Jama Backstage: Active Directory & ...

Up to Discussions in Contour Support

4 Replies Last post: Jun 12, 2008 9:15 PM by Sean Tong

ankur sethi

2 posts since
Jun 11, 2008

Currently Being Moderated

Jun 11, 2008 2:48 PM

Active Directory & javax.naming.PartialResultException

In our organization we have setup a number of applications with active directory authentication. SugarCRM, Subversion through Apache LDAP authentication, Jira, Replicon Web timesheet. I used the same settings for Jama but it does not work and throws this error:

message[org.springframework.ldp.UncategorizedLdapException: Operation failed; nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reerence(s); remaining name '']

I was trying to read about this online, there is some issue with "referrals" from an Active Directory because of how the directory tree is traversed.

Other references to javax.naming.PartialResultException suggest setting

the java.naming.referral property in the LDAP properties to follow

referrals, which JNDI does not do by default.

Please see this thread:

http://mail-archives.apache.org/mod_mbox/tomcat-users/200611.mbox/%3CC16E4268.9601B%25mwarren@hnw.com%3E //mail-archives.apache.org/mod_mbox/tomcat-users/200611.mbox/%3CC16E4268.9601B%25mwarren@hnw.com%3E

Basically the referral="follow" must be set:

http://wiki.apache.org/tomcat/JNDI_HowTo

Can someone get back to us if this can be corrected on the application or is it something we can do ourselves? We just installed this for evaluation.

Thanks,,

Ankur

Tags: ad, active, directory, authentication, jndi, referalls

Sean Tong

11 posts since
Jun 11, 2007

Currently Being Moderated

1. Jun 11, 2008 9:52 PM

in response to: ankur sethi

Re: Active Directory & javax.naming.PartialResultException

Ankur,

We saw this error before when the baseDN was too generic. You can try to use a more specific baseDN (adding OU etc) to see if it works.

This may have something to do with the referral property and we'll be looking into that.

Thanks,

Sean Tong

Sean Tong

11 posts since
Jun 11, 2007

Currently Being Moderated

2. Jun 11, 2008 9:56 PM

in response to: ankur sethi

Re: Active Directory & javax.naming.PartialResultException

I did some some research and it turns out that the Spring-LDAP library we are using in our app doesn't not support following referrals for AD. It is a requested feature though. See the link below:

http://jira.springframework.org/browse/LDAP-9

There also seems to be an issue with Java handling referrals for Active Directory:

http://java.sun.com/products/jndi/tutorial/ldap/referral/jndi.html

We will see if there is work-around for this.

Sean

ankur sethi

2 posts since
Jun 11, 2008

Currently Being Moderated

3. Jun 12, 2008 7:00 AM

in response to: Sean Tong

Re: Active Directory & javax.naming.PartialResultException

Sean,

Thanks for the response. Actually the bind account that i am using is not in the same OU as the user accounts. That is probably the problem. IN the mean time I can setup a new bind account in the same OU, but it still may not work since some of our users are in a subtree of that.

This should be made to work since as I said this applicatin is the only one that had an issue, we use Jira, Subversion, SugarCRM, timesheet and maybe one or two other apps with AD without any issue with the same bind user.

Thanks,

Ankur Sethi

Sean Tong

11 posts since
Jun 11, 2007

Currently Being Moderated

4. Jun 12, 2008 9:15 PM

in response to: ankur sethi

Re: Active Directory & javax.naming.PartialResultException

Ankur,

We have added this defect to our roadmap We'll let you know when it's fixed.

About the BindDN, we do have a customer whose bindDn is not on same the OU as the baseDN and it worked for them. They had the same PartialResultException initially and got it to work after they made the baseDN more specific by adding an OU.

Thanks again for your help with trouble-shooting the issue.

Sean

Go to original post