db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anders Morken (JIRA)" <derby-...@db.apache.org>
Subject [jira] Updated: (DERBY-1000) For LDAP authentication: derby.authentication.server should support ldaps:// as part of the server url.
Date Wed, 05 Apr 2006 16:34:44 GMT
     [ http://issues.apache.org/jira/browse/DERBY-1000?page=all ]

Anders Morken updated DERBY-1000:
---------------------------------

    Derby Info: [Patch Available]

> For LDAP authentication: derby.authentication.server should support ldaps:// as part
of the server url.
> -------------------------------------------------------------------------------------------------------
>
>          Key: DERBY-1000
>          URL: http://issues.apache.org/jira/browse/DERBY-1000
>      Project: Derby
>         Type: Bug

>   Components: Newcomer, Security
>     Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.1.1, 10.1.1.2, 10.1.2.0, 10.1.2.1, 10.1.2.2,
10.2.0.0
>  Environment: all
>     Reporter: Sunitha Kambhampati
>     Priority: Trivial
>  Attachments: DERBY-1000.patch, DERBY1000-docs.patch
>
> derby.authentication.server does not recognize secure ldap url - ie if  the url starts
with ldaps:// 
> Trying to connect using LDAP authentication with the following properties set
> derby.authentication.provider=LDAP
> derby.authentication.server=ldaps://xyz.abc.com:636
> derby.authentication.ldap.searchBase='ou=xyz,o=abc.com'
> derby.authentication.ldap.searchFilter='(emailaddress=%USERNAME%)'
> derby.connection.requireAuthentication=true
> throws InvalidNameException
> ij> connect 'jdbc:derby:testdb;user=a;password=p';
> ERROR 08004: Connection refused : javax.naming.InvalidNameException: Invalid name: /xyz.abc.com:636
> Code - LDAPAuthenticationSchemeImpl#setJNDIProviderProperties.
> Problem is the code expects that if Context.PROVIDER_URL is not and if derby.authentication.server
is set, then the ldapServer is either of the format //server:port  or it already starts with
ldap://  else it just adds ldap://  .
> Thus for a ldaps://xyz.com:636  url , it will become ldap://ldaps://xyz.com:636
>                                                                                     
in the code snippet, dflLDAPURL is ldap://
> 				if (ldapServer.startsWith(dfltLDAPURL))
> 					this.providerURL = ldapServer;
> 				else if (ldapServer.startsWith("//"))
> 					this.providerURL = "ldap:" + ldapServer;
> 				else
> 					this.providerURL = dfltLDAPURL + ldapServer;
> 			}
> 			initDirContextEnv.put(Context.PROVIDER_URL, providerURL);
> We should support specifiying secure ldap , ie ldaps://  in the derby.authentication.server.
Add condition to support the ldaps:// 
> ie. 
> 			if (ldapServer.startsWith(dfltLDAPURL) || ldapServer.startsWith("ldaps://"))
> 					this.providerURL = ldapServer;
> ========
> A workaround to the problem is to set the Context.PROVIDER_URL instead.  

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message