Announcement Announcement Module
Collapse
No announcement yet.
Spring-LDAP and AD Global Catalog Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring-LDAP and AD Global Catalog

    Hi,

    I am trying to connect to an Active Directory Global Catalog with Spring-LDAP that has the following configuration:

    Global Catalog Server (catalogserver.company.com)
    --> domain1.company.com
    --> domain2.company.com

    If I look at the Global Catalog using LDAPBrowser it shows the main server and referrals to the other domain servers.

    If I perform a search on one of the domain servers, I receive results properly. If I start the search at the Global Catalog, then I get a PartialResultException. I try to skip over it by setting setIgnorePartialResultException to true which does skip over the error, but I cannot seem to get any results back. Here is my code (no Spring Beans):

    Thanks,
    Eric

    try
    {
    LdapContextSource contextSource = new LdapContextSource();
    contextSource.setAnonymousReadOnly(false);

    contextSource.setBase("dc=company,dc=com");
    contextSource.setUserName("[email protected] om");
    contextSource.setPassword("password");
    contextSource.setUrl("ldap://catalogserver.company.com:389");
    contextSource.setPooled(false);

    contextSource.setDirObjectFactory(DefaultDirObject Factory.class);
    contextSource.setBaseEnvironmentProperties(new HashMap());
    contextSource.afterPropertiesSet();

    LdapTemplate ldapTemplate = new LdapTemplate(contextSource);
    ldapTemplate.setIgnorePartialResultException(true) ;
    ldapTemplate.afterPropertiesSet();

    SearchControls controls = new SearchControls();
    controls.setTimeLimit(0);
    controls.setCountLimit(0);
    controls.setSearchScope(SearchControls.SUBTREE_SCO PE);

    List returnList = ldapTemplate.search("",
    "(cn=*)", controls, new AttributesMapper()
    {
    public Object mapFromAttributes(Attributes attrs)
    throws NamingException {
    System.out.println(attrs.get("cn").get());
    return attrs.get("cn").get();
    }
    });
    }
    catch (Exception e)
    {
    e.printStackTrace();
    }

  • #2
    There's a known problem with AD and referrals. It seems that AD is not able to automatically follow referrals, which causes a PartialResultException to be thrown in such situations. The ignorePartialResultException property is intended to avoid crash when this problem occurs, as it is quite common that you're really not that interested in the referral result.

    As I understand it, the only way to make referrals work with AD is to handle it 'manually', in the code. Unfortunately this is currently not supported in Spring LDAP in the current version. There is however a Jira issue on this here. If you feel very strongly that it should be included you should vote for the issue; we're pretty swamped and need help to choose which issues to prioritize.

    Comment


    • #3
      referral property

      I believe this can be handled by setting the property "java.naming.referral" to "follow" in your base environment properties. I have done this in the past with Active Directory and it did eliminate the referral exceptions in my jndi code. See Referrals in the JNDI in Sun's jndi tutorial for more information.

      Unfortunately, I don't have access to an AD forest to test that property so please update this thread or the Jira issue with your results.

      Comment

      Working...
      X