On Wed, 10 Nov 2021 12:58:13 GMT, Aleksei Efimov <aefi...@openjdk.org> wrote:
>> I'd like to propose a fix for JDK-8275535. This fix reverts the behavior to >> the state previous to JDK-8160768, where an authentication failure stops >> from trying other LDAP servers with the same credentials [1]. After >> JDK-8160768 we have 2 possible loops to stop: the one that iterates over >> different URLs and the one that iterates over different endpoints (after a >> DNS query that returns multiple values). >> >> No test regressions observed in jdk/com/sun/jndi/ldap. >> >> -- >> [1] - https://hg.openjdk.java.net/jdk/jdk/rev/a609d549992a#l2.137 > > Hi Martin, > > The change looks reasonable to me. > I would suggest having a CSR logged for this change due to the following > [behavioral > incompatibility](https://wiki.openjdk.java.net/display/csr/Kinds+of+Compatibility): > Before the change - all available endpoints/URLs are tried to create an LDAP > context. > With the proposed change - incorrect credentials will prevent other endpoints > to be exercised to create an LDAP context. > > Having a CSR will also help to document difference in handling > `AuthenticationException` and `NamingException` during construction of an > LDAP context from the list of endpoints acquired from a LDAP DNS provider. Hi @AlekseiEfimov Can you please review the CSR [1]? Thanks, Martin.- -- [1] - https://bugs.openjdk.java.net/browse/JDK-8276959 ------------- PR: https://git.openjdk.java.net/jdk/pull/6043