Uploaded image for project: 'jBPM'
  1. jBPM
  2. JBPM-4367

LDAPUserGroupCallbackImpl and LDAPUserInfoImpl do not support SUB_TREE search scope

XMLWordPrintable

    • Hide

      1. prepare ldap tree like this:

      sample ldap tree
       - com
  - sample
    - Business Unit 1 
      - Subunit 1.1 
        - user 1
        - user 2
    - Business Unit 2
      - Subunit 2.1
        - user 3

      2. find users

      Actual results:
      LDAPUserInfoImpl can find either "user 1 and 2" or "user 3"

      Expected results:
      LDAPUserInfoImpl can find all of users.

      Show
      1. prepare ldap tree like this: sample ldap tree - com - sample - Business Unit 1 - Subunit 1.1 - user 1 - user 2 - Business Unit 2 - Subunit 2.1 - user 3 2. find users Actual results: LDAPUserInfoImpl can find either "user 1 and 2" or "user 3" Expected results: LDAPUserInfoImpl can find all of users.

      If ldap(AD)'s structure is like this:

      samle ldap tree
      - com
  - sample
    - Business Unit 1 
      - Subunit 1.1 
        - user 1
        - user 2
    - Business Unit 2
      - Subunit 2.1
        - user 3

      we can not find all of users in this structure by Using appropriate base DN, "com.sample", because default search scope used by LDAPUserGroupCallbackImpl is "one"[1]. Therefore, setting base DN to the root DN does not work.

      Although we can use a custom LDAPUserGroupCallbackImpl, this is a common use case for ldap search, so I report it as bug.

      [1] Default is search one level
      http://docs.oracle.com/javase/7/docs/api/javax/naming/directory/SearchControls.html#SearchControls()

              swiderski.maciej Maciej Swiderski (Inactive)
              rhn-support-hfuruich Hisao Furuichi
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: