[jboss-jira] [JBoss JIRA] (SECURITY-819) LdapExt login module fetches to many attributes in RoleSearch

LdapExt login module fetches to many attributes in RoleSearch ------------------------------------------------------------- Key: SECURITY-819 URL: https://issues.jboss.org/browse/SECURITY-819 Project: PicketBox Issue Type: Bug Security Level: Public(Everyone can see) Components: JBossSX Affects Versions: PicketBox_4_0_21.Beta3 Reporter: Tom Fonteyne Assignee: Tom Fonteyne An LDAP server with (lets say) 1000 users in a group. When authentication, a query is done to retrieve the groups for the user. Most LDAP servers will limit the attributes send back based on authorization of the user, but can be configured to return *all* information. The cause is: / Query for roles matching the role filter SearchControls constraints = new SearchControls(); constraints.setSearchScope(searchScope); constraints.setTimeLimit(searchTimeLimit); rolesSearch(ctx, constraints, username, userDN, recursion, 0); this used to also have: constraints.setReturningAttributes(new String[0]); at some time this was taken out. It needs to go back in