Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8275535

Retrying a failed authentication on multiple LDAP servers can lead to users blocked

    XMLWordPrintable

Details

    • b23
    • generic
    • generic

    Backports

      Description

        After JDK-8160768, the behavior upon a failed LDAP authentication changed: instead of aborting the operation with an AuthenticationException exception, all available LDAP servers are tried with the same credentials. Note that the credentials might be wrong because of an error when the user entered them (i.e.: a typo). If this is the case, the user may be blocked on all LDAP servers after a single operation because of exceeding the maximum number of authentication failures. In my view, an authentication error means that the LDAP server is alive and there is no need to iterate to a different endpoint.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8293663 Retrying a failed authentication on multiple LDAP servers can lead to users blocked

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8293664 Retrying a failed authentication on multiple LDAP servers can lead to users blocked

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8302737 Retrying a failed authentication on multiple LDAP servers can lead to users blocked

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved
            csr for

            CSR - null JDK-8276959 Retrying a failed authentication on multiple LDAP servers can lead to users blocked

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Closed
            relates to

            Enhancement - null JDK-8160768 Add capability to custom resolve host/domain names within the default JNDI LDAP provider

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved
            links to

            Commit Commit openjdk/jdk8u-dev/b51619d2

            Commit Commit openjdk/jdk11u-dev/0dc10359

            Commit Commit openjdk/jdk17u-dev/f0acd72f

            Commit Commit openjdk/jdk/3be394e1

            Review Review openjdk/jdk8u-dev/117

            Review Review openjdk/jdk8u-dev/268

            Review Review openjdk/jdk11u-dev/1351

            Review Review openjdk/jdk17u-dev/654

            Review Review openjdk/jdk/6043

            Activity

              People

                mbalao Martin Balao
                mbalao Martin Balao
                Votes:
                0 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: