If you try to, you get an error like this.
ERROR com.google.gerrit.server.auth.ldap.LdapRealm : Cannot query LDAP to autenticate user
javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=example,DC=com'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
at com.google.gerrit.server.auth.ldap.LdapQuery.query(LdapQuery.java:72)
at com.google.gerrit.server.auth.ldap.Helper.findAccount(Helper.java:121)
at com.google.gerrit.server.auth.ldap.LdapRealm.authenticate(LdapRealm.java:194)
at com.google.gerrit.server.account.AccountManager.authenticate(AccountManager.java:106)
at com.google.gerrit.httpd.auth.ldap.UserPassAuthServiceImpl.authenticate(UserPassAuthServiceImpl.java:58)
[[[snip]]]
I've seen recommendations to use "referrals = follow" mode, but for some reason I couldn't get that to work. And, really, I don't *want* to follow the referrals, I want to *IGNORE* them. I don't know why Java thinks that the default "ignore" should mean "throw an exception". But anyways, since it does, I think gerrit should ignore that exception -- it isn't saying anything useful, it's just reporting that there's an unfollowed referral in the result, exactly the desired outcome.
|
0002-Ignore-PartialResultException-from-LDAP.patch
4.1 KB
View
Download
|