JDK-4639896 : Java clients are not able to automatically follow referral using ldaps
  • Type: Bug
  • Component: core-libs
  • Sub-Component: javax.naming
  • Affected Version: 1.4.0
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • OS: solaris_2.6
  • CPU: generic
  • Submitted: 2002-02-19
  • Updated: 2003-04-12
  • Resolved: 2002-08-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
1.4.2 mantisFixed
Call being logged with customer using 1.4 fcs release
test case and pic19668.pcx is located in 
Problem Description

If we setup referral from consumer to supplier server, as
ldaps://<supplier>:636/o=seagate.com,o=sds. Java clients are not able to
automatically follow referral.


- Solaris 8 with latest patches as recommended by iPlanet
- iPlanet Directory Server 4.15
- Port: 636 on consumer and supplier server is listening on SSL
- Java version 1.2.2, 1.3.1, 1.3.1s02, 1.4
- JSSE 1.02 for all java version except 1.4

Directory Server Namespace

(Embedded image moved to file: pic19668.pcx)
The seagate.com node on consumer server is smart referral to supplier
seagate.com node.

Consumer Entry

dn: o=seagate.com,o=sds
o: seagate.com
objectclass: top
objectclass: organization
objectclass: referral
ref: ldaps://<supplier>:636/o=seagate.com,o=sds

Port 636 on supplier is configured as SSL port.

> D:\MyFolder\scripts>java -cp .;D:\j2sdk1.4.0-rc\lib;d:\myfolder\scripts
> JNDITest ldaps://seagate33.conxion.seagate.com:636/  "cn=Directory Manager"
> <password>
> Error in init:javax.naming.NamingException: Cannot parse url:
> ldaps://seagate33.conxion.seagate.com:636/ [Root exception is
> java.net.MalformedURLException: Not an LDAP URL:
> ldaps://seagate33.conxion.seagate.com:636/]
> javax.naming.NamingException: Cannot parse url:
> ldaps://seagate33.conxion.seagate.com:636/.  Root exception is
> java.net.MalformedURLException: Not an LDAP URL:
> ldaps://seagate33.conxion.seagate.com:636/
>         at com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:68)
>         at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:58)
>         at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
>         at
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
>         at javax.naming.InitialContext.init(InitialContext.java:219)
>         at javax.naming.InitialContext.<init>(InitialContext.java:195)
>         at
> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
>         at JNDITest.main(JNDITest.java:53)

CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: mantis mantis-b02 FIXED IN: mantis mantis-b02 INTEGRATED IN: mantis mantis-b02

EVALUATION The LDAP provider in JNDI supports LDAP connections over SSL and in J2SE v1.4 it also supports Start TLS (RFC 2830). It supports the standard LDAP URLs (RFC 2255). It does not support URLs with the non-standard ldaps scheme. JNDI applications that require a secure LDAP connection should use Start TLS. The use of ldaps URLs is not recommended. --------------------------------------------------- Deployed directory server contains 'ldaps' URLs in referral entries. Using Start TLS can't work around this unless the application handles referrals manually. LDAP provider should support 'ldaps' URLs in referrals and other places where it accepts LDAP URLs (such as the initial context and provider URL). 'ldaps' is not an official standard but it does appear to be a de facto standard. ###@###.### 2002-04-23