[
https://issues.apache.org/jira/browse/HADOOP-10626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287827#comment-14287827
]
Aaron T. Myers commented on HADOOP-10626:
-----------------------------------------
Hi Jason, the patch looks pretty good to me in the abstract, thanks for
providing it and for doing that testing.
One question for you - the javadocs for the {{SearchControls}} class seem to
indicate that by default all attributes will be returned by a search.
Specifically, I'm looking at this bit of text in the description of the no args
constructor (emphasis mine):
{quote}
The defaults are:
* search one level
* no maximum return limit for search results
* no time limit for search
* *return all attributes associated with objects that satisfy the search
filter.*
* do not return named object (return only name and class)
* do not dereference links during search
{quote}
Given this, why is it necessary to explicitly add the group name attribute to
the search results? Are the javadocs incorrect? Or am I just misunderstanding
something?
> Limit Returning Attributes for LDAP search
> ------------------------------------------
>
> Key: HADOOP-10626
> URL: https://issues.apache.org/jira/browse/HADOOP-10626
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.3.0
> Reporter: Jason Hubbard
> Assignee: Jason Hubbard
> Labels: easyfix, newbie, performance
> Attachments: HADOOP-10626.patch
>
>
> When using Hadoop Ldap Group mappings in an enterprise environment, searching
> groups and returning all members can take a long time causing a timeout.
> This causes not all groups to be returned for a user. Because the first
> search only searches for the user dn and the second search retrieves the
> group member attribute, we only need to return the group member attribute on
> the search speeding up the search.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
