Description
It seems that DirContextOperations returned by LdapTemplate.lookupContext() doesn't correctly support multi value attributes if the value count exceeds the LDAP fetch limit (1500 in our case).
Following code doesn't work as expected:
DirContextOperations dirContextOperations = ldapTemplate.lookupContext(groupDn);
boolean addIfDuplicateExists = false;
dirContextOperations.addAttributeValue("member", userDn, addIfDuplicateExists);
ldapTemplate.modifyAttributes(dirContextOperations);This will cause AttributeInUseException although addIfDuplicateExists is false if there is a too large amount of users in the group. I assume it's because DirContextOperations didn't receive all values. Maybe it's also related to #561 and existing members won't be loaded at all since the attribute's name changes from "member" to "member;range=0-1499". I couldn't check that yet.
My suggestion would be to add a new LdapTemplate::lookupContext() variant with IncrementalAttributesMapper argument:
public DirContextOperations lookupContext(Name dn, IncrementalAttributesMapper mapper)Example usage:
IncrementalAttributesMapper<DefaultIncrementalAttributesMapper>attributesMapper =
new DefaultIncrementalAttributesMapper(new String[] { "member" });
DirContextOperations dirContextOperations = ldapTemplate.lookupContext(groupDn, attributesMapper);But - most importantly - there should be a hint in the documentation, that lookupContext() doesn't support multi value attributes except if you can guarantee that there won't be more values than a single fetch returns.