[ https://issues.apache.org/jira/browse/OAK-3117?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Konrad Windszus resolved OAK-3117. ---------------------------------- Resolution: Invalid > Support disabling group lookup in LDAP > -------------------------------------- > > Key: OAK-3117 > URL: https://issues.apache.org/jira/browse/OAK-3117 > Project: Jackrabbit Oak > Issue Type: Improvement > Components: auth-ldap > Affects Versions: 1.3.2 > Reporter: Konrad Windszus > > Currently the LdapIdentityProvider together with the DefaultSyncHandler will > always perform a search to query the group memberships of a user. It would be > good if one could disable that (e.g. by leaving the {{group.baseDN}} empty or > by having a dedicated property for that). > Reasoning: > For some company LDAPs a search on the group memberships is just very > expensive. Therefore very often the group membership is maintained somewhere > else for 3rd party systems. > Such an option was also available in CRX2 by using {{autocreate=createUser}} > (http://docs.adobe.com/docs/en/crx/2-3/administering/ldap_authentication.html#Auto%20Creation) -- This message was sent by Atlassian JIRA (v6.3.4#6332)