Ignore PartialResultException from LDAP.

This exception occurs when the server isn't following referrals for
you, and thus the result contains a referral. That happens when you're
using Active Directory. You almost certainly don't really want to
follow referrals in AD *anyways*, so just ignore these exceptions, so
we can still use the actual data.

Inspired by:
https://src.springframework.org/svn/spring-ldap/trunk/core/src/main/java/org/springframework/ldap/core/LdapTemplate.java

Change-Id: I484145a2e262173de6b3ac4081608bd684577916
Signed-Off-By: James Y Knight <jyknight@google.com>
(cherry picked from commit 1244ed0574)

Documentation/config-gerrit.txt

@@ -1264,9 +1264,8 @@ server is attempted.
 +
 _(Optional)_ How an LDAP referral should be handled if it is
 encountered during directory traversal.  Set to `follow` to
-automatically follow any referrals, or `ignore` to stop and fail
-with `javax.naming.PartialResultException: Unprocessed Continuation
-Reference(s)`
+automatically follow any referrals, or `ignore` to ignore the
+referrals.
 +
 By default, `ignore`.
 

gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java

@@ -38,6 +38,7 @@ import javax.naming.Context;
 import javax.naming.Name;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
+import javax.naming.PartialResultException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
@@ -168,9 +169,12 @@ import javax.net.ssl.SSLSocketFactory;
       final Attribute groupAtt = account.getAll(schema.accountMemberField);
       if (groupAtt != null) {
         final NamingEnumeration<?> groups = groupAtt.getAll();
-        while (groups.hasMore()) {
-          final String nextDN = (String) groups.next();
-          recursivelyExpandGroups(groupDNs, schema, ctx, nextDN);
+        try {
+          while (groups.hasMore()) {
+            final String nextDN = (String) groups.next();
+            recursivelyExpandGroups(groupDNs, schema, ctx, nextDN);
+          }
+        } catch (PartialResultException e) {
         }
       }
     }
@@ -203,9 +207,12 @@ import javax.net.ssl.SSLSocketFactory;
             ctx.getAttributes(compositeGroupName).get(schema.accountMemberField);
         if (in != null) {
           final NamingEnumeration<?> groups = in.getAll();
-          while (groups.hasMore()) {
-            final String nextDN = (String) groups.next();
-            recursivelyExpandGroups(groupDNs, schema, ctx, nextDN);
+          try {
+            while (groups.hasMore()) {
+              final String nextDN = (String) groups.next();
+              recursivelyExpandGroups(groupDNs, schema, ctx, nextDN);
+            }
+          } catch (PartialResultException e) {
           }
         }
       } catch (NamingException e) {
@@ -316,4 +323,4 @@ import javax.net.ssl.SSLSocketFactory;
       }
     }
   }
-}
+}

gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapQuery.java

@@ -25,6 +25,7 @@ import java.util.Set;
 
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
+import javax.naming.PartialResultException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.DirContext;
@@ -69,8 +70,11 @@ class LdapQuery {
     res = ctx.search(base, pattern.getRawPattern(), pattern.bind(params), sc);
     try {
       final List<Result> r = new ArrayList<Result>();
-      while (res.hasMore()) {
-        r.add(new Result(res.next()));
+      try {
+        while (res.hasMore()) {
+          r.add(new Result(res.next()));
+        }
+      } catch (PartialResultException e) {
       }
       return r;
     } finally {