[
https://issues.apache.org/jira/browse/DIRKRB-295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14596550#comment-14596550
]
Stefan Seelmann edited comment on DIRKRB-295 at 6/22/15 8:04 PM:
-----------------------------------------------------------------
Some remarks:
1. If you only need the attribute krb5PrincipalName then please add only this
to the search() method, otherwise all attributes are returned from the server
2. The cursor needs to be closed, please put it into a finally block.
(Unfortunately Cursor doesn't implement AutoCloseable)
3. You cannot be sure to get really all results. Often LDAP servers have a
default size limit of 1000, so if there are more entries stored you won't get
them.
4. The implementation of {{getIdentities(int start, int limit)}} in not at all
efficient, It always retrieves all entries and then only returns a partial
list. As a first step or for a POC that is ok, but for a production system this
should be improved. Paged search or VLV control can be used to retrieve only
part of the result from the LDAP server,
5. The API doc promises the the result is sorted. That is a bit unfortune
because not all LDAP servers support sorting, which means all entries need to
be fetched to support proper sorting, which is inefficient.
1 and 2 should be fixed. 3-5 is harder to fix, it's ok the commit the code now
and improve it later.
was (Author: seelmann):
Some remarks:
1. If you only need the attribute krb5PrincipalName then please add only this
to the search() method, otherwise all attributes are returned from the server
2. The cursor needs to be closed, please put it into a finally block.
(Unfortunately Cursor doesn't implement AutoCloseable)
3. You cannot be sure to get really all results. Often LDAP servers have a
default size limit of 1000, so if there are more entries stored you won't get
them.
4. The implementation of {getIdentities(int start, int limit)} in not at all
efficient, It always retrieves all entries and then only returns a partial
list. As a first step or for a POC that is ok, but for a production system this
should be improved. Paged search or VLV control can be used to retrieve only
part of the result from the LDAP server,
5. The API doc promises the the result is sorted. That is a bit unfortune
because not all LDAP servers support sorting, which means all entries need to
be fetched to support proper sorting, which is inefficient.
1 and 2 should be fixed. 3-5 is harder to fix, it's ok the commit the code now
and improve it later.
> Implementing getIdentities for LdapIdentityBackend
> --------------------------------------------------
>
> Key: DIRKRB-295
> URL: https://issues.apache.org/jira/browse/DIRKRB-295
> Project: Directory Kerberos
> Issue Type: Sub-task
> Reporter: Xu Yaning
> Assignee: Xu Yaning
> Attachments: DIRKRB-295-v1.patch, DIRKRB-295-v2.patch
>
>
> Impelment {{getIdentities}} for {{LdapIdentityBackend}} to get identities by
> index scope.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
