Skip over Navigation

dataflake.org

Home Documentation Software Old Stuff

Guest

getUserNames suggestion | Add new Issue | Search Issues | Add new Entry |

getUserNames suggestion (Resolved)

Request	LDAP User Folder -- feature request -- by Andrew Veitch
Posted on	May 16, 2005 9:29 am
Subscribe	Enter your email address to receive mail on every change to this issue.

Entries (Latest first)

	Comment by Andrew Veitch on May 16, 2005 11:32 am
	`Hi Jens That works great, thanks. I think it's the fastest bug fix I've ever had! Andrew`


	Resolve by Jens Vagelpohl on May 16, 2005 11:23 am
	`The problem is now solved in CVS, and if you could help test what's in CVS and give me some feedback that would be great. See here for the specific change for the ZMI local roles view: http://cvs.dataflake.org/LDAPUserFolder/LDAPUserFolder.py.diff?r1=1.159&r2=1.160`


	Accept by Jens Vagelpohl on May 16, 2005 9:37 am
	`Hi Andrew, this is correct. I have already identified this as a bug in the way the search result comes back in the face of the specific exception thrown (ldap.ADMINLIMIT_EXCEEDED I believe) and will look at some workaround today.`


	Initial Request by Andrew Veitch on May 16, 2005 9:29 am
	I'm using LDAPUserFolder with an ActiveDirectory containing many thousands of users and it's working great. The only issue is the manage_listLocalRoles form on the ZMI. From reading the code in Zope it looks like it calls getUserNames on the acl_users and then discards the list of names if there are more than a certain amount. Unfortunately ActiveDirectory seems to return an empty list if the search returns more than a given number of users. I know that this is configurable but in my case I don't have admin access. Even if I reconfigured AD I would still have the problem that I was doing a massive, resource consuming query only to discard the results. It would be really useful if there was an option that would set getUserNames to just raise OverflowError. This would be useful for sites very large numbers of users. I've changed the method to always raise OverflowError which works fine for us but it probably is better as an option. An alternative would be for getUserNames to cope with getting an empty search result by only slicing getAttributesOfAllObjects() if non-empty which would work fine too. Something like this: tmplist = self.getAttributesOfAllObjects(self.users_base, ldap_scopes[self.users_scope],user_filter, (self._login_attr,)) if tmplist: loginlist=tmplist[self._login_attr] else: return () Thanks for a great product.