Details
-
Bug
-
Resolution: Done
-
Blocker
-
7.0.0.ER4
Description
There will be needless LDAP calls if we use AdvancedLdap login module.
If a user is a member of (lets say) 100 groups, then we can get an extra 100 calls to the LDAP server.
It can be performance problem.
Same problem was in LdapExt login module.
You can see this BZ https://bugzilla.redhat.com/show_bug.cgi?id=1223840
https://issues.jboss.org/browse/SECURITY-891
Example from Wireshark for 2 groups:
* searchRequest(3) "ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" wholeSubtree * searchResEntry(3) "CN=JBossAdmin,OU=Roles,OU=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" | searchResEntry(3) "CN=Slash/Char,OU=Roles,OU=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" | searchResDone(3) success [2 results] * searchRequest(4) "CN=JBossAdmin,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" baseObject * searchResEntry(4) "CN=JBossAdmin,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" | searchResDone(4) success [1 result] * searchRequest(5) "CN=Slash/Char,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" baseObject * searchResEntry(5) "CN=Slash/Char,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" | searchResDone(5) success [1 result]
|
Attachments
Issue Links
- clones
-
-
- Resolved
-
- duplicates
-
-
- Verified
-
- is cloned by
-
-
- Verified
-
- is incorporated by
-
JBEAP-5349 (7.1.0) Upgrade jboss-negotiation to 3.0.3
-
- Verified
-