> "This solution makes the following important assumption: referrals occur > after normal entries. Others working with Spring+AD have confirmed this > assumption holds" > > I would not rely on that assumption.
We will rely on the assumption to the extent that it solves the reported problem for most/all deployers who take the time to verify the fix. I am almost convinced we can do no better than what I already committed given the limitations of the technologies we are using. > > That said, I believe it is correct to implicate poor >> referral handling in this case, but I doubt it's the same issue >> reported in CAS-663. > > Being the reporter of CAS-663 my original intention was to convince you > to just drop the referrals (search continuations) returned no matter in > which order they are received. I assure you we investigated the possibility of such a solution to no avail. The documentation is clear that JNDI does not allow for server-side referral management for LDAPv2 servers (e.g. AD). So referrals are returned along with normal results, and their handling is an all-or-nothing proposition: throw a PartialResultException on the first referral encountered or not. On the other hand, the committed fix worked for handling referrals in both our test OpenLDAP and AD setups. That by no means covers all bases, but it does indicate ignoring PartialResultExceptions resolves the problem when normal results occur before referrals. In that case we are effectively following your solution of dropping referrals; any results after the PartialResultException are discarded. > I'm not familiar with all the Java/JNDI/Spring APIs though. So I can't > help to determine in which component it should be fixed. I hope I've made it clear that JNDI, and Spring by virtue of using JNDI internally, imposes some limitations that preclude certain solutions. In any case we are committed to finding a reasonable fix for both CAS-663 and this issue. I apologize for hijacking this thread to a large extent. Regards, M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
