16

I am basically walking the LDAP tree in Active Directory.

At each level I query for "(objectClass=*)". When I do this on the root eg "dc=example,dc=com" I get the exception below. This works fine on our other LDAP instances. For some reason only on our Active Directory server I get this exception. I also get the same exception when using JXplorer on our Active Directory server.

From reading around online I found people saying you should turn on following, not sure what that means... So on my controls object (javax.naming.directory.SearchControls) that I pass with the query I call searchControls.setDerefLinkFlag(true). I also have tried setting it to false with the same result. Any a suggestions on what else could cause this? Maybe how I could fix it?

Note: In this post I changed the baseDn from dc=<my company domain> to example for my companies privacy.

javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=example,dc=com'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at com.motio.pi.gui.panels.useraccess.ldap.LDAPConnector.query(LDAPConnector.java:262)
at com.motio.pi.gui.selector.directory.CognosDirectoryBrowserController.expandCognosTreeNode(CognosDirectoryBrowserController.java:99)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.motio.pi.utils.PIThreadDelegate$1.run(PIThreadDelegate.java:54)
at java.lang.Thread.run(Thread.java:662)
ROMANIA_engineer
  • 54,432
  • 29
  • 203
  • 199
startoftext
  • 3,846
  • 7
  • 40
  • 49

2 Answers2

31

So when I was creating my naming context with the method:

javax.naming.ldap.InitialLdapContext.InitialLdapContext(
   Hashtable<?, ?> environment, Control[] connCtls)

In the argument environment there is a property with the name Context.REFERRAL and its value should be set to: follow. This was the setting that I needed.

LisaMM
  • 675
  • 1
  • 16
  • 28
startoftext
  • 3,846
  • 7
  • 40
  • 49
  • 2
    @startoftext: of-course it solves the PartialResultException problem, but it makes the search slower. Pls Refer http://stackoverflow.com/questions/14136091/ldap-search-is-very-slow. In fact, with 'follow' it takes 4 secs and without 'follow' it takes 1 sec for me. Please advice, if you have any solution for it. – Karthik Bose May 07 '13 at 05:31
  • @Karthik Bose I am not working with ldap any more so sorry I cant help. – startoftext May 07 '13 at 17:11
  • 3
    (for the others) If the solution above doesn't work, you can try the following 2 things: **(1)** Be more specific when you mention the name (E.g.: `OU=Accounts,DC=x,DC=y` instead of `DC=x,DC=y`. **(2)** Change the LDAP port number to **3268** (instead of **389**) – ROMANIA_engineer Nov 24 '15 at 09:04
4

If you get an exception while referral usage in follow (for example: connection timed out) you can use referral ignore but you dont want to get partial exception you can use 3268 port number instead of 389 this port is using global catalog for ldap. You can find info from following link;

https://technet.microsoft.com/en-us/library/how-global-catalog-servers-work(v=ws.10).aspx

mertaksu
  • 535
  • 1
  • 9
  • 26