Github user alt36 commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/129#discussion_r106701681
--- Diff:
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java
---
@@ -259,8 +263,13 @@ private String generateLDAPQuery(String username)
// Add all DNs for found users
while (results.hasMore()) {
- LDAPEntry entry = results.next();
- userDNs.add(entry.getDN());
+ try {
+ LDAPEntry entry = results.next();
+ userDNs.add(entry.getDN());
+ } catch (LDAPReferralException e) {
+ logger.debug("Ignoring LDAP Referral: \"{}\".",
e.toString());
--- End diff --
Fair enough - my thought process was that at present, it is simply not
possible to log in via LDAP if a referral is returned. This makes it impossible
to use LDAP auth against an AD where the search base dn is the root of the AD,
because at present the LDAPReferralException will be rethrown and not dealt
with in any way. This was a v0.1 attempt to at least improve the situation a
little. I don't disagree that including the capability to (probably optionally)
follow the referral is a better solution, but I'm afraid I'll have to leave
that to someone more familiar with the code, then.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
