db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Matrigali (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-4976) LDAP authentication's use of derby.propery for finding dn locally is faulty: search is always performed
Date Tue, 15 Feb 2011 19:11:57 GMT

     [ https://issues.apache.org/jira/browse/DERBY-4976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Mike Matrigali updated DERBY-4976:
----------------------------------

    Urgency: Normal
     Labels: derby_triage10_8  (was: )

> LDAP authentication's use of derby.propery for finding dn locally is faulty: search is
always performed
> -------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-4976
>                 URL: https://issues.apache.org/jira/browse/DERBY-4976
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0,
10.3.1.4, 10.3.2.1, 10.3.3.0, 10.4.1.3, 10.4.2.0, 10.5.1.1, 10.5.2.0, 10.5.3.0, 10.6.1.0,
10.6.2.1, 10.7.1.1
>            Reporter: Dag H. Wanvik
>              Labels: derby_triage10_8
>
> cf DERBY-4975.
> It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as advertised.
> LDAPAuthenticationSchemeImpl contains this code:
> #authenticateUser:
>     :
>     // Retrieve the user's DN (Distinguished Name) If we're asked to
>     // look it up locally, do it first and if we don't find it, we go
>     // against the LDAP server for a look-up (search)
>     if (useUserPropertyAsDN)
>             userDN =
>                     authenticationService.getProperty(
>                             org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX);
> The lookup happens against the property "derby.user.", the username is not appended first,
so userDN is always set to null, and search ensues before bind. Cf. this explanation http://db.apache.org/derby/manuals/develop/develop100.html:
> > Derby typically initiates a search for a full DN before binding to the directory
using the full DN for user authentication. Derby does not initiate a search in the following
cases:
> > 
> >     * You have set derby.authentication.ldap.searchFilter to derby.user.
> >     * A user DN has been cached locally for the specific user with the derby.user.UserName
property.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message