On Thu, May 26, 2016 at 7:09 AM, Dawson Bessinger <[email protected]>
wrote:
> Hello,
>
> We have setup a test Guacamole server and are having an LDAP auth issue.
> If we list the root of our AD in ldap-user-base-dn, guacamole throws an
> exception:
>
> ~~~
>
> org.glyptodon.guacamole.GuacamoleServerException: Error while query user
> DNs.
>
> at
> org.glyptodon.guacamole.auth.ldap.user.UserService.getUserDNs(UserService.java:271)
> ~[guacamole-auth-ldap-0.9.9.jar:na]
>
> ~~~
>
>
>
> I enabled debug error level and this is at the bottom of the stack trace:
>
> ~~~
>
> Caused by: com.novell.ldap.LDAPReferralException: Referral
>
> at com.novell.ldap.LDAPSearchResults.next(Unknown Source)
> ~[guacamole-auth-ldap-0.9.9.jar:na]
>
> at
> org.glyptodon.guacamole.auth.ldap.user.UserService.getUserDNs(UserService.java:262)
> ~[guacamole-auth-ldap-0.9.9.jar:na]
>
> ~~~
>
>
Can you describe in more detail how your LDAP server is set up?
I've not seen this particular exception before. It's unfortunate that the
error message itself is so artfully useless, but looking at the JavaDoc for
that LDAPReferralException[1], the description reads:
"Thrown when a server returns a referral and when a referral has not
been followed. It contains a list of URL strings corresponding to the
referrals or search continuation references received on an LDAP operation."
Until today, I had no idea that "referrals" were a concept in LDAP. From
the description, it sounds like LDAP deployments can potentially span
multiple servers, with each server being somewhat aware of its relatives'
contents. If that is the case, it seems the sort of thing that an LDAP
library would want to abstract away from downstream users of said library
... but then again perhaps not.
Thanks,
- Mike
[1]
https://www.novell.com/documentation/developer/jldap/jldapenu/api/com/novell/ldap/LDAPReferralException.html
