.

Also fixed exceptions encountered when the LDAP server's default sizelimit for
searches is encountered. Now, when a SizeLimitExceeded exception is thrown we
catch it and return just that subset of the results. Technically this is wrong.

To fix it, we need to have support for 'paged returns'. OpenLDAP currently does
not support this control, but it is being implemented. The feature is not
particulary critical because the getUsers and getPrincipals() methods that will
generate this error are rarely called, and because we can work around it by
increasing the sizelimit parameter on the ldap servers.

All essential problems in this bug are addressed. Paged Query returns would be
a nice enhancement.

#2 Updated by Matt Jones almost 18 years ago

Finished. Groups now work properly.

#3 Updated by Redmine Admin over 6 years ago

Original Bugzilla ID was 329

Also available in: Atom PDF