Hi All Please take a review at
http://cr.openjdk.java.net/~weijun/8149521/webrev.00/ While the bug report [1] suggests we can fix com.sun.jndi.ldap.ServiceLocator to emit a trail-dot-less hostname, I am not sure if it's safe to do so. Anyway, the failure is on the Kerberos side and I believe this is a regression since we stop canonicalizing the hostname. Therefore I prefer to do a small "normalization" inside PrincipalName. Thanks Max [1] https://bugs.openjdk.java.net/browse/JDK-8149521
