Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-12413

LDAP Group Sync makes extra queries when duplicated member entry is a user

    Details

    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      As part of the group sync, the LDAP module loads LDAP groups and recursively loads any member entry to get sub-members.

      For each member of a group there are 3 cases:

      1/ The member is a group it's members will be loaded
      2/ The member is a user and the user should be added but nothing more
      3/ The member is nothing like that and could be an "LDAP query" representing more users and should be tried as a filter

      In the current implementation (tested on 5.4.7), even in the case 2/ the case 3/ will be tried although the member was successfully loaded as a user. This should not be the case.

      I could not provide a patch because the way the code is written significant refactoring is needed. In the use case I had, it was either to remove step 3/ Altogether as I don't needed it in my case. It would be good to have an option to drop step 3/ as it might not be needed in many cases and can generate extra queries.

        Attachments

          Activity

            People

            • Assignee:
              tmortagne Thomas Mortagne
              Reporter:
              ludovic Ludovic Dubost
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response: