[cas-dev] CredentialsToLDAPAttributePrincipalResolver and maxNumberResults property
Marvin S. Addison
serac at exchange.vt.edu
Thu Jul 19 10:50:55 EDT 2007
I agree that it should be an implementation detail, and not exposed on
the interface. Whether it's set to 1 is another matter. This property
controls the number of max number of results returned by LDAP. Limiting
to only 1 result will cause the additional check on number of results
found to always pass even if multiple principals are found:
if (principalList.size() > 1) {
log.error("LDAP search returned multiple results "
+ "for filter \"" + searchFilter + "\", "
+ "which is not allowed.");
return null;
}
The choices are to set to 1 and remove this additional check, or leave
at some small number, say 10, and leave this condition. I prefer the
latter since it displays a descriptive message on a very specific
failure condition. The former solution enforces a one-to-one mapping of
principals even when no such condition is satisfied in LDAP.
M
More information about the cas-dev
mailing list