[JBoss JIRA] (SECURITY-934) RolesSearch in AdvancedLdapLoginModule is doing a needless LDAP call for each individual role

Friday, 29 July 2016

     [
https://issues.jboss.org/browse/SECURITY-934?page=com.atlassian.jira.plug...
]

Darran Lofthouse updated SECURITY-934:
--------------------------------------
    Fix Version/s: Negotiation_3_0_3_CR1

...
 RolesSearch in AdvancedLdapLoginModule is doing a needless LDAP call
for each individual role

---------------------------------------------------------------------------------------------

                 Key: SECURITY-934
                 URL: https://issues.jboss.org/browse/SECURITY-934
             Project: PicketBox 
          Issue Type: Bug
          Components: Negotiation
            Reporter: Hynek Švábek
            Assignee: Romain Pelisse
             Fix For: Negotiation_3_0_3_CR1

 There will be needless LDAP calls if we use AdvancedLdap login module.
 If a user is a member of (lets say) 100 groups, then we can get an extra 100 calls to the
LDAP server.
 It can be performance problem.
 Same problem was in LdapExt login module.
 You can see this BZ https://bugzilla.redhat.com/show_bug.cgi?id=1223840
 https://issues.jboss.org/browse/SECURITY-891
 Example from Wireshark for 2 groups:
 {code}
 * searchRequest(3)
"ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test"
wholeSubtree 
 * searchResEntry(3)
"CN=JBossAdmin,OU=Roles,OU=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test"
 | searchResEntry(3)
"CN=Slash/Char,OU=Roles,OU=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test"
 | searchResDone(3) success  [2 results]
 * searchRequest(4)
"CN=JBossAdmin,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test"
baseObject 
 * searchResEntry(4)
"CN=JBossAdmin,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test"
 | searchResDone(4) success  [1 result]
 * searchRequest(5)
"CN=Slash/Char,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test"
baseObject 
 * searchResEntry(5)
"CN=Slash/Char,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test"
 | searchResDone(5) success  [1 result]
 {code}| 

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006