Details
-
Suggestion
-
Resolution: Fixed
-
None
-
None
Description
Currently the @ mention feature searches all users in the Stash directory even if they are not a licensed Stash user. Since it's not possible for non-licensed users to login to Stash, they should not be included in the list of results.
The current behavior can cause all users to be loaded into memory during a search. If enough users are synced to Stash, this can cause OOME. For example, if 100,000 users are synced to Stash, but only 1,000 are licensed users, all 100,000 users are loaded into memory.
Workaround
- Limit the LDAP user filter to only sync users that should have access to Stash or a smaller subset of the larger user base.
Attachments
Issue Links
- relates to
-
BSERV-3584 Allow only licensed and authorised users to be reviewer
- Closed
-
BSERV-13590 Ability to select the unlicensed user in Bitbucket user pickers
- Gathering Interest
- was cloned as
-
BSERV-7242 Limit @ mention list to authorized users
- Gathering Interest