LDAP+Kerberos - JDK-8149521 also in JDK9
Balchandra Vaidya
balchandra.vaidya at oracle.com
Fri May 6 12:03:12 UTC 2016
Hi Bill,
The bug has been updated with the additional information from you.
Thanks
Balchandra
On 5/6/2016 4:59 PM, Bill Mair wrote:
> Hi,
>
> Am I posting this to the correct list? If I am, would someone please
> tell me who to send this information to?
>
> I would like to confirm that this bug still indeed exists, as Balchandra
> Vaidya requested.
>
> From what I can see error hasn't been fixed in jdk9 either:
>
> http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/f38c0650a60f/src/java.naming/share/classes/com/sun/jndi/ldap/ServiceLocator.java
>
> Thanks and regards,
>
> Bill Mair
>
> -------- Forwarded Message --------
> Subject: Bug 8149521
> Date: Thu, 5 May 2016 17:47:49 +0200
> From: Bill Mair <bill.mair at web.de>
> To: core-libs-dev at openjdk.java.net
>
>
>
> Hi,
>
> I've just ran in to the same problem described in this bug: https://bugs.openjdk.java.net/browse/JDK-8149521
>
> I found it in java7u79 and I used java8u91 to confirm it still exists.
>
> The error is in "com.sun.jndi.ldap.ServiceLocator" at line 273 (http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/df209f221cca/src/share/classes/com/sun/jndi/ldap/ServiceLocator.java),
>
> The "Hostname" token always has a trailing "." (period). This doesn't normally matter for "normal" network operation but it is critical where working with Kerberos.
>
> If you use "ldap:///dc=example,dc=com" the the corresponding name might be something like "ldap1.example.com."(notice the trailing dot)
>
> Kerberos is then looking for "ldap/ldap1.example.com." instead of "ldap/ldap1.example.com"
>
> The first record simply doesn't exist in the kerberos DB.
>
> Regards,
>
> Bill Mair
>
>
More information about the core-libs-dev
mailing list