Uploaded image for project: 'LDAP'
  1. LDAP
  2. LDAP-59

Active Directory groups with more than 1500 members don't properly synchronize with XWiki Groups

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 9.3
    • None
    • Authenticator
    • None
    • Unknown
    • N/A
    • N/A

    Description

      The issue reproduces for a LDAP group with 1716 members which didn't properly synchronize with the XWiki Group.

      As softec investigated:

      AD has a limitation on the number of attribute values returned by a query, and require that a range value is used for attribute having more than 1500 values.
      XWiki does not seems to support properly group of that size, this is a limitation of the product.
      The retrieval of group members is done with a single query, similar to:

      -b "<group dn>" '' objectClass uniquemember memberuid member sAMAccountName

      and to retrieve properly member of a large group, the following would be needed:

      -b "<group dn>" '' objectClass uniquemember memberuid 'member;range=1500-2000' sAMAccountName

      Using ldapsearch, it automatically limit the range to 0-1499, but without any range, apparently no value of attribute member is returned.
      As a result, the group is seen empty.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. LDAP-155 Active Directory pagination system is not supported

          • Major - Major loss of function.
          • Open

          Activity

            People

              tmortagne Thomas Mortagne
              ibalan Iulia Balan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: