Issue Details (XML | Word | Printable)

Key: LDAP-9
Type: Improvement Improvement
Status: Closed Closed
Resolution: Won't Fix
Priority: Minor Minor
Assignee: Mattias Arthursson
Reporter: Ulrik Sandberg
Votes: 5
Watchers: 3
Operations

If you were logged in you would be able to see more operations.
Spring LDAP

Add support to manually follow referrals

Created: 07/Oct/06 12:56 PM   Updated: 22/Oct/08 03:19 AM
Component/s: None
Affects Version/s: 1.1
Fix Version/s: 1.3.0-RC1

Time Tracking:
Not Specified

Issue Links:
Depends
 


 Description  « Hide
Support should be added to automatically follow referrals in LdapTemplate, catching ReferralExceptions and 'manually' following the referral.

 All   Comments   Work Log   Change History   FishEye   Builds      Sort Order: Ascending order - Click to sort in descending order
[ Permalink | « Hide ]
Eric Rauer added a comment - 27/Feb/07 12:22 AM
Can this be handled by setting the context referral property to follow when creating the context? That should allow the jndi code to handle the referrals instead of passing the referral exception. See the jndi tutorial for more info, http://java.sun.com/products/jndi/tutorial/ldap/referral/jndi.html .

[ Permalink | « Hide ]
Mattias Arthursson added a comment - 27/Feb/07 12:32 AM
Yes, that should work with most LDAP servers (and btw you can specify this property using the baseEnvironmentPropertes property of ContextSource if your server does support it). Doesn't work for Active Directory however, as AD is unable to automatically follow referrals. On AD you'll need to do the work yourself.

[ Permalink | « Hide ]
Claus Ibsen added a comment - 27/Feb/07 03:10 AM
Is this new information something that should be added to the reference doc (if not already there)?

[ Permalink | « Hide ]
Mattias Arthursson added a comment - 20/Aug/08 12:34 PM
I'm not sure if this is even a problem that can be addressed from inside the framework. We keep on moving it forward; maybe we should just close it with Won't Fix...

[ Permalink | « Hide ]
Nate Moser added a comment - 17/Oct/08 05:46 PM - edited
See LDAP-136. After correcting for the DN parsing issue common to all entries returned from referrals with the JNDI context set to Context.REFERRAL=="follow", I was able to successfully follow referrals between Active Directory 2003 servers. It sounds like original intent of this issue was to be able to use the Context.REFERRAL == "throw" setting, where ReferralExceptions are thrown, caught, and manually traversed. This allows for conditional processing of results (e.g., discard any results from ldap://someserver.example.com:389) and changing the bind credentials before connecting to the referral context. Admittedly, this would be a bit difficult to achieve within LdapTemplate.

Also worth noting that when the context is set follow referrals, AD does not return the PartialResultsException that org.springframework.ldap.core.LdapTemplate#setIgnorePartialResultException is used to skip. However, you will either need to set your client host to use a DNS server holding entries for the spurious zones and configuration referrals returned by AD, e.g.

search reference
ref: ldap://ForestDnsZones.TEST.COM/DC=ForestDnsZones,DC=TEST,DC=COM

search reference
ref: ldap://DomainDnsZones.TEST.COM/DC=DomainDnsZones,DC=TEST,DC=COM

search reference
ref: ldap://TEST.COM/CN=Configuration,DC=TEST,DC=COM

or use the Global Catalog server (port 3268).


[ Permalink | « Hide ]
Mattias Arthursson added a comment - 22/Oct/08 03:19 AM
Thanks Nate for the elaborate explanation on this. With the resolution of LDAP-136, this issue is actually to be considered solved as well. Setting the referral method to "follow" really should be the way to go about this, and the library should now support that fully.


Powered by a free Atlassian JIRA open source license for Spring Framework. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.4-#354) - Bug/feature request - Atlassian news - Contact Administrators