We have a very deep OU structure in our AD, so our ldap filters for user access groups easily ends up being 100+ chars, but are cutoff.
As far as i can tell this is due to the varchar(64) data type on the ldap_filter collum, in the app_access_groups table.
For now we are working around the limit, by placing the groups we filter on i a temp ou at the root of our AD tree, but this is not sustanible long term.
User access groups ldap filters cut off at 64chars
-
- Posts: 2
- Joined: 20 Nov 2018, 14:33
- Name: Michael Knudsen
- Location: Odense
- Company Name: Infowise
- Contact:
- support
- Site Admin
- Posts: 6221
- Joined: 19 Oct 2014, 18:22
- Name: Sergey Kharchishin
- Location: Russia, Evpatoriya
Re: User access groups ldap filters cut off at 64chars
Which length do you need 255 is enough or do you need text field type?
-
- Posts: 2
- Joined: 20 Nov 2018, 14:33
- Name: Michael Knudsen
- Location: Odense
- Company Name: Infowise
- Contact:
Re: User access groups ldap filters cut off at 64chars
255 would be fine for us as we lay around 100-110 in length.
However i do not know the max length of a LDAP dn in AD, but it is surly a lot longer, so maybe also give a warning that the dn was truncated when someone enters a dn longer that 255.
However i do not know the max length of a LDAP dn in AD, but it is surly a lot longer, so maybe also give a warning that the dn was truncated when someone enters a dn longer that 255.
- support
- Site Admin
- Posts: 6221
- Joined: 19 Oct 2014, 18:22
- Name: Sergey Kharchishin
- Location: Russia, Evpatoriya
Re: User access groups ldap filters cut off at 64chars
I have updated this field to TEXT in 2.4.
You can run next query in phpmyadmin if you did not update this field yet
You can run next query in phpmyadmin if you did not update this field yet
Code: Select all
ALTER TABLE `app_access_groups` CHANGE `ldap_filter` `ldap_filter` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL;