On Wed, 10 Nov 2021 12:58:13 GMT, Aleksei Efimov <aefi...@openjdk.org> wrote:

>> I'd like to propose a fix for JDK-8275535. This fix reverts the behavior to 
>> the state previous to JDK-8160768, where an authentication failure stops 
>> from trying other LDAP servers with the same credentials [1]. After 
>> JDK-8160768 we have 2 possible loops to stop: the one that iterates over 
>> different URLs and the one that iterates over different endpoints (after a 
>> DNS query that returns multiple values).
>> 
>> No test regressions observed in jdk/com/sun/jndi/ldap.
>> 
>> --
>> [1] - https://hg.openjdk.java.net/jdk/jdk/rev/a609d549992a#l2.137
>
> Hi Martin,
> 
> The change looks reasonable to me.
> I would suggest having a CSR logged for this change due to the following 
> [behavioral 
> incompatibility](https://wiki.openjdk.java.net/display/csr/Kinds+of+Compatibility):
> Before the change - all available endpoints/URLs are tried to create an LDAP 
> context.  
> With the proposed change - incorrect credentials will prevent other endpoints 
> to be exercised to create an LDAP context.  
> 
> Having a CSR will also help to document difference in handling 
> `AuthenticationException` and `NamingException` during construction of an 
> LDAP context from the list of endpoints acquired from a LDAP DNS provider.

Hi @AlekseiEfimov 

Can you please review the CSR [1]?

Thanks,
Martin.-

--
[1] - https://bugs.openjdk.java.net/browse/JDK-8276959

-------------

PR: https://git.openjdk.java.net/jdk/pull/6043

Reply via email to