According to LDAP specification [1]: "Clients that follow referrals MUST ensure that they do not loop between servers. They MUST NOT repeatedly contact the same server for the same request with the same parameters.".

When application server is configured to use ldap-realm with dir-context which uses referral-mode=follow or throw and LDAP servers contain loop then it leads to infinite cycle. It can results to java.lang.OutOfMemoryError on EAP server.

This behavior is caused by issue in JDK, which has been reported, see [2] for more details. In case when referral mode THROW is used, then it works correctly.

Description of this behavior should be added as warning to documentation since this JDK issue can lead to crash application server in production.

[1] http://tools.ietf.org/html/rfc4511#section-4.1.10
[2] https://issues.jboss.org/browse/JBEAP-8467?focusedCommentId=13374297&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13374297