...
It is completely the responsibility of the core-jndi module to handle the expected modes and behavior for JNDI LDAP providers while dealing with referrals. Likewise the protocol-ldap module is responsible for complying with LDAP specification requirements concerning the handling of referral entries with and without the presence of the ManageDSAiT Control.
| Note |
|---|
This will be changed back to what we had before. Handling referrals at the protocol level is a real burden, as we have to do a second request (a lookup) to check that the manipulated entry is a referral or not. As it's very unlikely that entries are referrals, this might add an extra time to do the operations, when it's not necessary. Adding a cache to avoid this double lookup helps, obviously, but it can't be done efficiently into the protocol part, as we have to store normalized values of the cached elements, which is done in the Normalizer interceptor. Plus adding the fact that we can't deal with access control at the protocol level forbid the usage of a cache storing entries. For these reasons, I do think that handling referrals in an interceptor is the good way to do. |
Motivation for Changes
The big bang effort to refactor JNDI constructs out of the server achieved many of it's intended goals. JNDI was complicating the picture and often causing an impedance mismatch if not complete confusion on how to bridge between JNDI and the protocol. There was too much complexity as a result.
...