On Fri, Jun 3, 2011 at 1:57 AM, George Niculae <[email protected]> wrote:
> On Thu, Jun 2, 2011 at 12:07 PM, George Niculae <[email protected]> wrote: > > Hi Guys, > > > > I have the following config in AD server > > > > DC=corp,DC=ezuce,DC=com > > - OU=people > > -- CN=Test User > > -- OU=test > > --CN=Test1 User1 > > > > When I specify Search base as OU=people,DC=corp,DC=ezuce,DC=com I can > > log in user portal with both Test User and Test1 User1 (from sub OU > > test). However when I put DC=corp,DC=ezuce,DC=com as search base users > > cannot login (and the only difference is that DC=corp,DC=ezuce,DC=com > > it contains referrals). > > > > Anyone using LDAP integration seen this behavior? > > In case you see it: problem is with current Acegi library and > LdapTemplate implementation - it cannot handle AD referrals properly. > This was solved in Spring Security by adding a new method called > ignorePartialResultException with following disclaimer: > > Note for Active Directory (AD) users: AD servers are apparently unable > to handle referrals automatically, which causes a > PartialResultException to be thrown whenever a referral is encountered > in a search. To avoid this, set the ignorePartialResultException > property to true. There is currently no way of manually handling these > referrals in the form of ReferralException, i.e. either you get the > exception (and your results are lost) or all referrals are ignored (if > the server is unable to handle them properly. Neither is there any > simple way to get notified that a PartialResultException has been > ignored (other than in the log). > Great catch! > > We really need to update our library > (http://track.sipfoundry.org/browse/XX-8350 scheduled for 5.0), not > sure if feasible for 4.4 or 4.6 - would like to hear opinions on this IMO we should upgrade to Spring Security for 4.6 and backport to 4.4 Mircea > Thanks > George > _______________________________________________ > sipx-dev mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-dev/ >
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
