United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-4639896 Java clients are not able to automatically follow referral using ldaps
JDK-4639896 : Java clients are not able to automatically follow referral using ldaps

Details
Type:
Bug
Submit Date:
2002-02-19
Status:
Resolved
Updated Date:
2003-04-12
Project Name:
JDK
Resolved Date:
2002-08-15
Component:
core-libs
OS:
solaris_2.6
Sub-Component:
javax.naming
CPU:
generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
1.4.0
Fixed Versions:
1.4.2 (mantis)

Related Reports

Sub Tasks

Description
Call being logged with customer using 1.4 fcs release
test case and pic19668.pcx is located in 
/net/cores.east/cores/62863535
 
Problem Description

If we setup referral from consumer to supplier server, as
ldaps://<supplier>:636/o=seagate.com,o=sds. Java clients are not able to
automatically follow referral.

Environment

- Solaris 8 with latest patches as recommended by iPlanet
- iPlanet Directory Server 4.15
- Port: 636 on consumer and supplier server is listening on SSL
- Java version 1.2.2, 1.3.1, 1.3.1s02, 1.4
- JSSE 1.02 for all java version except 1.4

Directory Server Namespace

(Embedded image moved to file: pic19668.pcx)
The seagate.com node on consumer server is smart referral to supplier
seagate.com node.

Consumer Entry

dn: o=seagate.com,o=sds
o: seagate.com
objectclass: top
objectclass: organization
objectclass: referral
ref: ldaps://<supplier>:636/o=seagate.com,o=sds

Port 636 on supplier is configured as SSL port.

> D:\MyFolder\scripts>java -cp .;D:\j2sdk1.4.0-rc\lib;d:\myfolder\scripts
> JNDITest ldaps://seagate33.conxion.seagate.com:636/  "cn=Directory Manager"
> <password>
>
> Error in init:javax.naming.NamingException: Cannot parse url:
> ldaps://seagate33.conxion.seagate.com:636/ [Root exception is
> java.net.MalformedURLException: Not an LDAP URL:
> ldaps://seagate33.conxion.seagate.com:636/]
> javax.naming.NamingException: Cannot parse url:
> ldaps://seagate33.conxion.seagate.com:636/.  Root exception is
> java.net.MalformedURLException: Not an LDAP URL:
> ldaps://seagate33.conxion.seagate.com:636/
>         at com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:68)
>         at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:58)
>         at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
>         at
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
>         at javax.naming.InitialContext.init(InitialContext.java:219)
>         at javax.naming.InitialContext.<init>(InitialContext.java:195)
>         at
> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
>         at JNDITest.main(JNDITest.java:53)
>

                                    

Comments
EVALUATION

The LDAP provider in JNDI supports LDAP connections over SSL and in J2SE v1.4
it also supports Start TLS (RFC 2830). It supports the standard LDAP URLs
(RFC 2255). It does not support URLs with the non-standard ldaps scheme.

JNDI applications that require a secure LDAP connection should use Start TLS.
The use of ldaps URLs is not recommended.
---------------------------------------------------

Deployed directory server contains 'ldaps' URLs in referral entries.
Using Start TLS can't work around this unless the application handles referrals
manually. LDAP provider should support 'ldaps' URLs in referrals and other
places where it accepts LDAP URLs (such as the initial context and provider URL). 'ldaps' is not an official standard but it does appear to be a 
de facto standard.

###@###.### 2002-04-23
                                     
2002-04-23
CONVERTED DATA

BugTraq+ Release Management Values

COMMIT TO FIX:
mantis
mantis-b02

FIXED IN:
mantis
mantis-b02

INTEGRATED IN:
mantis
mantis-b02


                                     
2004-09-02



Hardware and Software, Engineered to Work Together