Summary

When Bamboo is configured for LDAP authentication, while adding a user to the Global Permissions, after the user types the first few characters of the user to be added, Bamboo fetches all users from LDAP and then filters the list locally rather than performing a search on the LDAP server using the characters that the user entered. This causes performance problems with large directories.

Environment

• Bamboo 6.2.1
• LDAP authentication is configured

Steps to Reproduce

1. Configure Bamboo 6.2.1 for LDAP authentication
2. As an administrator, navigate to the Global Permissions screen
3. Start entering part of the username or name of the user to be added

Expected Results

Bamboo will perform a search on LDAP using the characters that were entered by the administrator as a search filter (for username, e-mail, first name and last name) and then display the results

Actual Results

Bamboo retrieves all users from LDAP and then filters the list locally based on the characters entered by the administrator.
If profiling is enabled in Bamboo, catalina.out and atlassian-bamboo.log will show many lines similar to the following at the time the administrator performs the search (<adminuser> in the example below is the username of the administrator and <username> is the username of a user in LDAP):

2017-10-16 12:50:50,327 DEBUG [ajp-nio-127.0.0.1-8600-exec-1 url:/rest/api/latest/permissi...able-users username:<adminuser> ] [UtilTimerStack$1:196] [3033ms] - com.atlassian.user.impl.ldap.search.page.LDAPEntityPager_preload__(originalQuery= com.atlassian.user.impl.ldap.LiteralFilter@250345a1)
  [0ms] - com.atlassian.user.impl.ldap.repository.DefaultLdapContextFactory_getLDAPContext
  [0ms] - com.atlassian.user.impl.ldap.DefaultLDAPUserFactory_getUser(<username>)

Workaround

You may be able to restrict the number of users by defining a group search filter, but whether that is possible depends on your organizational structure.