Github user necouchman commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/202#discussion_r146658810
--- Diff:
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java
---
@@ -251,8 +270,23 @@ private String getConnectionSearchFilter(String userDN,
// The guacConfig group uses the seeAlso attribute to refer
// to these other groups
while (userRoleGroupResults.hasMore()) {
- LDAPEntry entry = userRoleGroupResults.next();
-
connectionSearchFilter.append("(seeAlso=").append(escapingService.escapeLDAPSearchFilter(entry.getDN())).append(")");
+ try {
+ LDAPEntry entry = userRoleGroupResults.next();
+
connectionSearchFilter.append("(seeAlso=").append(escapingService.escapeLDAPSearchFilter(entry.getDN())).append(")");
+ }
+
+ catch (LDAPReferralException e) {
+ if (confService.getFollowReferrals()) {
+ logger.error("Could not follow referral.",
e.getMessage());
+ logger.debug("Error encountered trying to follow
referral.", e);
+ throw new GuacamoleServerException("Could not
follow LDAP referral.", e);
+ }
+ else {
+ logger.warn("Given a referral, but referrals are
disabled.", e.getMessage());
+ logger.debug("Got a referral, but configured to
not follow them.", e);
+ continue;
--- End diff --
Removed.
---
