Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-18520

Improve LDAP paging support usage when server doesn't support it

    Details

    • Type: Improvement
    • Status: In Progress
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 6.7.0, 6.8.0, 6.7.1, 6.7.2, 6.8.1, 6.8.2
    • Fix Version/s: None
    • Component/s: Configuration, LDAP
    • Internal Fix Version:
    • Regression:
      Yes
    • Estimated Resolution Quarter:
      Q1-20
    • Support Tickets:
      Show
      BNP Paribas - CIB IT & Operations - Support Case , PSA Peugeot Citro?n - Support Case , University of Minnesota - Support Case , State Street Global Advisors - Support Case , IBM Corporation - Support Case , Jet Propulsion Laboratory - Support Case , General Motors - Support Case , Saab AB - Support Case
    • Product Backlog:
    • Product Comments:
      5-Jun-2019: The ETA is Q1-20.
    • R&D Comments:
      Hide
      6-May-2019: After a discussion with GIdi about that issue, it was decided that we will move this flag to the UI.
      On save when the pagination is enabled a warning will be displayed telling the user to verify that pagination is supported on the LDAP server.
      When pagination is enabled but Artifactory is failing on the pagination request to the LDAP server, Artifactory will fallback to the non-paginated request. This decision will be cached for 10 minutes.
       Make sure it is logged with the needed warning.
      Show
      6-May-2019: After a discussion with GIdi about that issue, it was decided that we will move this flag to the UI. On save when the pagination is enabled a warning will be displayed telling the user to verify that pagination is supported on the LDAP server. When pagination is enabled but Artifactory is failing on the pagination request to the LDAP server, Artifactory will fallback to the non-paginated request. This decision will be cached for 10 minutes.  Make sure it is logged with the needed warning.

      Description

      Upgrading to Artifactory 6.7.3 (from 6.4.x), LDAP groups integration fails with:

      [ERROR] (o.a.a.l.p.LdapGroupProviderImpl:178) - An error occurred while retrieving LDAP groups with strategy STATIC, {}
      org.springframework.ldap.OperationNotSupportedException: [LDAP: error code 12 - Unavailable Critical Extension]; nested exception is javax.naming.OperationNotSupportedException: [LDAP: error code 12 - Unavailable Critical Extension]; remaining name 'ou=somegroups,o=company'
          at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:201)
          ...
      Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 12 - Unavailable Critical Extension]
          at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3214)
          ...
          at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
          at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:252)
          at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:292)
      

      The root cause seems that LDAP server doesn't support PagedResultControl (detail : -spring-ldap#484).

      This problem is a regression since 6.6.5 (tested, ok), introduced by RTFACT-14945 (Allow searching for more than 1000 LDAP Groups).

      I understand the previous feature, but a functional LDAP groups integration is more important than nothing when search having more than 1000 groups .

      Perhaps a checkbox feature "Use LDAP page result" with tooltip/description "Required for search with more than 1000 groups. Requires that LDAP server supports PagedResultControl feature" could be a solution (Updating LDAP server in company could be not easy).
      If yes this option should be implemented in YAML Configuration File support.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                igoru igoru
                Reporter:
                axel3rd Alix Lourme
              • Votes:
                5 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - 3 days
                  3d
                  Remaining:
                  Remaining Estimate - 3 days
                  3d
                  Logged:
                  Time Spent - Not Specified
                  Not Specified