RFR: 8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
Michael Osipov
duke at openjdk.java.net
Fri Dec 17 19:18:25 UTC 2021
On Thu, 16 Dec 2021 01:23:11 GMT, Martin Balao <mbalao at openjdk.org> wrote:
>> Hi @AlekseiEfimov
>>
>> Can you please review the CSR [1]?
>>
>> Thanks,
>> Martin.-
>>
>> --
>> [1] - https://bugs.openjdk.java.net/browse/JDK-8276959
>
>> @martinuy This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!
>
> Please do not close, waiting for CSR approval.
@martinuy, I am the reporter of JDK-8160768. Regarding this PR, isn't everything protocol related a fail-fast issue? E.g., if the socket is up and running, but the LDAP message is rejected can we assume that all subsequent servers for the same resolution will reject the request as well before authentication has happened?
The purpose of JDK-8160768 was to discover LDAP servers and connect to the first one reachable. BTW, this code has been running for years now at work: https://github.com/michael-o/activedirectory-dns-locator
-------------
PR: https://git.openjdk.java.net/jdk/pull/6043
More information about the core-libs-dev
mailing list