+++ This bug was initially created as a clone of Bug #1086787 +++

This BZ is meant for EAP 6.2.x next possible CP


An LDAP server with (lets say) 1000 users in a group.
When authentication, a query is done to retrieve the groups for the user.

Most LDAP servers will limit the attributes send back based on authorization of the user, but can be configured to return all information.

The cause is:

/ Query for roles matching the role filter
SearchControls constraints = new SearchControls();
constraints.setSearchScope(searchScope);
constraints.setTimeLimit(searchTimeLimit);
rolesSearch(ctx, constraints, username, userDN, recursion, 0);

this used to also have:
constraints.setReturningAttributes(new String[0]);
at some time this was taken out.

It needs to go back in

According to the schedule it is to late for 6.3 as it would require a component update. Scheduling this for 6.4 when the flag becomes available. Will then also clone to get it into a 6.3 CP