LDAP group search doesn't use filter
Bug #1177630 reported by
Brandon Miles
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Adam Young |
Bug Description
It doesn't look like the LDAP search for the group list is using the filter specified in the config. If you have a large group OU, the performance hit is very noticeable.
The actual method is list_user_groups in the GroupApi class. I've attached the patch we've been using in production in case that helps.
Thanks!
summary: |
- Group search doesn't use filter + LDAP group search doesn't use filter |
Changed in keystone: | |
importance: | Undecided → Medium |
tags: | added: grizzly-backport-potential |
Changed in keystone: | |
assignee: | nobody → Adam Young (ayoung) |
Changed in keystone: | |
milestone: | none → havana-3 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | havana-3 → 2013.2 |
tags: | removed: grizzly-backport-potential |
To post a comment you must log in.
Any chance you can sign the CLA and put that patch up for review? It looks fine to me as-is, other than overriding the `filter()` builtin, so I'd just write it as http:// paste.openstack .org/raw/ 38243/