RFR: 8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
Aleksei Efimov
aefimov at openjdk.java.net
Thu May 12 10:28:20 UTC 2022
On Wed, 20 Oct 2021 13:35:22 GMT, Martin Balao <mbalao at openjdk.org> wrote:
> I'd like to propose a fix for JDK-8275535. This fix reverts the behavior to the state previous to JDK-8160768, where an authentication failure stops from trying other LDAP servers with the same credentials [1]. After JDK-8160768 we have 2 possible loops to stop: the one that iterates over different URLs and the one that iterates over different endpoints (after a DNS query that returns multiple values).
>
> No test regressions observed in jdk/com/sun/jndi/ldap.
>
> --
> [1] - https://hg.openjdk.java.net/jdk/jdk/rev/a609d549992a#l2.137
Hi @martinuy,
I think this fix is in a good state: code changes look good, the CSR is approved and our CI shows no JNDI test failures related to this change.
As it was mentioned before the only thing we're waiting for is a bug logged for a test addition with a scenario of how issue can be reproduced. If it is not feasible to do that we can proceed without it - I will log a bug and will use a Spring reproducer shared by Carsten (thank you) as a starting point.
Therefore, I'm approving this change.
-------------
Marked as reviewed by aefimov (Committer).
PR: https://git.openjdk.java.net/jdk/pull/6043
More information about the core-libs-dev
mailing list