Disabling Following Referrals in LDAP
50 views
Skip to first unread message
Mike
Nov 16, 2018, 10:07:34 AM11/16/18
to CAS Community
Hi. Is there any way to disable CAS 5.x from following referrals returned by Active Directory when using the root level DC=DOMAIN,DC=COM to search? I believe this was done in earlier versions by ignoring partial results. I couldn't find any properties or settings in 5.x.
2018-11-16 09:54:43,373 DEBUG [org.ldaptive.referral.SearchReferralHandler] - <Following referral with URLs: [ldaps://ForestDnsZones.DOMAIN.COM/DC=ForestDnsZones,DC=DOMAIN,DC=COM]>
Thanks,
- Mike
casuser
Nov 18, 2018, 9:06:28 PM11/18/18
to CAS Community
Hello Mike,
We are also having the same problem. Did you able to solve it?
Regards,
casuser
Nov 19, 2018, 4:57:46 AM11/19/18
to CAS Community
I have found this https://support.symantec.com/en_US/article.TECH226886.html for ldap referrel but I didn't find anything to ignore the ldap referel.
Mike
Nov 26, 2018, 12:20:33 PM11/26/18
to CAS Community
I spent hours of search and it seems there once was a "followReferrals" property that no longer works in 5.3.x. When I try setting it, the application refuses to start. I tried all kinds of properties without success. From what I can tell, it looks like the property may have existed in CAS 4.x and must have been removed in 5.x (just my guess).
https://github.com/apereo/cas/blob/master/docs/cas-server-documentation/configuration/Configuration-Properties-Common.md
I ended up grabbing the source code for ldaptive and recompiling it with the referral-following block commented out (AbstractReferralHandler.java). It's not the best solution but it works and appears to be the only way.
I ended up grabbing the source code for ldaptive and recompiling it with the referral-following block commented out (AbstractReferralHandler.java). It's not the best solution but it works and appears to be the only way.
- Mike
Andy Ng
Nov 26, 2018, 8:50:24 PM11/26/18
to CAS Community
Hi all,
From what I can tell, followReferrals doesn't seems to be in CAS 5.3.x branch, but it seems to be in the CAS master branch.
See the properties followReferrals here: https://github.com/apereo/cas/blob/master/api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/support/ldap/AbstractLdapProperties.java#L203
See the properties followReferrals here: https://github.com/apereo/cas/blob/master/api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/support/ldap/AbstractLdapProperties.java#L203
Maybe it was being dropped in CAS 5.x, then re-added back to CAS 6.x once it launches? Idk much about this "followReferrals" and what it does so can't research further...
Cheers!
- Andy
Reply all
Reply to author
Forward
0 new messages