[jboss-jira] [JBoss JIRA] (WFLY-6780) could not spécify version 3 for ldap connection
cyril leclerc (JIRA)
issues at jboss.org
Wed Jun 29 06:20:01 EDT 2016
[ https://issues.jboss.org/browse/WFLY-6780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13258423#comment-13258423 ]
cyril leclerc edited comment on WFLY-6780 at 6/29/16 6:19 AM:
--------------------------------------------------------------
HI,
in fact to be more clear, the problem is this exception :
"LDAP: error code 4 - Sizelimit Exceeded"
because MaxPageSize is setted in AD to 500 and sometimes we have more than 1000 groups, furthermore in the org.jboss.security there is i think 2 ways to configure it (tested the first not second) :
in LdapExtModule.java (i recreate it and override it) : i add thos lines :
first the variable :
private static final String MAX_PAGE_SIZE = "maxPageSize";
then the code :
/**
* if there is more than 1000 groups in AD
*/
protected int maxPageSize = 500;
String maxPSize = (String) options.get(MAX_PAGE_SIZE);
if (maxPSize != null)
{
try
{
maxPageSize = Integer.parseInt(maxPSize);
}
catch (NumberFormatException e)
{
PicketBoxLogger.LOGGER.debugFailureToParseNumberProperty(MAX_PAGE_SIZE, this.maxPageSize);
}
}
//set a maxPagesize
ctx.setRequestControls(new Control[]{
new PagedResultsControl(maxPageSize, Control.CRITICAL) });
and in logging module you can add this configuration :
<module-option name="maxPageSize" value="1000"/>
i think it should be available directly in JBOSS classes
Second solution, in same class :
// Query for roles matching the role filter
SearchControls constraints = new SearchControls();
constraints.setSearchScope(searchScope);
constraints.setTimeLimit(searchTimeLimit);
add this line (but i am not sure if it is working)
constraints.setCountLimit(3500);
i make a workaround with the first solution but a had to redeclare SecuritYActions.java and Decode.java because protected classes
regards
was (Author: fdlprod):
HI,
in fact to be more clear, the problem is this exception :
"LDAP: error code 4 - Sizelimit Exceeded"
because MaxPageSize is setted in AD to 500 and sometimes we have more than 1000 groups, furthermore in the org.jboss.security there is i think 2 ways to configure it (tested the first not second) :
private static final String MAX_PAGE_SIZE = "maxPageSize";
in LdapExtModule.java (i recreate it and override it) : i add thos lines :
String maxPSize = (String) options.get(MAX_PAGE_SIZE);
if (maxPSize != null)
{
try
{
maxPageSize = Integer.parseInt(maxPSize);
}
catch (NumberFormatException e)
{
PicketBoxLogger.LOGGER.debugFailureToParseNumberProperty(MAX_PAGE_SIZE, this.maxPageSize);
}
}
//set a maxPagesize
ctx.setRequestControls(new Control[]{
new PagedResultsControl(maxPageSize, Control.CRITICAL) });
and in logging module you can add this configuration :
<module-option name="maxPageSize" value="1000"/>
i think it should be available directly in JBOSS classes
Second solution, in same class :
// Query for roles matching the role filter
SearchControls constraints = new SearchControls();
constraints.setSearchScope(searchScope);
constraints.setTimeLimit(searchTimeLimit);
add this line (but i am not sure if it is working)
constraints.setCountLimit(3500);
i make a workaround with the first solution but a had to redeclare SecuritYActions.java and Decode.java because protected classes
regards
> could not spécify version 3 for ldap connection
> -----------------------------------------------
>
> Key: WFLY-6780
> URL: https://issues.jboss.org/browse/WFLY-6780
> Project: WildFly
> Issue Type: Feature Request
> Components: Security
> Reporter: cyril leclerc
> Assignee: Darran Lofthouse
>
> HI,
> in case of using LDAPExtLoginModule and ldap realm if in active directory there is more than 1000 groups it returns an error :
> Caused by: javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'CN=Users,DC=realad,DC=ad'
> i can't change in AD the MAXPAGESIZE parameter and i can't specify the module to use version 3 of ldap how i can do ?
> it is a big issue for me -)
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list