Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
Currently Crowd makes a query for all the attributes on a given entity: role, group or user. This results in a very large dataset being returned for all searches, regardless of purpose.
At a minimum, we should only request attributes which are used by Crowd: the name, description and member attributes for groups and roles, and all the mapped attributes for users.
Even better would be to retrieve only the membership attributes when searching for memberships, only the group attributes when looking up groups, and so on.
The minimum requirement is quite easy to implement, and I'll attach a simple (completely untested) patch that I'd like to see tested in the future. The second option would be harder, requiring some redesign of the SpringLDAPConnector, which currently has only has one place where SearchControls objects are constructed for all LDAP searches.
Attachments
Issue Links
- is duplicated by
-
CWD-2767 Crowd retrieves too much data when synchronising an LDAP directory.
- Closed
- is related to
-
CONFSERVER-23943 Group Lookup for Delegated Authentication Directory should not query for all membership attributes
- Closed
- relates to
-
JRACLOUD-26434 Retrieve only the necessary attributes when synchronising LDAP users and groups
- Closed
-
JRASERVER-26434 Retrieve only the necessary attributes when synchronising LDAP users and groups
- Closed
- mentioned in
-
Wiki Page Loading...