Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1860

Retrieve only the necessary attributes when searching for LDAP users and groups

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Fixed
    • 2.6
    • Directory - LDAP
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Currently Crowd makes a query for all the attributes on a given entity: role, group or user. This results in a very large dataset being returned for all searches, regardless of purpose.

      At a minimum, we should only request attributes which are used by Crowd: the name, description and member attributes for groups and roles, and all the mapped attributes for users.

      Even better would be to retrieve only the membership attributes when searching for memberships, only the group attributes when looking up groups, and so on.

      The minimum requirement is quite easy to implement, and I'll attach a simple (completely untested) patch that I'd like to see tested in the future. The second option would be harder, requiring some redesign of the SpringLDAPConnector, which currently has only has one place where SearchControls objects are constructed for all LDAP searches.

      Attachments

        Issue Links

          is duplicated by

          Suggestion - CWD-2767 Crowd retrieves too much data when synchronising an LDAP directory.

          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-23943 Group Lookup for Delegated Authentication Directory should not query for all membership attributes

          • Medium - Medium priority issues
          • Closed
          relates to

          Suggestion - JRACLOUD-26434 Retrieve only the necessary attributes when synchronising LDAP users and groups

          • Closed

          Suggestion - JRASERVER-26434 Retrieve only the necessary attributes when synchronising LDAP users and groups

          • Closed
          mentioned in

          Wiki Page Loading...

          Activity

            People

              jwalton joe
              matt@atlassian.com Matt Ryall
              Votes:
              3 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: