Interesting find earlier today as I come across a very confusing error message on some custom code we have. It seems that DirContext. getAttributes parses the FullDN that you pass to it and grabs the BaseDN to do the search. The reason I’m coming to this conclusion is that I’m using one connection and one connection only to LDAP (specifically for LifeRay), except I’m getting an error for UnknownHostException for a different host.

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import java.util.Hashtable;

public class Main {
    public static void main(String[] args) {
        Hashtable env = new Hashtable();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, "cn=xxx,OU=xxx,DC=MYLDAP,DC=WIN");
        env.put(Context.SECURITY_CREDENTIALS, "xxxx");

        try {

            // Create the initial directory context
            DirContext ctx = new InitialDirContext(env);

            // Ask for all attributes of the object
            Attributes attrs = ctx.getAttributes("CN=LAI\\, MILTON,OU=xxx,OU=Accounts,DC=MYXXXLDAP,DC=WIN");

        } catch (NamingException e) {

So it seems that even though I’m connecting to MYLDAP.WIN, I found myself with an account in a completely different directory (MYXXXLDAP.WIN). When doing the getAttributes call, it will give me the following exception:

Problem getting attribute:javax.naming.PartialResultException: [LDAP: error code 10 – 0000202B: RefErr: DSID-0310082F, data 0, 1 access points
ref 1: ‘’

as it tries to follow a referral to this new directory, causing a lot of confusion, especially if doesn’t resolve and you start looking at all your log files for instances of it and don’t find anything!

Leave a Comment

Your email address will not be published. Required fields are marked *