[jboss-jira] [JBoss JIRA] (WFLY-6062) RolesSearch in AdvancedLdapLoginModule is doing a needless LDAP call for each individual role

Hynek Švábek (JIRA) issues at jboss.org
Mon Jan 25 10:47:01 EST 2016 

Hynek Švábek created WFLY-6062:
----------------------------------

             Summary: RolesSearch in AdvancedLdapLoginModule is doing a needless LDAP call for each individual role
                 Key: WFLY-6062
                 URL: https://issues.jboss.org/browse/WFLY-6062
             Project: WildFly
          Issue Type: Bug
          Components: Security
            Reporter: Hynek Švábek
            Assignee: Darran Lofthouse


There will be needless LDAP calls if we use AdvancedLdap login module.

If a user is a member of (lets say) 100 groups, then we can get an extra 100 calls to the LDAP server.
It can be performance problem.

Same problem was in LdapExt login module.
You can see this BZ https://bugzilla.redhat.com/show_bug.cgi?id=1223840

Example from Wireshark for 2 groups:
{code}
* searchRequest(3) "ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" wholeSubtree 
* searchResEntry(3) "CN=JBossAdmin,OU=Roles,OU=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test"  | searchResEntry(3) "CN=Slash/Char,OU=Roles,OU=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test"  | searchResDone(3) success  [2 results]
* searchRequest(4) "CN=JBossAdmin,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" baseObject 
* searchResEntry(4) "CN=JBossAdmin,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test"  | searchResDone(4) success  [1 result]
* searchRequest(5) "CN=Slash/Char,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" baseObject 
* searchResEntry(5) "CN=Slash/Char,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test"  | searchResDone(5) success  [1 result]
{code}|



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list