Uploaded image for project: 'OpenICF'
  1. OpenICF
  2. OPENICF-1560

LDAP Connector: RFE Disable Paged Results Control

    XMLWordPrintable

Details

    Description

      ODSEE LDAP server with proxies in front of the ODSEE LDAP servers do not allow control 319 Page Results Control. They have set "useBlocks" to false in their provisioner file but when the connector queries the directory supported control, the directory returns that PagedResultsControl is supported and it chooses to use it.

      This is the logic that is used by the connector:

       

      if ((null != options.getPageSize() && options.getPageSize() > 0) &&
      conn.supportsControl(PagedResultsControl.OID)
      ) {
       strategy = new PagedSearchStrategy(options.getPageSize(), options.getPagedResultsCookie(), options.getPagedResultsOffset(), handler, sortKeys);
      logger
      .ok("Paged Search Strategy used for search operation");
      } else if (useBlocks && !usePagedResultsControl && conn.supportsControl(VirtualListViewRequestControl.
      OID
      )) {
       String vlvSortAttr = conn.getConfiguration().getVlvSortAttribute();
       strategy = new VlvIndexSearchStrategy(vlvSortAttr, pageSize);
      logger
      .ok("VLV Search Strategy used for search operation");
      } else if (useBlocks && conn.supportsControl(PagedResultsControl.
      OID
      )) {
       strategy = new SimplePagedSearchStrategy(pageSize, sortKeys);
      logger
      .ok("Simple Paged Search Strategy used for search operation");
      } else {
       strategy = new DefaultSearchStrategy(false, sortKeys);
      logger
      .ok("Default Search Strategy used for search operation");
      }
      

       

      In this case you pick the "Paged Search Strategy" - you can see it in the error from the logs:

       

      Caused by: org.identityconnectors.framework.common.exceptions.ConnectorException: Operation Not Supported. Bad cookie
      at org.identityconnectors.ldap.search.PagedSearchStrategy.doSearch(
      PagedSearchStrategy
      .java:212)
      

       

      But you can only use that PageSearchStrategy if conn.supportsControl(PagedResultsControl.OID) is true...
      It means that when the connector queries the directory supported control, the directory returns that PagedResultsControl is supported.

      Work around is disabling the control 319 on the proxy that is in front of the ODSEE LDAP server, which serves as load-balancer.

      So, before the fix, the proxy allowed the control 319 which resulted in the LDAP connector using paged search strategy. But the ODSEE server(s) behind that did not allow that control.

      Need to be able to disable  319 Page Results Control even if it is supported.

       

       

      Attachments

        Issue Links

          Activity

            People

              gael Gael Allioux
              constantine.mitrev Constantine Mitrev
              Son Nguyen Son Nguyen
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: