For the record:
http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx
reports in note 19 that specifying the object class can be dramatically
faster, so e.g.
((objectCategory=group)(member:1.2.840.113556.1.4.1941:={0}))
as the group
Stephen Connolly (2014-05-22 17:12):
OK, so there is now rumoured to be a faster and better way to look up
the groups that a user belongs to in the LDAP 1.10 plugin.
I say rumoured because due to the complexities of Active Directory
server configurations, one can never be quite sure until one
On Thursday, 22 May 2014 16:12:52 UTC+1, Stephen Connolly wrote:
OK, so there is now rumoured to be a faster and better way to look up the
groups that a user belongs to in the LDAP 1.10 plugin.
I say rumoured because due to the complexities of Active Directory server
configurations, one
Hi Stephen,
just tested the new version with my Active Directory : authentication still
takes forever. I think the new code you added is not even called during the
authentication workflow, it goes straight to AuthoritiesPopulator
implementations which use the member={0}. The logic looks good
Stephen,
I can confirm that performance is now _A_LOT_ better!
Login now happens in seconds and not minutes.
So thank you.
FWIW, the AD plugin still doesn't work with AD that uses TLS.
James
On 25 May 2014 20:46, teilo teilo+goo...@teilo.net wrote:
I haven't tried that version but I
Yes, but what about telio's expression of doubt with respect to nested
groups... or were you not using them anyway (as perhaps your login perf was
shite)
On 30 May 2014 10:57, James Chapman ja...@mtbfr.co.uk wrote:
Stephen,
I can confirm that performance is now _A_LOT_ better!
Login now
I haven't tried that version but I already know that the ad specific
LDAP_MATCHING_RULE_IN_CHAIN oid breaks very large installations.
One LDAP query will take over 1.5 minutes and will be killed by the ad server.
Last I looked using ad browser which was a few weeks my memberOf did not
include
Are you planning to update the test?
Am Freitag, 23. Mai 2014 schrieb Stephen Connolly :
Well if the tests are non UI tests driven through the UI then they can be
overly brittle.
@Kohsuke this is a case in point
On Thursday, 22 May 2014, Ulli Hafner
I am not planning to update UI driven tests of non UI fubctionality as I
fundamentally disagree with that approach. I will probably replace these
tests with a non-UI driven version when I have integrated my scalability
test framework into the acceptance test harness which will enable the
writing
Well if the tests are non UI tests driven through the UI then they can be
overly brittle.
@Kohsuke this is a case in point
On Thursday, 22 May 2014, Ulli Hafner ullrich.haf...@gmail.com wrote:
Seems that the new plugin breaks the acceptance tests for the LDAP plugin:
Daniel is always good at finding bugs... second NPE found and fixed. 1.10.2
now recommended.
Seemingly Daniel is having problems posting to the mailing list ATM. Here
was his feedback on 1.10.2 (well actually a -SNAPSHOT of the same code)
/whoAmI works, as does /user/username/? (although the
OK, so there is now rumoured to be a faster and better way to look up the
groups that a user belongs to in the LDAP 1.10 plugin.
I say rumoured because due to the complexities of Active Directory server
configurations, one can never be quite sure until one has had a fair amount
of testing.
To
Seems that the new plugin breaks the acceptance tests for the LDAP plugin:
https://github.com/jenkinsci/acceptance-test-harness/blob/master/src/test/java/plugins/LdapPluginTest.java
Am 22.05.2014 um 17:12 schrieb Stephen Connolly
stephen.alan.conno...@gmail.com:
OK, so there is now rumoured to
13 matches
Mail list logo