You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2019/10/31 13:21:00 UTC

[jira] [Commented] (ARTEMIS-2535) Add option to ignore PartialResultExceptions in LDAP searches

    [ https://issues.apache.org/jira/browse/ARTEMIS-2535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16963994#comment-16963994 ] 

ASF subversion and git services commented on ARTEMIS-2535:
----------------------------------------------------------

Commit d7d11a0c6f9880e3327f067598a66fbf628a7150 in activemq-artemis's branch refs/heads/master from Joshua Smith
[ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=d7d11a0 ]

ARTEMIS-2535 Add ignorePartialResultException option to LDAPLoginModule

Active Directory servers are unable to handle referrals automatically.
This causes a PartialResultException to be thrown if a referral is
encountered beneath the base search DN, even if the LDAPLoginModule is
set to ignore referrals.

This option may be set to 'true' to ignore these exceptions, allowing
login to proceed with the query results received before the exception
was encountered.

Note: there are no tests for this change as I could not reproduce the
issue with the ApacheDS test server. The issue is specific to directory
servers that don't support the ManageDsaIT control such as Active
Directory.


> Add option to ignore PartialResultExceptions in LDAP searches
> -------------------------------------------------------------
>
>                 Key: ARTEMIS-2535
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2535
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: Broker
>            Reporter: Josh Smith
>            Priority: Minor
>          Time Spent: 2h 20m
>  Remaining Estimate: 0h
>
> Active Directory doesn't handle referrals automatically, which causes a PartialResultException to be thrown whenever a referral is encountered beneath the search DN, even if Context.REFERRAL is set to `ignore` [1].
> Spring [1], Karaf [2] and others have implemented workarounds for this in the form of an option to ignore these PartialResultExceptions. Add a similar option to the LDAPLoginModule so that referrals can be ignored when working with Active Directory.
> [1] [https://docs.spring.io/autorepo/docs/spring-ldap/current/apidocs/org/springframework/ldap/core/LdapTemplate.html]
> [2] https://github.com/apache/karaf/blob/master/manual/src/main/asciidoc/developer-guide/security-framework.adoc#ldaploginmodule]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)