Referrals DefaultLdapEntryManager add not working when error=10

[sysmat]

• using ldaps protokol
• ldap return error 10
• in contex I have REFERRAL, "follow" & "java.naming.ldap.referral.limit", "3"
• but when calling add no java error and no entry in ldap

this.manager().add(user);

[dfish3r]

What version are you using?

[sysmat]

1.2.4 I'm still on java 8(customer cannot move to higher java)

[dfish3r]

Can you post a code snippet so I can see the usage? (If you're using DefaultLdapEntryManager, I'm pretty sure that component doesn't support referrals.)

[sysmat]

• conn builder

....
public void build(ConfigIntf configApi) {
        final Map<String, Object> props = new HashMap<>();
        props.put(INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        props.put(PROVIDER_URL, configApi.getLdapUrl());
        props.put(SECURITY_AUTHENTICATION, "simple");
        props.put(SECURITY_PRINCIPAL, configApi.getLdapUser());
        props.put(SECURITY_CREDENTIALS, configApi.getLdapPass());
        // ldap cluster has readonly & write nodes so we need this for write operations to work
        props.put(REFERRAL, "follow");
        props.put("java.naming.ldap.referral.limit", "3");

        // https://www.ldaptive.org/v1/
        ConnectionConfig connConfig = new ConnectionConfig(configApi.getLdapUrl());

        // connConfig.setUseStartTLS(true); if we whant to start TLS but we use ldaps already
        this.ldapFactory = new DefaultConnectionFactory(connConfig);
        this.ldapFactory.getProvider().getProviderConfig().setProperties(props);
        this.ldapConn = ldapFactory.getConnection();
    }

public DefaultLdapEntryManager<UserLdap> getManager() {
        DefaultLdapEntryMapper<UserLdap> mapper = new DefaultLdapEntryMapper<>();
        return new DefaultLdapEntryManager<>(mapper, this.ldapFactory);
}

....

• usage

...
try {
            this.connBuildr.getManager()
                           .add(user);
        } catch (LdapException e ){ }

[dfish3r]

I haven't been able to reproduce this yet. Based on your configuration, JNDI should handle the referral transparently. To be clear, are you seeing a success result code or referral result code at the client but no entry added in the server?

[sysmat]

• I don't have access to ldaps cluster logs, they give me only error 10 from logs
• in java log it look fine, but no entry in ldap
• maybe referral.limit was not ok or my thinking is wrong
• I think one of problem in cluster is if ldaps they didn't enabled referral, they need to do more on cluster(they don't have QA cluster and ldaps)

@dfish3r thx