-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix paged search rfc2696_cookie for Microsoft Active Directory #369
base: master
Are you sure you want to change the base?
Conversation
@amuta could you please update this from the latest master branch when you have a moment? |
…r will try to encode to UTF-8 first and break the cookie's representation of binary data
92353e9
to
f608b28
Compare
@HarlemSquirrel sorry for taking soooo long, but I rebased it and changed it with the code that we are working with. We are using this change at our org for more than 1 year and it is working, but if anyone can try it out with Active Directory and a search with >1.2k results it should be evident. |
The tests are breaking because of lint rules, is it possible to make the linter skip that method? @HarlemSquirrel |
@amuta This should be refactored but for now we could up the limit to 117 in ruby-net-ldap/.rubocop_todo.yml Lines 207 to 209 in 626c312
I don't have access to any Active Directory to test this myself and don't work with LDAP at all right now so we really should get someone to try this out on a real directory before merging in as well. Are you able to write a test for this use case? |
When building the
cookie
of a paged search we are currently callingto_ber
when we should be callingto_ber_bin
to avoid encoding it to UTF-8 and 'breaking' the cookie format. When looking at the methodto_ber_bin
, it seems to be build with this in mind.Without this change, when trying to do a paged search the behavior is the same as described in this issue: #36 Wrong paged result from search
#36 (comment)
The issue is very likely to be related #313 rfc2696 paging not working when server returns additional, empty pagedResultsControl items, because after sending the broken cookie the AD still reponds with what would be the first page after the initial query but wont send the cookie required for continuing the paged search.
The comment below seems to imply that this issue was known and disabling paging was a solution, but the paging is not disabled and it breaks silently.
I've only tested this against Microsoft Active Directory, and it enabled me to used the paged search.