jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konrad Windszus (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OAK-3117) Support disabling group lookup in LDAP
Date Thu, 16 Jul 2015 14:50:04 GMT

    [ https://issues.apache.org/jira/browse/OAK-3117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14629834#comment-14629834

Konrad Windszus commented on OAK-3117:

Actually this is already possible through the property {{user.membershipNestingDepth=0}} on
the DefaultSyncHandler.

> Support disabling group lookup in LDAP
> --------------------------------------
>                 Key: OAK-3117
>                 URL: https://issues.apache.org/jira/browse/OAK-3117
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: auth-ldap
>    Affects Versions: 1.3.2
>            Reporter: Konrad Windszus
> Currently the LdapIdentityProvider together with the DefaultSyncHandler will always perform
a search to query the group memberships of a user. It would be good if one could disable that
(e.g. by leaving the {{group.baseDN}} empty or by having a dedicated property for that).
> Reasoning:
> For some company LDAPs a search on the group memberships is just very expensive. Therefore
very often the group membership is maintained somewhere else for 3rd party systems.
> Such an option was also available in CRX2 by using {{autocreate=createUser}} (http://docs.adobe.com/docs/en/crx/2-3/administering/ldap_authentication.html#Auto%20Creation)

This message was sent by Atlassian JIRA

View raw message