Ignore PartialResultException from LDAP.

This exception occurs when the server isn't following referrals for you, and thus the result contains a referral. That happens when you're using Active Directory. You almost certainly don't really want to follow referrals in AD *anyways*, so just ignore these exceptions, so we can still use the actual data. Inspired by: https://src.springframework.org/svn/spring-ldap/trunk/core/src/main/java/org/springframework/ldap/core/LdapTemplate.java Change-Id: I484145a2e262173de6b3ac4081608bd684577916 Signed-Off-By: James Y Knight <jyknight@google.com> (cherry picked from commit 1244ed057467ae07f4f0c6a7d70104ed3a5117dd)
author: James Y Knight <jyknight@google.com> 2011-01-04 02:40:32 -0500
committer: Shawn O. Pearce <sop@google.com> 2011-06-24 09:21:38 -0700
commit: 773e8e30f1ca2277d54480e0502ac5433a9442a1 (patch)
tree: 7ea007c9ccc08f87b6543fa62f8bbda938895b7d
parent: 30174be3842e3167ff01b76ff85811b013dca601 (diff)
3 files changed, 22 insertions, 12 deletions
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt
index decbc728f1..8f751b4f8c 100644
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -1264,9 +1264,8 @@ server is attempted.
 +
 _(Optional)_ How an LDAP referral should be handled if it is
 encountered during directory traversal.  Set to `follow` to
-automatically follow any referrals, or `ignore` to stop and fail
-with `javax.naming.PartialResultException: Unprocessed Continuation
-Reference(s)`
+automatically follow any referrals, or `ignore` to ignore the
+referrals.
 +
 By default, `ignore`.
 
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java
index 675202cc4d..a9ea853557 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java
@@ -38,6 +38,7 @@ import javax.naming.Context;
 import javax.naming.Name;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
+import javax.naming.PartialResultException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
@@ -168,9 +169,12 @@ import javax.net.ssl.SSLSocketFactory;
       final Attribute groupAtt = account.getAll(schema.accountMemberField);
       if (groupAtt != null) {
         final NamingEnumeration<?> groups = groupAtt.getAll();
-        while (groups.hasMore()) {
-          final String nextDN = (String) groups.next();
-          recursivelyExpandGroups(groupDNs, schema, ctx, nextDN);
+        try {
+          while (groups.hasMore()) {
+            final String nextDN = (String) groups.next();
+            recursivelyExpandGroups(groupDNs, schema, ctx, nextDN);
+          }
+        } catch (PartialResultException e) {
         }
       }
     }
@@ -203,9 +207,12 @@ import javax.net.ssl.SSLSocketFactory;
             ctx.getAttributes(compositeGroupName).get(schema.accountMemberField);
         if (in != null) {
           final NamingEnumeration<?> groups = in.getAll();
-          while (groups.hasMore()) {
-            final String nextDN = (String) groups.next();
-            recursivelyExpandGroups(groupDNs, schema, ctx, nextDN);
+          try {
+            while (groups.hasMore()) {
+              final String nextDN = (String) groups.next();
+              recursivelyExpandGroups(groupDNs, schema, ctx, nextDN);
+            }
+          } catch (PartialResultException e) {
           }
         }
       } catch (NamingException e) {
@@ -316,4 +323,4 @@ import javax.net.ssl.SSLSocketFactory;
       }
     }
   }
-}
-\ No newline at end of file
+}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapQuery.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapQuery.java
index 70ce779140..7d1e37d88f 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapQuery.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapQuery.java
@@ -25,6 +25,7 @@ import java.util.Set;
 
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
+import javax.naming.PartialResultException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.DirContext;
@@ -69,8 +70,11 @@ class LdapQuery {
     res = ctx.search(base, pattern.getRawPattern(), pattern.bind(params), sc);
     try {
       final List<Result> r = new ArrayList<Result>();
-      while (res.hasMore()) {
-        r.add(new Result(res.next()));
+      try {
+        while (res.hasMore()) {
+          r.add(new Result(res.next()));
+        }
+      } catch (PartialResultException e) {
       }
       return r;
     } finally {
author	James Y Knight <jyknight@google.com>	2011-01-04 02:40:32 -0500
committer	Shawn O. Pearce <sop@google.com>	2011-06-24 09:21:38 -0700
commit	773e8e30f1ca2277d54480e0502ac5433a9442a1 (patch)
tree	7ea007c9ccc08f87b6543fa62f8bbda938895b7d
parent	30174be3842e3167ff01b76ff85811b013dca601 (diff)