db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Hill (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-4989) LDAP authentication not working when using network client driver and database level properties
Date Thu, 03 Feb 2011 19:51:29 GMT

    [ https://issues.apache.org/jira/browse/DERBY-4989?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12990263#comment-12990263
] 

Thomas Hill commented on DERBY-4989:
------------------------------------

Might be a stupid question, but are entries in the policy file like '${derby.system.home}'
and '${derby.install.url}' samples which one has to replace by the real installation specific
paths by hardcoding the specific path into the file (i.e. change ${derby.system.home} to /var/lib/derby/db-derby-10.7.1.1-bin)
or are these variables the system knows how to replace (like e.g. $DERBY_HOME in the connection
URL)?

> LDAP authentication not working when using network client driver and database level properties
> ----------------------------------------------------------------------------------------------
>
>                 Key: DERBY-4989
>                 URL: https://issues.apache.org/jira/browse/DERBY-4989
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Client
>         Environment: Network Server running under Debian 5.0 stable, Win XP Service Pack
3 Client, Derby Version 10.7.1.1, ApacheDS 1.5.7
>            Reporter: Thomas Hill
>         Attachments: LDAPrepro.txt, ldaprepro.tar.gz, mypolicy, screenshot-1.jpg
>
>
> The network server client driver is not recognising LDAP authentication provider configuration
when database properties are being used. 
> When trying to connect with the network client driver error 08004 'userid or password
invalid' is thrown:
> [derby][SQLException <at> 22c95b] java.sql.SQLException
> [derby][SQLException <at> 22c95b] SQL state  = 08004
> [derby][SQLException <at> 22c95b] Error code = 40000
> [derby][SQLException <at> 22c95b] Message    = Connection authentication failure
occurred.  Reason: userid or password invalid.
> The same database level properties when connecting using the embedded driver lead to
a successful login and everything is working as expected with this driver.
> Notes:
> As there are two other options in setting up the LDAP authentication provider, here is
the behaviour observed for the network driver in these scenarios:
> 1) when using system-level properties, socket permission errors are given when running
with the JAVA security manager enabled; so additional configuration in form of setting up
a custom Security Manager is required
> 2) when supplying the properties as command line arguments at server start-up the properties
are recognised (and authorisation is validated as expected without changes required to the
default Basic Security Manager)
> Here is the output of sysinfo for my environment and the script used for setting the
database level properties:
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.connection.requireAuthentication',
'true');
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.provider','LDAP');
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.server','myserver:10389');
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.ldap.searchBase','o=THMB');
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.ldap.searchFilter','derby.user');
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.thill','uid=thill,o=THMB');
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.sqlAuthorization', 'true');
> sysinfo for the server
> ------------------ Java Information ------------------
> Java Version:    1.6.0_22
> Java Vendor:     Sun Microsystems Inc.
> Java home:       /usr/lib/jvm/java-6-sun-1.6.0.22/jre
> Java classpath:  /var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyrun.jar
> OS name:         Linux
> OS architecture: i386
> OS version:      2.6.26-2-686
> Java user name:  root
> Java user home:  /root
> Java user dir:   /root
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.6
> java.runtime.version: 1.6.0_22-b04
> --------- Derby Information --------
> JRE - JDBC: Java SE 6 - JDBC 4.0
> [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derby.jar] 10.7.1.1 - (1040133)
> [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbytools.jar] 10.7.1.1 - (1040133)
> [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbynet.jar] 10.7.1.1 - (1040133)
> [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyclient.jar] 10.7.1.1 - (1040133)
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale :  [English/United States [en_US]]
> Found support for locale: [cs]
> 	 version: 10.7.1.1 - (1040133)
> Found support for locale: [de_DE]
> 	 version: 10.7.1.1 - (1040133)
> Found support for locale: [es]
> 	 version: 10.7.1.1 - (1040133)
> Found support for locale: [fr]
> 	 version: 10.7.1.1 - (1040133)
> Found support for locale: [hu]
> 	 version: 10.7.1.1 - (1040133)
> Found support for locale: [it]
> 	 version: 10.7.1.1 - (1040133)
> Found support for locale: [ja_JP]
> 	 version: 10.7.1.1 - (1040133)
> Found support for locale: [ko_KR]
> 	 version: 10.7.1.1 - (1040133)
> Found support for locale: [pl]
> 	 version: 10.7.1.1 - (1040133)
> Found support for locale: [pt_BR]
> 	 version: 10.7.1.1 - (1040133)
> Found support for locale: [ru]
> 	 version: 10.7.1.1 - (1040133)
> Found support for locale: [zh_CN]
> 	 version: 10.7.1.1 - (1040133)
> Found support for locale: [zh_TW]
> 	 version: 10.7.1.1 - (1040133)
> ------------------------------------------------------
> sysinfo for the client
> ------------------ Java-Informationen ------------------
> Java-Version: 1.6.0_23
> Java-Anbieter: Sun Microsystems Inc.
> Java-Home: C:\Programme\Java\jre6
> Java-Klassenpfad: C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbyrun.jar
> Name des Betriebssystems: Windows XP
> Architektur des Betriebssystems: x86
> Betriebssystemversion: 5.1
> Java-Benutzername: Thomas
> Java-Benutzerausgangsverzeichnis: C:\Dokumente und Einstellungen\Thomas
> Java-Benutzerverzeichnis: C:\Daten\derby\keys
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.6
> java.runtime.version: 1.6.0_23-b05
> --------- Derby-Informationen --------
> JRE - JDBC: Java SE 6 - JDBC 4.0
> [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derby.jar] 10.7.1.1 - (1040133)
> [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbytools.jar] 10.7.1.1 - (1040133)
> [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbynet.jar] 10.7.1.1 - (1040133)
> [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbyclient.jar] 10.7.1.1 - (1040133)
> ------------------------------------------------------
> ----------------- Informationen zur Ländereinstellung -----------------
> Aktuelle Ländereinstellung:  [Deutsch/Deutschland [de_DE]]
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [cs]
> 	 Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [de_DE]
> 	 Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [es]
> 	 Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [fr]
> 	 Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [hu]
> 	 Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [it]
> 	 Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [pl]
> 	 Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [pt_BR]
> 	 Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [ru]
> 	 Version: 10.7.1.1 - (1040133)
> ------------------------------------------------------

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Mime
View raw message