[jboss-jira] [JBoss JIRA] (WFLY-6780) could not spécify version 3 for ldap connection

cyril leclerc (JIRA) issues at jboss.org
Wed Jun 29 06:19:00 EDT 2016 

    [ https://issues.jboss.org/browse/WFLY-6780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13258423#comment-13258423 ] 

cyril leclerc commented on WFLY-6780:
-------------------------------------

HI,

in fact to be me clear, the problem is this exception : 

 "LDAP: error code 4 - Sizelimit Exceeded" 

because MaxPageSize is setted in AD to 500 and sometimes we have more than 1000 groups, furthermore in the org.jboss.security there is i think 2 ways to configure it (tested the first not second) :

private static final String MAX_PAGE_SIZE = "maxPageSize";

in LdapExtModule.java (i recreate it and override it) : i add thos lines :

String maxPSize = (String) options.get(MAX_PAGE_SIZE);
         if (maxPSize != null)
         {
            try
            {
               maxPageSize = Integer.parseInt(maxPSize);
            }
            catch (NumberFormatException e)
            {
   PicketBoxLogger.LOGGER.debugFailureToParseNumberProperty(MAX_PAGE_SIZE, this.maxPageSize);
            }
         }
         
         
         //set a maxPagesize
         ctx.setRequestControls(new Control[]{
                 new PagedResultsControl(maxPageSize, Control.CRITICAL) });

and in logging module you can add this configuration :

 <module-option name="maxPageSize" value="1000"/>

i think it should be available directly in JBOSS classes

Second solution, in same class :

         // Query for roles matching the role filter
         SearchControls constraints = new SearchControls();
         constraints.setSearchScope(searchScope);
         constraints.setTimeLimit(searchTimeLimit);

add this line (but i am not sure if it is working)         
constraints.setCountLimit(3500);

i make a workaround with the first solution but a had to redeclare SecuritYActions.java and Decode.java because protected classes

regards

> could not spécify version 3 for ldap connection
> -----------------------------------------------
>
>                 Key: WFLY-6780
>                 URL: https://issues.jboss.org/browse/WFLY-6780
>             Project: WildFly
>          Issue Type: Feature Request
>          Components: Security
>            Reporter: cyril leclerc
>            Assignee: Darran Lofthouse
>
> HI,
> in case of using LDAPExtLoginModule and ldap realm if in active directory there is more than 1000 groups it returns an error :
> Caused by: javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'CN=Users,DC=realad,DC=ad'
> i can't change in AD the MAXPAGESIZE parameter and i can't specify the module to use version 3 of ldap how i can do ?
> it is a big issue for me -)



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list