[JDK-8275535] Retrying a failed authentication on multiple LDAP servers can lead to users blocked - Java Bug System

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: P4
Resolution: Fixed
Affects Version/s: 8u261, 11.0.8-oracle, 17
Fix Version/s: 19
Component/s: core-libs
Labels:
- noreg-trivial
- regression

Subcomponent:
javax.naming
Resolved In Build:
b23
CPU:

generic
OS:

generic

Description

After ~~JDK-8160768~~, the behavior upon a failed LDAP authentication changed: instead of aborting the operation with an AuthenticationException exception, all available LDAP servers are tried with the same credentials. Note that the credentials might be wrong because of an error when the user entered them (i.e.: a typo). If this is the case, the user may be blocked on all LDAP servers after a single operation because of exceeding the maximum number of authentication failures. In my view, an authentication error means that the LDAP server is alive and there is no need to iterate to a different endpoint.

Attachments

Issue Links

csr for

JDK-8276959 Retrying a failed authentication on multiple LDAP servers can lead to users blocked

Closed

relates to

JDK-8160768 Add capability to custom resolve host/domain names within the default JNDI LDAP provider

Resolved

links to

Commit openjdk/jdk/3be394e1

Review openjdk/jdk/6043

Activity

People

Assignee:: Martin Balao

Reporter:: Martin Balao

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2021-10-19 12:52

Updated:: 5 days ago 23:16

Resolved:: 2022-05-12 09:21