This bug causes the following exception:
org.acegisecurity.AuthenticationServiceException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: example.com:389 [Root exception is java.net.ConnectException: Connection refused: connect]]; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: example.com:389 [Root exception is java.net.ConnectException: Connection refused: connect]]
It appears that Jenkins still throws an exception when 'Context.REFERRAL' is set to 'ignore'.
org.acegisecurity.AuthenticationServiceException: LdapCallback;Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ''; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ''
If you set your root DN one level deep, like "OU=Site,DC=example,DC=com" then it will work correctly. This doesn't work if you need to validate from the root level. I think the correct fix is to:
a) do not throw an exception if the referral connection is refused, just log it as a warning
b) if Context.REFERRAL is 'ignore', do not follow referrals or throw an exception when referral is hit
I tried how much time it takes to login while using any of the 3 variants and it takes too much time in all case ~14 seconds.
Any other ideas?