Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6394020

overeager failover behavior with JNDI LDAP provider as a result of authentication failures

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      b79
    • CPU:
      sparc
    • OS:
      solaris

      Description

      I noticed an odd behavior in the LDAP provider if multiple directory URLs are given as the value of the PROVIDER_URL (as seen in http://java.sun.com/products/jndi/tutorial/ldap/misc/url.html#MULTI).

      Using such a connection if an application attempts to bind with an incorrect password (which naturally results in a bind failure response from LDAP server), the LDAP provider will attempt to reconnect to all of the URLs listed in the PROVIDER_URL.

      This seems like a bug. If the first contacted LDAP server returns a result indicating that the password is incorrect, that should be treated as an authoritative answer. There is no reason to query every other listed server, since (assuming they are mirrors of each other as should be expected) they will all return the same answer.

        Attachments

          Activity

            People

            Assignee:
            jhangalsunw Jayalaxmi Hangal (Inactive)
            Reporter:
            duke J. Duke (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: