# HG changeset patch
# User aefimov
# Date 1500406170 -3600
# Node ID 4092c1c94820b7ff327140eadaac3562c1712d9d
# Parent  fe453cb558d3912272e1f4e586e2e5ba97884b9d
8176067: Proper directory lookup processing
Reviewed-by: weijun

diff -r fe453cb558d3 -r 4092c1c94820 src/share/classes/com/sun/jndi/ldap/LdapClient.java
--- a/src/share/classes/com/sun/jndi/ldap/LdapClient.java	Mon Apr 11 08:00:21 2016 +0100
+++ b/src/share/classes/com/sun/jndi/ldap/LdapClient.java	Tue Jul 18 20:29:30 2017 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1235,6 +1235,7 @@
     static final int LDAP_REF_FOLLOW = 0x01;            // follow referrals
     static final int LDAP_REF_THROW = 0x02;             // throw referral ex.
     static final int LDAP_REF_IGNORE = 0x03;            // ignore referrals
+    static final int LDAP_REF_FOLLOW_SCHEME = 0x04;     // follow referrals of the same scheme
 
     static final String LDAP_URL = "ldap://";           // LDAPv3
     static final String LDAPS_URL = "ldaps://";         // LDAPv3
diff -r fe453cb558d3 -r 4092c1c94820 src/share/classes/com/sun/jndi/ldap/LdapCtx.java
--- a/src/share/classes/com/sun/jndi/ldap/LdapCtx.java	Mon Apr 11 08:00:21 2016 +0100
+++ b/src/share/classes/com/sun/jndi/ldap/LdapCtx.java	Tue Jul 18 20:29:30 2017 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -2413,6 +2413,9 @@
         // First determine the referral mode
         if (ref != null) {
             switch (ref) {
+                case "follow-scheme":
+                    handleReferrals = LdapClient.LDAP_REF_FOLLOW_SCHEME;
+                    break;
                 case "follow":
                     handleReferrals = LdapClient.LDAP_REF_FOLLOW;
                     break;
@@ -2975,8 +2978,23 @@
             r = new LdapReferralException(resolvedName, resolvedObj, remainName,
                 msg, envprops, fullDN, handleReferrals, reqCtls);
             // only one set of URLs is present
-            r.setReferralInfo(res.referrals == null ? null :
-                    res.referrals.elementAt(0), false);
+            Vector<String> refs;
+            if (res.referrals == null) {
+                refs = null;
+            } else if (handleReferrals == LdapClient.LDAP_REF_FOLLOW_SCHEME) {
+                refs = new Vector<>();
+                for (String s : res.referrals.elementAt(0)) {
+                    if (s.startsWith("ldap:")) {
+                        refs.add(s);
+                    }
+                }
+                if (refs.isEmpty()) {
+                    refs = null;
+                }
+            } else {
+                refs = res.referrals.elementAt(0);
+            }
+            r.setReferralInfo(refs, false);
 
             if (hopCount > 1) {
                 r.setHopCount(hopCount);
diff -r fe453cb558d3 -r 4092c1c94820 src/share/classes/com/sun/jndi/ldap/LdapReferralException.java
--- a/src/share/classes/com/sun/jndi/ldap/LdapReferralException.java	Mon Apr 11 08:00:21 2016 +0100
+++ b/src/share/classes/com/sun/jndi/ldap/LdapReferralException.java	Tue Jul 18 20:29:30 2017 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -117,7 +117,8 @@
 
         // If following referral, request controls are passed to referral ctx
         this.reqCtls =
-            (handleReferrals == LdapClient.LDAP_REF_FOLLOW ? reqCtls : null);
+            (handleReferrals == LdapClient.LDAP_REF_FOLLOW ||
+                    handleReferrals == LdapClient.LDAP_REF_FOLLOW_SCHEME ? reqCtls : null);
     }
 
     /**
diff -r fe453cb558d3 -r 4092c1c94820 src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
--- a/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java	Mon Apr 11 08:00:21 2016 +0100
+++ b/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java	Tue Jul 18 20:29:30 2017 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -264,7 +264,7 @@
              */
             Hashtable<?,?> currentEnv = ctx.getEnvironment();
             if (currentEnv.get(Context.REFERRAL) == null) {
-                ctx.addToEnvironment(Context.REFERRAL, "follow");
+                ctx.addToEnvironment(Context.REFERRAL, "follow-scheme");
             }
         } catch (NamingException e) {
             if (debug != null) {