Task #7391 (closed)
Opened 12 years ago
Closed 12 years ago
Bug: Better handling of LDAP referrals
Reported by: | cxallan | Owned by: | cxallan |
---|---|---|---|
Priority: | blocker | Milestone: | OMERO-4.4 |
Component: | Security | Version: | n.a. |
Keywords: | n.a. | Cc: | jamoore, rfb@… |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | 0.0d |
Sprint: | 2012-04-10 (12) |
Description
In certain cases, notably with more sophisticated AD setups, extensive use of LDAP referrals is made. The current Spring Security and Spring LDAP configuration does not support referrals early in the hierarchy. Example error from http://www.openmicroscopy.org/community/viewtopic.php?f=5&t=941:
2011-12-07 09:47:41,610 INFO [ ome.services.util.ServiceHandler] (l.Server-8) Excp: org.springframework.ldap.PartialResultException: Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name '' 2011-12-07 09:47:41,611 ERROR [services.blitz.fire.PermissionsVerifierI] (l.Server-8) Exception thrown while checking password for:#### ome.conditions.InternalException: Wrapped Exception: (org.springframework.ldap.PartialResultException): Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ''
Change History (11)
comment:1 Changed 12 years ago by cxallan
- Owner set to cxallan
- Remaining Time set to 1.0
- Sprint set to 2011-12-27 (5)
- Status changed from new to accepted
comment:2 Changed 12 years ago by cxallan
comment:3 Changed 12 years ago by jburel
- Sprint changed from 2012-01-03 (5) to 2012-01-17 (6)
Moved from sprint 2012-01-03 (5)
comment:4 Changed 12 years ago by jmoore <josh@…>
(In [94707751638aedea9625c86bbd184c7fa5ec8848/ome.git]) Make LDAP referral handling configurable. (See #7391)
comment:5 Changed 12 years ago by jburel
- Sprint changed from 2012-01-17 (6) to 2012-01-31 (7)
Moved from sprint 2012-01-17 (6)
comment:6 Changed 12 years ago by jmoore
- Sprint changed from 2012-01-31 (7) to 2012-02-14 (8)
Moved from sprint 2012-01-31 (7)
comment:7 Changed 12 years ago by jburel
- Sprint changed from 2012-02-14 (8) to 2012-02-28 (9)
Moved from sprint 2012-02-14 (8)
comment:8 Changed 12 years ago by jburel
- Sprint changed from 2012-02-28 (9) to 2012-03-13 (10)
Moved from sprint 2012-02-28 (9)
comment:9 Changed 12 years ago by jburel
- Sprint changed from 2012-03-13 (10) to 2012-03-27 (11)
Moved from sprint 2012-03-13 (10)
comment:10 Changed 12 years ago by jburel
- Sprint changed from 2012-03-27 (11) to 2012-04-10 (12)
Chris is off, moving to next sprint
comment:11 Changed 12 years ago by cxallan
- Remaining Time changed from 1.0 to 0
- Resolution set to fixed
- Status changed from accepted to closed
The code for this is in and we've tested as best we can without having an exact replica of the AD referral in place. Closing. The fixes will released as part of milestone:OMERO-Beta4.4.
The first step, making LDAP referral handling configurable is now on my GitHub branch: