Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-18520

Improve LDAP paging support usage when server doesn't support it


    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 6.7.0, 6.8.0, 6.7.1, 6.7.2, 6.8.1, 6.8.2
    • Fix Version/s: None
    • Component/s: Configuration, LDAP
    • Regression:


      Upgrading to Artifactory 6.7.3 (from 6.4.x), LDAP groups integration fails with:

      [ERROR] (o.a.a.l.p.LdapGroupProviderImpl:178) - An error occurred while retrieving LDAP groups with strategy STATIC, {}
      org.springframework.ldap.OperationNotSupportedException: [LDAP: error code 12 - Unavailable Critical Extension]; nested exception is javax.naming.OperationNotSupportedException: [LDAP: error code 12 - Unavailable Critical Extension]; remaining name 'ou=somegroups,o=company'
          at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:201)
      Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 12 - Unavailable Critical Extension]
          at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3214)
          at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
          at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:252)
          at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:292)

      The root cause seems that LDAP server doesn't support PagedResultControl (detail : -spring-ldap#484).

      This problem is a regression since 6.6.5 (tested, ok), introduced by RTFACT-14945 (Allow searching for more than 1000 LDAP Groups).

      I understand the previous feature, but a functional LDAP groups integration is more important than nothing when search having more than 1000 groups .

      Perhaps a checkbox feature "Use LDAP page result" with tooltip/description "Required for search with more than 1000 groups. Requires that LDAP server supports PagedResultControl feature" could be a solution (Updating LDAP server in company could be not easy).
      If yes this option should be implemented in YAML Configuration File support.



          Issue Links



              • Assignee:
                axel3rd Alix Lourme
              • Votes:
                4 Vote for this issue
                8 Start watching this issue


                • Created: