opendev/gerrit
Code Issues Proposed changes

Fix javax.naming.PartialResultException: Unprocessed Continuation

Browse Source 
Reference(s) using ldap authentication

Change-Id: Ibbae91747979be8ddbe01ce1977f3a194fa210db
This commit is contained in:
Ben Wu
2010-06-04 16:17:24 +08:00
committed by Shawn O. Pearce
parent f5887c01bf
commit 0410a15d3f
2 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Documentation/config-gerrit.txt
View File

@@ -1086,6 +1086,16 @@ _(Optional)_ Password for the user identified by `ldap.username`.
If not set, an anonymous (or passwordless) connection to the LDAP If not set, an anonymous (or passwordless) connection to the LDAP
server is attempted. server is attempted.
[[ldap.referral]]ldap.referral::
+
_(Optional)_ How an LDAP referral should be handled if it is
encountered during directory traversal. Set to `follow` to
automatically follow any referrals, or `ignore` to stop and fail
with `javax.naming.PartialResultException: Unprocessed Continuation
Reference(s)`
+
By default, `ignore`.
[[ldap.accountBase]]ldap.accountBase:: [[ldap.accountBase]]ldap.accountBase::
+ +
Root of the tree containing all user accounts. This is typically Root of the tree containing all user accounts. This is typically

4
gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
View File

@@ -74,6 +74,7 @@ class LdapRealm implements Realm {
private final String server; private final String server;
private final String username; private final String username;
private final String password; private final String password;
private final String referral;
private final boolean sslVerify; private final boolean sslVerify;
private final AuthConfig authConfig; private final AuthConfig authConfig;
@@ -105,6 +106,7 @@ class LdapRealm implements Realm {
this.server = required(config, "server"); this.server = required(config, "server");
this.username = optional(config, "username"); this.username = optional(config, "username");
this.password = optional(config, "password"); this.password = optional(config, "password");
this.referral = optional(config, "referral");
this.sslVerify = config.getBoolean("ldap", "sslverify", true); this.sslVerify = config.getBoolean("ldap", "sslverify", true);
this.readOnlyAccountFields = new HashSet<Account.FieldName>(); this.readOnlyAccountFields = new HashSet<Account.FieldName>();
@@ -467,6 +469,7 @@ class LdapRealm implements Realm {
env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, username); env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password != null ? password : ""); env.put(Context.SECURITY_CREDENTIALS, password != null ? password : "");
env.put(Context.REFERRAL, referral != null ? referral : "ignore");
} }
return new InitialDirContext(env); return new InitialDirContext(env);
} }
@@ -477,6 +480,7 @@ class LdapRealm implements Realm {
env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, dn); env.put(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, password != null ? password : ""); env.put(Context.SECURITY_CREDENTIALS, password != null ? password : "");
env.put(Context.REFERRAL, referral != null ? referral : "ignore");
try { try {
return new InitialDirContext(env); return new InitialDirContext(env);
} catch (NamingException e) { } catch (NamingException e) {