Marvin Addison wrote: >> But I'm running into an error cause AD referral when we don't get user from >> CN=Users using the baseDN instead. Evry ldap search end in a partial results >> exception. To avoid that, I tried to use a ldaptempate instead of >> contextsource specifying ignorePartialResultException to true, but even if >> the exception is thrown, attribute aren't being set for the user. > > Using LdapTemplate with ignorePartialResultException=true is the best > solution available with existing components. However, it is not an > ideal solution in some cases. The JNDI envrionment variable > java.naming.referral when set to "ignore" does not enforce any > particular ordering of referrals; it may be that you have referrals > interlaced with meaningful results very early in your result set and > it's ignoring the referral prematurely such that subsequent meaningful > results are lost.
At my customer we ended up with querying AD's global catalog (GC) on a separate port instead. We had to turn on indexing for the attribute we needed (employeeNumber) so it appears in the subset of attributes replicated to the GC. Ciao, Michael. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
