(doris) branch master updated: [fix](auth)ldap template ignore partial result exception (#47858)

Tue, 25 Feb 2025 23:00:54 -0800 

This is an automated email from the ASF dual-hosted git repository.

morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git


The following commit(s) were added to refs/heads/master by this push:
     new 8f0ec1cc6f1 [fix](auth)ldap template ignore partial result exception 
(#47858)
8f0ec1cc6f1 is described below

commit 8f0ec1cc6f1e87e3fc5349e81c3217cdf3647e8e
Author: zhangdong <zhangd...@selectdb.com>
AuthorDate: Wed Feb 26 14:59:44 2025 +0800

    [fix](auth)ldap template ignore partial result exception (#47858)
    
    ### What problem does this PR solve?
    
    ldap template sometimes throw exception:
    ```
    org.springframework.ldap.PartialResultException: Unprocessed Continuation 
Reference(s); nested exception is javax.naming.PartialResultException: 
Unprocessed Continuation Reference(s); remaining name '/'
    ```
    Explanation of Spring
    ```
    Specify whether PartialResultException should be ignored in searches. AD 
servers typically have a problem with referrals. Normally a referral should be 
followed automatically, but this does not seem to work with AD servers. The 
problem manifests itself with a a PartialResultException being thrown when a 
referral is encountered by the server. Setting this property to true presents a 
workaround to this problem by causing PartialResultException to be ignored, so 
that the search method re [...]
    ```
---
 .../main/java/org/apache/doris/mysql/authenticate/ldap/LdapClient.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapClient.java
 
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapClient.java
index 8d1304658ff..3ae96945296 100644
--- 
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapClient.java
+++ 
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapClient.java
@@ -72,6 +72,7 @@ public class LdapClient {
             contextSource.setPassword(ldapPassword);
             contextSource.afterPropertiesSet();
             ldapTemplateNoPool = new LdapTemplate(contextSource);
+            ldapTemplateNoPool.setIgnorePartialResultException(true);
         }
 
         private void setLdapTemplatePool(String ldapPassword) {
@@ -100,6 +101,7 @@ public class LdapClient {
 
             TransactionAwareContextSourceProxy proxy = new 
TransactionAwareContextSourceProxy(poolingContextSource);
             ldapTemplatePool = new LdapTemplate(proxy);
+            ldapTemplatePool.setIgnorePartialResultException(true);
         }
 
         public boolean checkUpdate(String ldapPassword) {
@@ -145,6 +147,7 @@ public class LdapClient {
                     .filter(getUserFilter(LdapConfig.ldap_user_filter, 
userName)), password);
             return true;
         } catch (Exception e) {
+            LOG.info("ldap client checkPassword failed, userName: {}", 
userName, e);
             return false;
         }
     }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org

Reply via email to