db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sunitha Kambhampati (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-1000) For LDAP authentication: derby.authentication.server should support ldaps:// as part of the server url.
Date Thu, 06 Jul 2006 23:54:31 GMT
    [ http://issues.apache.org/jira/browse/DERBY-1000?page=comments#action_12419625 ] 

Sunitha Kambhampati commented on DERBY-1000:

Thanks Anders for posting the patch as well as the doc changes. I applied the DERBY-1000.patch
and could successfully connect to a secure ldap server  that I have access to and it all works
ok.   I briefly looked at the docs patch and it looked ok to me. I will leave the doc changes
for someone more familiar with dita to comment. 

I am not sure how we can add tests for ldap, because it needs a ldap server setup etc. 

derby-1000.patch looks good to me.  I vote +1 for commit.


> For LDAP authentication: derby.authentication.server should support ldaps:// as part
of the server url.
> -------------------------------------------------------------------------------------------------------
>          Key: DERBY-1000
>          URL: http://issues.apache.org/jira/browse/DERBY-1000
>      Project: Derby
>         Type: Bug

>   Components: Newcomer, Security
>     Versions:,,,,,,,,
>  Environment: all
>     Reporter: Sunitha Kambhampati
>     Assignee: Anders Morken
>     Priority: Trivial
>  Attachments: DERBY-1000.patch, DERBY1000-docs.patch
> derby.authentication.server does not recognize secure ldap url - ie if  the url starts
with ldaps:// 
> Trying to connect using LDAP authentication with the following properties set
> derby.authentication.provider=LDAP
> derby.authentication.server=ldaps://xyz.abc.com:636
> derby.authentication.ldap.searchBase='ou=xyz,o=abc.com'
> derby.authentication.ldap.searchFilter='(emailaddress=%USERNAME%)'
> derby.connection.requireAuthentication=true
> throws InvalidNameException
> ij> connect 'jdbc:derby:testdb;user=a;password=p';
> ERROR 08004: Connection refused : javax.naming.InvalidNameException: Invalid name: /xyz.abc.com:636
> Code - LDAPAuthenticationSchemeImpl#setJNDIProviderProperties.
> Problem is the code expects that if Context.PROVIDER_URL is not and if derby.authentication.server
is set, then the ldapServer is either of the format //server:port  or it already starts with
ldap://  else it just adds ldap://  .
> Thus for a ldaps://xyz.com:636  url , it will become ldap://ldaps://xyz.com:636
in the code snippet, dflLDAPURL is ldap://
> 				if (ldapServer.startsWith(dfltLDAPURL))
> 					this.providerURL = ldapServer;
> 				else if (ldapServer.startsWith("//"))
> 					this.providerURL = "ldap:" + ldapServer;
> 				else
> 					this.providerURL = dfltLDAPURL + ldapServer;
> 			}
> 			initDirContextEnv.put(Context.PROVIDER_URL, providerURL);
> We should support specifiying secure ldap , ie ldaps://  in the derby.authentication.server.
Add condition to support the ldaps:// 
> ie. 
> 			if (ldapServer.startsWith(dfltLDAPURL) || ldapServer.startsWith("ldaps://"))
> 					this.providerURL = ldapServer;
> ========
> A workaround to the problem is to set the Context.PROVIDER_URL instead.  

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message