Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Need the ability to suppress "partial result exception" in ScriptRunner LDAP template

Kamran Ansari
Kamran Ansari February 10, 2023

I am using Jira ScriptRunner to implement a REST endpoint that does an LDAP look-up. I am using secure LDAP (port 636) and authenticated bind.

The following piece of code throws me a PartialResultException, which is part of the Spring framework and documented here.

 

    try
    {
          // The variables base, filter, scope and 
          // the class MyUserAttributesMapper are defined 
          // elsewhere in the code and not shown here

          userInfoList = LdapUtil.withTemplate ("myLDAPPoolName") { template -> 
          template.search(base, filter, scope, new MyUserAttributesMapper()) 

        }
    }
    catch (PartialResultException pre)
    {
        // All our results are lost :( :(
    }

I researched this issue and found a couple of workarounds online, none of which are suitable for our environment and/or use case:

  1. Include the following line in ScriptRunner Environment properties (doesn't work for us because of the way our AD forest is set-up)
    java.naming.referral=follow 
  2. Use LDAP port 3269 (Global Catalog Port) instead of port 636, but this doesn't work for me because my queries don't return all the attributes I'm interested in. This is expected behavior when using port 3269.

The Spring Framework documentation suggests suppressing the partial result exception by setting the ignorePartialResultException property (org.springframework.ldap.core.LdapTemplate object) to true. However, the ScriptRunner LdapUtil wrapper doesn't seem to expose this property or provide a way to set it.

I'm hoping someone from Adaptavist will take a look at my request, and:

  • Suggest a solution (or a workaround), AND/OR
  • Implement the ability to ignore partial result exceptions in one of their next releases.

Many thanks,

Kamran Ansari

 
Answer
Watch
Like Be the first to like this
592 views

1 answer

Suggest an answer

Log in or Sign up to answer
0 votes
PD Sheehan
PD Sheehan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 10, 2023

You actually can ignore the partial results in the current version.

Here is a sample console script that does this:

import com.onresolve.scriptrunner.ldap.LdapUtil
import org.springframework.ldap.core.AttributesMapper
import org.springframework.ldap.core.LdapTemplate
import javax.naming.directory.Attributes
import javax.naming.directory.SearchControls

LdapUtil.withTemplate('test ldap') { ldapTemplate ->
    (ldapTemplate as LdapTemplate).setIgnorePartialResultException(true)
    ldapTemplate.search("", "(cn=p6s)", SearchControls.SUBTREE_SCOPE, { Attributes attributes ->
        def map = [:]
        map.cn = attributes.get('cn').get()
        map.memberOf = attributes.get('memberOf').getAll().collect()
        map
    } as AttributesMapper<String>)
}

You have to explicitly cast the ldapTemplate generated by the scriptrunner LdapUtil to LdapTemplate because by default it's an instance of LdapOperations which is the interface.

Reply
groups-icon
App Central
TAGS
AUG Leaders

Atlassian Community Events

    See all events