Add JDK-8275535 patch to fix LDAP authentication issue.
Related: RHEL-45216
This commit is contained in:
parent
71bdf191f1
commit
8000ad05ee
@ -334,7 +334,7 @@
|
||||
%global top_level_dir_name %{origin}
|
||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||
%global buildver 8
|
||||
%global rpmrelease 6
|
||||
%global rpmrelease 7
|
||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||
%if %is_system_jdk
|
||||
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
|
||||
@ -1249,6 +1249,8 @@ Patch1016: rh2021263-fips_separate_policy_and_fips_init.patch
|
||||
# OpenJDK patches in need of upstreaming
|
||||
#
|
||||
#############################################
|
||||
# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
|
||||
Patch2000: jdk8275535-rh2053256-ldap_auth.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -1677,6 +1679,8 @@ popd # openjdk
|
||||
%patch1015
|
||||
%patch1016
|
||||
|
||||
%patch2000
|
||||
|
||||
# Extract systemtap tapsets
|
||||
%if %{with_systemtap}
|
||||
tar --strip-components=1 -x -I xz -f %{SOURCE8}
|
||||
@ -2448,6 +2452,10 @@ cjc.mainProgram(args)
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Feb 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-7
|
||||
- Add JDK-8275535 patch to fix LDAP authentication issue.
|
||||
- Related: RHEL-45216
|
||||
|
||||
* Mon Feb 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-6
|
||||
- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
|
||||
- Related: RHEL-45216
|
||||
|
26
jdk8275535-rh2053256-ldap_auth.patch
Normal file
26
jdk8275535-rh2053256-ldap_auth.patch
Normal file
@ -0,0 +1,26 @@
|
||||
diff --git openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
index 70903206ea0..09956084cf9 100644
|
||||
--- openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
+++ openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
@@ -189,6 +189,10 @@ public final class LdapCtxFactory implements ObjectFactory, InitialContextFactor
|
||||
ctx = getLdapCtxFromUrl(
|
||||
r.getDomainName(), url, new LdapURL(u), env);
|
||||
return ctx;
|
||||
+ } catch (AuthenticationException e) {
|
||||
+ // do not retry on a different endpoint to avoid blocking
|
||||
+ // the user if authentication credentials are wrong.
|
||||
+ throw e;
|
||||
} catch (NamingException e) {
|
||||
// try the next element
|
||||
lastException = e;
|
||||
@@ -241,6 +245,10 @@ public final class LdapCtxFactory implements ObjectFactory, InitialContextFactor
|
||||
for (String u : urls) {
|
||||
try {
|
||||
return getUsingURL(u, env);
|
||||
+ } catch (AuthenticationException e) {
|
||||
+ // do not retry on a different URL to avoid blocking
|
||||
+ // the user if authentication credentials are wrong.
|
||||
+ throw e;
|
||||
} catch (NamingException e) {
|
||||
ex = e;
|
||||
}
|
Loading…
Reference in New Issue
Block a user