Re: LDAP and DNS SRV records
On 19/01/18 13:40, Mark Thomas wrote: > On 19/01/18 13:35, Rory O'Donnell wrote: >> Hi Mark, >> >> I'd prefer a new bug , referring to the old bug etc. > > Fair enough. Will do. Scratch that. Just tested with the latest Java 8 release (162) and it is working now. Sorry for the noise. Mark > > Mark > > >> >> Thanks,Rory >> >> >> On 19/01/2018 13:34, Mark Thomas wrote: >>> On 19/01/18 13:31, Rory O'Donnell wrote: Hi Mark, Can you get a bug logged and let me know the JI ? >>> Sure. Is the existing bug not enough? >>> >>> https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8149521 >>> >>> >>> Cheers, >>> >>> Mark >>> >>> Rgds,Rory On 19/01/2018 12:37, Mark Thomas wrote: > Hi Rory, > > A user has reported a problem [1] with Tomcat's kerberos (we call it > Windows authentication) when using SRV DNS records to locate the LDAP > server. > > The root cause appears to be a JRE bug. [2] > > The fix for that bug in Java 8 doesn't work for Tomcat. Is there any > chance the fix could be revisited and the proposal in the bug (remove > the trailing dot from the host name obtained from the DNS SRV record in > com.sun.jndi.ldap.ServiceLocator) be adopted? > > The main problem for us is that the work around is awfully invasive. It > requires a fairly deep dive into the JRE code to fix. > > Note: testing with Java 9 (first release) or Java 10 ea 38 shows > everything works as expected in those versions. > > Thanks, > > Mark > > > [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 > [2] https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8149521 >> > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: LDAP and DNS SRV records
On 19/01/18 13:35, Rory O'Donnell wrote: > Hi Mark, > > I'd prefer a new bug , referring to the old bug etc. Fair enough. Will do. Mark > > Thanks,Rory > > > On 19/01/2018 13:34, Mark Thomas wrote: >> On 19/01/18 13:31, Rory O'Donnell wrote: >>> Hi Mark, >>> >>> Can you get a bug logged and let me know the JI ? >> Sure. Is the existing bug not enough? >> >> https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8149521 >> >> >> Cheers, >> >> Mark >> >> >>> Rgds,Rory >>> >>> >>> On 19/01/2018 12:37, Mark Thomas wrote: Hi Rory, A user has reported a problem [1] with Tomcat's kerberos (we call it Windows authentication) when using SRV DNS records to locate the LDAP server. The root cause appears to be a JRE bug. [2] The fix for that bug in Java 8 doesn't work for Tomcat. Is there any chance the fix could be revisited and the proposal in the bug (remove the trailing dot from the host name obtained from the DNS SRV record in com.sun.jndi.ldap.ServiceLocator) be adopted? The main problem for us is that the work around is awfully invasive. It requires a fairly deep dive into the JRE code to fix. Note: testing with Java 9 (first release) or Java 10 ea 38 shows everything works as expected in those versions. Thanks, Mark [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 [2] https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8149521 > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: LDAP and DNS SRV records
Hi Mark, I'd prefer a new bug , referring to the old bug etc. Thanks,Rory On 19/01/2018 13:34, Mark Thomas wrote: On 19/01/18 13:31, Rory O'Donnell wrote: Hi Mark, Can you get a bug logged and let me know the JI ? Sure. Is the existing bug not enough? https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8149521 Cheers, Mark Rgds,Rory On 19/01/2018 12:37, Mark Thomas wrote: Hi Rory, A user has reported a problem [1] with Tomcat's kerberos (we call it Windows authentication) when using SRV DNS records to locate the LDAP server. The root cause appears to be a JRE bug. [2] The fix for that bug in Java 8 doesn't work for Tomcat. Is there any chance the fix could be revisited and the proposal in the bug (remove the trailing dot from the host name obtained from the DNS SRV record in com.sun.jndi.ldap.ServiceLocator) be adopted? The main problem for us is that the work around is awfully invasive. It requires a fairly deep dive into the JRE code to fix. Note: testing with Java 9 (first release) or Java 10 ea 38 shows everything works as expected in those versions. Thanks, Mark [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 [2] https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8149521 -- Rgds,Rory O'Donnell Quality Engineering Manager Oracle EMEA, Dublin,Ireland - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: LDAP and DNS SRV records
On 19/01/18 13:31, Rory O'Donnell wrote: > Hi Mark, > > Can you get a bug logged and let me know the JI ? Sure. Is the existing bug not enough? https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8149521 Cheers, Mark > > Rgds,Rory > > > On 19/01/2018 12:37, Mark Thomas wrote: >> Hi Rory, >> >> A user has reported a problem [1] with Tomcat's kerberos (we call it >> Windows authentication) when using SRV DNS records to locate the LDAP >> server. >> >> The root cause appears to be a JRE bug. [2] >> >> The fix for that bug in Java 8 doesn't work for Tomcat. Is there any >> chance the fix could be revisited and the proposal in the bug (remove >> the trailing dot from the host name obtained from the DNS SRV record in >> com.sun.jndi.ldap.ServiceLocator) be adopted? >> >> The main problem for us is that the work around is awfully invasive. It >> requires a fairly deep dive into the JRE code to fix. >> >> Note: testing with Java 9 (first release) or Java 10 ea 38 shows >> everything works as expected in those versions. >> >> Thanks, >> >> Mark >> >> >> [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 >> [2] https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8149521 > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: LDAP and DNS SRV records
Hi Mark, Can you get a bug logged and let me know the JI ? Rgds,Rory On 19/01/2018 12:37, Mark Thomas wrote: Hi Rory, A user has reported a problem [1] with Tomcat's kerberos (we call it Windows authentication) when using SRV DNS records to locate the LDAP server. The root cause appears to be a JRE bug. [2] The fix for that bug in Java 8 doesn't work for Tomcat. Is there any chance the fix could be revisited and the proposal in the bug (remove the trailing dot from the host name obtained from the DNS SRV record in com.sun.jndi.ldap.ServiceLocator) be adopted? The main problem for us is that the work around is awfully invasive. It requires a fairly deep dive into the JRE code to fix. Note: testing with Java 9 (first release) or Java 10 ea 38 shows everything works as expected in those versions. Thanks, Mark [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 [2] https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8149521 -- Rgds,Rory O'Donnell Quality Engineering Manager Oracle EMEA, Dublin,Ireland - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
LDAP and DNS SRV records
Hi Rory, A user has reported a problem [1] with Tomcat's kerberos (we call it Windows authentication) when using SRV DNS records to locate the LDAP server. The root cause appears to be a JRE bug. [2] The fix for that bug in Java 8 doesn't work for Tomcat. Is there any chance the fix could be revisited and the proposal in the bug (remove the trailing dot from the host name obtained from the DNS SRV record in com.sun.jndi.ldap.ServiceLocator) be adopted? The main problem for us is that the work around is awfully invasive. It requires a fairly deep dive into the JRE code to fix. Note: testing with Java 9 (first release) or Java 10 ea 38 shows everything works as expected in those versions. Thanks, Mark [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61977 [2] https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8149521 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org