From e990a964172cc357cca03b34ea85509f27adb579 Mon Sep 17 00:00:00 2001
From: zhangdong <zhangdong@selectdb.com>
Date: Wed, 26 Feb 2025 14:59:44 +0800
Subject: [PATCH] [fix](auth)ldap template ignore partial result exception
 (#47858)

### What problem does this PR solve?

ldap template sometimes throw exception:
```
org.springframework.ldap.PartialResultException: Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name '/'
```
Explanation of Spring
```
Specify whether PartialResultException should be ignored in searches. AD servers typically have a problem with referrals. Normally a referral should be followed automatically, but this does not seem to work with AD servers. The problem manifests itself with a a PartialResultException being thrown when a referral is encountered by the server. Setting this property to true presents a workaround to this problem by causing PartialResultException to be ignored, so that the search method returns normally. Default value of this parameter is false.
```
---
 .../org/apache/doris/mysql/authenticate/ldap/LdapClient.java   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapClient.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapClient.java
index 8d1304658ff2a0..3ae96945296942 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapClient.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapClient.java
@@ -72,6 +72,7 @@ private void setLdapTemplateNoPool(String ldapPassword) {
             contextSource.setPassword(ldapPassword);
             contextSource.afterPropertiesSet();
             ldapTemplateNoPool = new LdapTemplate(contextSource);
+            ldapTemplateNoPool.setIgnorePartialResultException(true);
         }
 
         private void setLdapTemplatePool(String ldapPassword) {
@@ -100,6 +101,7 @@ private void setLdapTemplatePool(String ldapPassword) {
 
             TransactionAwareContextSourceProxy proxy = new TransactionAwareContextSourceProxy(poolingContextSource);
             ldapTemplatePool = new LdapTemplate(proxy);
+            ldapTemplatePool.setIgnorePartialResultException(true);
         }
 
         public boolean checkUpdate(String ldapPassword) {
@@ -145,6 +147,7 @@ boolean checkPassword(String userName, String password) {
                     .filter(getUserFilter(LdapConfig.ldap_user_filter, userName)), password);
             return true;
         } catch (Exception e) {
+            LOG.info("ldap client checkPassword failed, userName: {}", userName, e);
             return false;
         }
     }