db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <derby-...@db.apache.org>
Subject [jira] Resolved: (DERBY-1000) For LDAP authentication: derby.authentication.server should support ldaps:// as part of the server url.
Date Fri, 07 Jul 2006 10:01:32 GMT
     [ http://issues.apache.org/jira/browse/DERBY-1000?page=all ]
     
Knut Anders Hatlen resolved DERBY-1000:
---------------------------------------

    Fix Version: 10.2.0.0
     Resolution: Fixed
     Derby Info:   (was: [Patch Available])

I think the doc patch is ready to be committed too.

Code patch committed with revision 419852.
Doc patch committed with revision 419853.

Thanks to Anders for fixing the code and updating the documentation. Thanks to Sunitha for
reviewing the changes.

> For LDAP authentication: derby.authentication.server should support ldaps:// as part
of the server url.
> -------------------------------------------------------------------------------------------------------
>
>          Key: DERBY-1000
>          URL: http://issues.apache.org/jira/browse/DERBY-1000
>      Project: Derby
>         Type: Bug

>   Components: Newcomer, Security
>     Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.1.1, 10.1.1.2, 10.1.2.0, 10.1.2.1, 10.1.2.2,
10.2.0.0
>  Environment: all
>     Reporter: Sunitha Kambhampati
>     Assignee: Anders Morken
>     Priority: Trivial
>      Fix For: 10.2.0.0
>  Attachments: DERBY-1000.patch, DERBY1000-docs.patch
>
> derby.authentication.server does not recognize secure ldap url - ie if  the url starts
with ldaps:// 
> Trying to connect using LDAP authentication with the following properties set
> derby.authentication.provider=LDAP
> derby.authentication.server=ldaps://xyz.abc.com:636
> derby.authentication.ldap.searchBase='ou=xyz,o=abc.com'
> derby.authentication.ldap.searchFilter='(emailaddress=%USERNAME%)'
> derby.connection.requireAuthentication=true
> throws InvalidNameException
> ij> connect 'jdbc:derby:testdb;user=a;password=p';
> ERROR 08004: Connection refused : javax.naming.InvalidNameException: Invalid name: /xyz.abc.com:636
> Code - LDAPAuthenticationSchemeImpl#setJNDIProviderProperties.
> Problem is the code expects that if Context.PROVIDER_URL is not and if derby.authentication.server
is set, then the ldapServer is either of the format //server:port  or it already starts with
ldap://  else it just adds ldap://  .
> Thus for a ldaps://xyz.com:636  url , it will become ldap://ldaps://xyz.com:636
>                                                                                     
in the code snippet, dflLDAPURL is ldap://
> 				if (ldapServer.startsWith(dfltLDAPURL))
> 					this.providerURL = ldapServer;
> 				else if (ldapServer.startsWith("//"))
> 					this.providerURL = "ldap:" + ldapServer;
> 				else
> 					this.providerURL = dfltLDAPURL + ldapServer;
> 			}
> 			initDirContextEnv.put(Context.PROVIDER_URL, providerURL);
> We should support specifiying secure ldap , ie ldaps://  in the derby.authentication.server.
Add condition to support the ldaps:// 
> ie. 
> 			if (ldapServer.startsWith(dfltLDAPURL) || ldapServer.startsWith("ldaps://"))
> 					this.providerURL = ldapServer;
> ========
> A workaround to the problem is to set the Context.PROVIDER_URL instead.  

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message