From 5dd55d493662724a1ee1158a3575c2f4f4b11086 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Wed, 22 Aug 2018 10:07:27 -0500
Subject: [PATCH] Ensure NamingException.resolvedObj is Serializable

Fixes: gh-5378
---
 .../ad/ActiveDirectoryLdapAuthenticationProvider.java | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
index 795ec7288d..939e65710d 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
@@ -42,6 +42,7 @@ import javax.naming.OperationNotSupportedException;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
 import javax.naming.ldap.InitialLdapContext;
+import java.io.Serializable;
 import java.util.*;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -221,6 +222,8 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 			logger.debug("Authentication for " + bindPrincipal + " failed:" + exception);
 		}
 
+		handleResolveObj(exception);
+
 		int subErrorCode = parseSubErrorCode(exception.getMessage());
 
 		if (subErrorCode <= 0) {
@@ -236,6 +239,14 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
 		}
 	}
 
+	private void handleResolveObj(NamingException exception) {
+		Object resolvedObj = exception.getResolvedObj();
+		boolean serializable = resolvedObj instanceof Serializable;
+		if (resolvedObj != null && !serializable) {
+			exception.setResolvedObj(null);
+		}
+	}
+
 	private int parseSubErrorCode(String message) {
 		Matcher m = SUB_ERROR_CODE.matcher(message);