Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8275535

Retrying a failed authentication on multiple LDAP servers can lead to users blocked

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: 8u261, 11.0.8-oracle, 17
    • Fix Version/s: 19
    • Component/s: core-libs
    • Subcomponent:
    • Resolved In Build:
      b23
    • CPU:
      generic
    • OS:
      generic

      Description

      After JDK-8160768, the behavior upon a failed LDAP authentication changed: instead of aborting the operation with an AuthenticationException exception, all available LDAP servers are tried with the same credentials. Note that the credentials might be wrong because of an error when the user entered them (i.e.: a typo). If this is the case, the user may be blocked on all LDAP servers after a single operation because of exceeding the maximum number of authentication failures. In my view, an authentication error means that the LDAP server is alive and there is no need to iterate to a different endpoint.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mbalao Martin Balao
              Reporter:
              mbalao Martin Balao
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: