Elytron ldap-realm does not handle loops in referrals ----------------------------------------------------- Key: ELY-909 URL: https://issues.jboss.org/browse/ELY-909 Project: WildFly Elytron Issue Type: Bug Components: Realms Affects Versions: 1.1.0.Beta21 Reporter: Ondrej Lukas Assignee: Jan Kalina Priority: Critical Attachments: print-roles.war According to LDAP specification [1]: "Clients that follow referrals MUST ensure that they do not loop between servers. They MUST NOT repeatedly contact the same server for the same request with the same parameters.". When application server is configured to use ldap-realm with dir-context which uses referral-mode=follow or throw and LDAP servers contain loop then it leads to infinite cycle. It can results to java.lang.OutOfMemoryError on EAP server. [1] http://tools.ietf.org/html/rfc4511#section-4.1.10