Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8275535

Retrying a failed authentication on multiple LDAP servers can lead to users blocked

    XMLWordPrintable

Details

    • b23
    • generic
    • generic

    Backports

      Description

        After JDK-8160768, the behavior upon a failed LDAP authentication changed: instead of aborting the operation with an AuthenticationException exception, all available LDAP servers are tried with the same credentials. Note that the credentials might be wrong because of an error when the user entered them (i.e.: a typo). If this is the case, the user may be blocked on all LDAP servers after a single operation because of exceeding the maximum number of authentication failures. In my view, an authentication error means that the LDAP server is alive and there is no need to iterate to a different endpoint.

        Attachments

          Issue Links

            Activity

              People

                mbalao Martin Balao
                mbalao Martin Balao
                Votes:
                0 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: