How to resolve javax.naming.PartialResultException?

OK. You will be seeing this exception, when your search returns referral and you set to ignore the referral.

[Referral: When you search in AD, if AD thinks there are more information available in another place, it returns a referral [place to find more info] along with your search results.]

You could avoid this exception by setting Context.REFERRAL to follow. Then it would search in the referral also [That's why it takes more time to return result].

But in my case the referral is invalid and returned an another exception.

I fixed this issue by changing the baseDN (search base) to be more specific. E.g. ou=users,dc=mydomain,dc=com. Now I'm not seeing this exception, because it doesn't return any referral.

Another possible solution that may work is to change the port number (assuming this is a GC server):

If you were using the port 389 change it to 3268

If you were using the port 636 change it to 3269

This may work because (and I quote):

A GC (global catalog) server returns referrals on 389 to refer to the greater AD "forest", but acts like a regular LDAP server on 3268 (and 3269 for LDAPS)

It worked for me.

I found this solution in the Shibboleth Users list, answered by Paul Caskey (all the credit to him).

You can check the conversation on this link:

https://lists.internet2.edu/sympa/arc/shibboleth-users/2008-06/msg00039.html