Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-2343

LdapSystem.performLdapSearchRequest doesn't return any members when group has more than 1500 memberships

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • 2.5.37
    • None
    • None
    • None

    Description

      We are in patch a72-u43-w7-p9.

      LdapSystem.performLdapSearchRequest returns empty list of member when group has more than 1500 memberships.

      Our settings in grouper-loader.properties:

      ldap.active_directory.searchResultHandlers=org.ldaptive.handler.DnAttributeEntryHandler,edu.internet2.middleware.grouper.ldap.ldaptive.GrouperRangeEntryHandler
      		 
      ldap.active_directory.pagedResultsSize = 1000
      		 
      ldap.active_directory.searchResultPagingEnabled=true
      		 
      ldap.active_directory.searchResultPagingSize=1000
      		 
      changeLog.consumer.pspng_activedirectory.memberAttributeName = member

       

      Logs like:
      Full-sync comparison for psrwi.auckland.ac.nz:Employee/#128662(Existing): Target-subject count: Correct/Actual: 12713/0
      Group psrwi.auckland.ac.nz:Employee/#128662(Existing) has 0 extra values
      Group psrwi.auckland.ac.nz:Employee/#128662(Existing) has 128662 missing values
       
      This issue cause the following code in LdapGroupProvisioner wont be invoked when grouper has members > 1500, and members never get delete from target system

      LOG.info("{}: Group {} has {} extra values",
      		 
          new Object[] {getDisplayName(), grouperGroupInfo, extraValues.size()});
      		 
      if ( extraValues.size() > 0 ) {
      		 
        getLdapSystem().performLdapModify(
      		 
                new ModifyRequest(
      		 
                        ldapGroup.dn,
      		 
                        new AttributeModification(
      		 
                                AttributeModificationType.REMOVE,
      		 
                                new LdapAttribute(config.getMemberAttributeName(),extraValues.toArray(new String[0])))),
      		 
                config.isMemberAttributeCaseSensitive(),
      		 
                true);
      		 
      }

      This issue seems happen after p6.

       

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Activity

            People

              chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
              wenlai.wang@at.internet2.edu Wenlai Wang
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: