From 3be394e1606dd17c2c14ce806c796f5eb2b1ad6e Mon Sep 17 00:00:00 2001
From: Martin Balao <mbalao@openjdk.org>
Date: Thu, 12 May 2022 16:16:49 +0000
Subject: [PATCH] 8275535: Retrying a failed authentication on multiple LDAP
 servers can lead to users blocked

Reviewed-by: aefimov, dfuchs
---
 .../share/classes/com/sun/jndi/ldap/LdapCtxFactory.java   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
index 70903206ea0..09956084cf9 100644
--- a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
+++ b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
@@ -189,6 +189,10 @@ public final class LdapCtxFactory implements ObjectFactory, InitialContextFactor
                     ctx = getLdapCtxFromUrl(
                             r.getDomainName(), url, new LdapURL(u), env);
                     return ctx;
+                } catch (AuthenticationException e) {
+                    // do not retry on a different endpoint to avoid blocking
+                    // the user if authentication credentials are wrong.
+                    throw e;
                 } catch (NamingException e) {
                     // try the next element
                     lastException = e;
@@ -241,6 +245,10 @@ public final class LdapCtxFactory implements ObjectFactory, InitialContextFactor
         for (String u : urls) {
             try {
                 return getUsingURL(u, env);
+            } catch (AuthenticationException e) {
+                // do not retry on a different URL to avoid blocking
+                // the user if authentication credentials are wrong.
+                throw e;
             } catch (NamingException e) {
                 ex = e;
             }