[cas-dev] CredentialsToLDAPAttributePrincipalResolver and maxNumberResults property
Scott Battaglia
scott.battaglia at gmail.com
Thu Jul 19 11:10:49 EDT 2007
Okay, I'm going to set it to 10 (unless there is potentially some possible
performance gain by setting it to something such as 2).
Thanks
-Scott
On 7/19/07, Marvin S. Addison <serac at exchange.vt.edu> wrote:
>
> I agree that it should be an implementation detail, and not exposed on
> the interface. Whether it's set to 1 is another matter. This property
> controls the number of max number of results returned by LDAP. Limiting
> to only 1 result will cause the additional check on number of results
> found to always pass even if multiple principals are found:
>
> if (principalList.size() > 1) {
> log.error("LDAP search returned multiple results "
> + "for filter \"" + searchFilter + "\", "
> + "which is not allowed.");
> return null;
> }
>
> The choices are to set to 1 and remove this additional check, or leave
> at some small number, say 10, and leave this condition. I prefer the
> latter since it displays a descriptive message on a very specific
> failure condition. The former solution enforces a one-to-one mapping of
> principals even when no such condition is satisfied in LDAP.
>
> M
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20070719/cdaa952f/attachment.html
More information about the cas-dev
mailing list