groups ACLs do not work against LDAP
The use of a "group" principal does not work when the AuthLdap adapter is
working. This was traced to problems in the get Groups() and getUsers() methods
#1 Updated by Matt Jones almost 18 years ago
Fixed these problems by fixing the ldapbase parameter to accomodate the new UID
styles and by changing the search algorithm against LDAP.
Also fixed exceptions encountered when the LDAP server's default sizelimit for
searches is encountered. Now, when a SizeLimitExceeded exception is thrown we
catch it and return just that subset of the results. Technically this is wrong.
To fix it, we need to have support for 'paged returns'. OpenLDAP currently does
not support this control, but it is being implemented. The feature is not
particulary critical because the getUsers and getPrincipals() methods that will
generate this error are rarely called, and because we can work around it by
increasing the sizelimit parameter on the ldap servers.
All essential problems in this bug are addressed. Paged Query returns would be
a nice enhancement.