Closed harangozop closed 11 months ago
Thanks for reaching out. This is a known issue and needs to be controlled by Spring LDAP. They have a long-standing ticket for this, see pring-projects/spring-ldap#31.
Once Spring LDAP addresses that issue on their side, the baseDn will be considered.
Expected behavior
When using an
LdapRepository
'sfindAll
function it is expected to use the@Entry
's base dn when searching through LDAP.Actual behavior
The
LdapRepository
implementation does not use@Entry
's base dn, instead it calls find all function with an empty base: https://github.com/spring-projects/spring-data-ldap/blob/main/src/main/java/org/springframework/data/ldap/repository/support/SimpleLdapRepository.java#L146C21-L146C21Workaround
Of course, I could use the other
findAll
function, the one with theLdapQuery
parameter:org.springframework.data.ldap.repository.support.SimpleLdapRepository#findAll(org.springframework.ldap.query.LdapQuery)
.But I think it would be the better solution to use the base dn in the parameterless
findAll
as well.Why is it important?
When handling multiple organization units with similar but not the same object classes in their user entries one query for under a specific org unit gives all the other org unit's users.
Reproduction
User.java
UserRepository.java
OtherUser.java
OtherUserRepository.java
UserService.java