On Wed, 20 Oct 2021 13:35:22 GMT, Martin Balao <mba...@openjdk.org> wrote:
> I'd like to propose a fix for JDK-8275535. This fix reverts the behavior to > the state previous to JDK-8160768, where an authentication failure stops from > trying other LDAP servers with the same credentials [1]. After JDK-8160768 we > have 2 possible loops to stop: the one that iterates over different URLs and > the one that iterates over different endpoints (after a DNS query that > returns multiple values). > > No test regressions observed in jdk/com/sun/jndi/ldap. > > -- > [1] - https://hg.openjdk.java.net/jdk/jdk/rev/a609d549992a#l2.137 Hi Martin, The change looks reasonable to me. I would suggest having a CSR logged for this change due to the following [behavioral incompatibility](https://wiki.openjdk.java.net/display/csr/Kinds+of+Compatibility): Before the change - all available endpoints/URLs are tried to create an LDAP context. With the proposed change - incorrect credentials will prevent other endpoints to be exercised to create an LDAP context. Having a CSR will also help to document difference in handling `AuthenticationException` and `NamingException` during construction of an LDAP context from the list of endpoints acquired from a LDAP DNS provider. ------------- PR: https://git.openjdk.java.net/jdk/pull/6043
