Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/202#discussion_r146658052
--- Diff:
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java
---
@@ -251,8 +270,23 @@ private String getConnectionSearchFilter(String userDN,
// The guacConfig group uses the seeAlso attribute to refer
// to these other groups
while (userRoleGroupResults.hasMore()) {
- LDAPEntry entry = userRoleGroupResults.next();
-
connectionSearchFilter.append("(seeAlso=").append(escapingService.escapeLDAPSearchFilter(entry.getDN())).append(")");
+ try {
+ LDAPEntry entry = userRoleGroupResults.next();
+
connectionSearchFilter.append("(seeAlso=").append(escapingService.escapeLDAPSearchFilter(entry.getDN())).append(")");
+ }
+
+ catch (LDAPReferralException e) {
+ if (confService.getFollowReferrals()) {
+ logger.error("Could not follow referral.",
e.getMessage());
+ logger.debug("Error encountered trying to follow
referral.", e);
+ throw new GuacamoleServerException("Could not
follow LDAP referral.", e);
--- End diff --
Recalling the changes proposed via #129, is it desirable that the entire
search will abort with a failure if a referral error occurs? Or should the
error be non-fatal and simply logged?
---
