Authentication is by-passed when a client follows an LDAP referral
The ldap.ecoinformatics.org LDAP database services the dc=ecoinformatics,dc=org
tree, but is extended by LDAP referral objects that point to external LDAP
servers (e.g. dc=lter,dc=ecoinformatics,dc=org and dc=piscoweb,dc=org). When a
client (Morpho or web client) attempts to authenticate against ldap (via
metacat), if the user exists in one of the referred trees, authentication will
succeed, whether the password is correct or not. If the user entry is within
the main dc=ecoinformatics,dc=org tree, authentication will correctly fail if
the password is incorrect.
#4 Updated by Jing Tao almost 20 years ago
After a referral exception happend, we should reset enviroment properties again
before creating a contex. These environment properties include PROVIDER_URL,
SECURITY_PRINCIPLE, SECURITY_CREDENTIALS, REFERRAL, and
INITIAL_CONTEXT_FACOTRY. Otherwise, you couldn't get a naming exception.