Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm
Precedence: bulk
Reply-To: <derby-dev@db.apache.org>
Date: Wed, 2 Feb 2011 22:21:28 +0000 (UTC)
From: "Thomas Hill (JIRA)" <jira@apache.org>
To: derby-dev@db.apache.org
Message-ID: 
 <1087289185.6077.1296685288983.JavaMail.tomcat@hel.zones.apache.org>
In-Reply-To: <8679550.286631296301244261.JavaMail.jira@thor>
Subject: [jira] Issue Comment Edited: (DERBY-4989) LDAP authentication not
 working when using network client driver and database level properties
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


    [ https://issues.apache.org/jira/browse/DERBY-4989?page=3Dcom.atlassian=
.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D1298=
9830#comment-12989830 ]=20

Thomas Hill edited comment on DERBY-4989 at 2/2/11 10:19 PM:
-------------------------------------------------------------

One further remark/observation in regards to the codebase which needs to be=
 granted the Socket permission - the note above states "I had to add the li=
ne to the codebase "derby.jar" in the policy file, not to the server codeba=
se in this case." while the documentation (see derby-4990) seems to now hav=
e been updated with a statement that this permission needs to be added to d=
erbynet.jar.

      was (Author: thomashill):
    One further remark/observation in regards to the codebase which needs t=
o be granted the Socket permission - the note above states "I had to add th=
e line to the codebase "derby.jar" in the policy file, not to the server co=
debase in this case." while the documentation seems to now have been update=
d with a statement that this permission needs to be added to derbynet.jar.
 =20
> LDAP authentication not working when using network client driver and data=
base level properties
> -------------------------------------------------------------------------=
---------------------
>
>                 Key: DERBY-4989
>                 URL: https://issues.apache.org/jira/browse/DERBY-4989
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Client
>         Environment: Network Server running under Debian 5.0 stable, Win =
XP Service Pack 3 Client, Derby Version 10.7.1.1, ApacheDS 1.5.7
>            Reporter: Thomas Hill
>         Attachments: LDAPrepro.txt, ldaprepro.tar.gz, mypolicy, screensho=
t-1.jpg
>
>
> The network server client driver is not recognising LDAP authentication p=
rovider configuration when database properties are being used.=20
> When trying to connect with the network client driver error 08004 'userid=
 or password invalid' is thrown:
> [derby][SQLException <at> 22c95b] java.sql.SQLException
> [derby][SQLException <at> 22c95b] SQL state  =3D 08004
> [derby][SQLException <at> 22c95b] Error code =3D 40000
> [derby][SQLException <at> 22c95b] Message    =3D Connection authenticatio=
n failure occurred.  Reason: userid or password invalid.
> The same database level properties when connecting using the embedded dri=
ver lead to a successful login and everything is working as expected with t=
his driver.
> Notes:
> As there are two other options in setting up the LDAP authentication prov=
ider, here is the behaviour observed for the network driver in these scenar=
ios:
> 1) when using system-level properties, socket permission errors are given=
 when running with the JAVA security manager enabled; so additional configu=
ration in form of setting up a custom Security Manager is required
> 2) when supplying the properties as command line arguments at server star=
t-up the properties are recognised (and authorisation is validated as expec=
ted without changes required to the default Basic Security Manager)
> Here is the output of sysinfo for my environment and the script used for =
setting the database level properties:
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.connection.requireAuth=
entication', 'true');
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.provide=
r','LDAP');
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.server'=
,'myserver:10389');
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.ldap.se=
archBase','o=3DTHMB');
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.ldap.se=
archFilter','derby.user');
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.thill','uid=3Dthi=
ll,o=3DTHMB');
> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.sqlAuthorizat=
ion', 'true');
> sysinfo for the server
> ------------------ Java Information ------------------
> Java Version:    1.6.0_22
> Java Vendor:     Sun Microsystems Inc.
> Java home:       /usr/lib/jvm/java-6-sun-1.6.0.22/jre
> Java classpath:  /var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyrun.jar
> OS name:         Linux
> OS architecture: i386
> OS version:      2.6.26-2-686
> Java user name:  root
> Java user home:  /root
> Java user dir:   /root
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.6
> java.runtime.version: 1.6.0_22-b04
> --------- Derby Information --------
> JRE - JDBC: Java SE 6 - JDBC 4.0
> [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derby.jar] 10.7.1.1 - (1040133)
> [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbytools.jar] 10.7.1.1 - (104=
0133)
> [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbynet.jar] 10.7.1.1 - (10401=
33)
> [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyclient.jar] 10.7.1.1 - (10=
40133)
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale :  [English/United States [en_US]]
> Found support for locale: [cs]
> =09 version: 10.7.1.1 - (1040133)
> Found support for locale: [de_DE]
> =09 version: 10.7.1.1 - (1040133)
> Found support for locale: [es]
> =09 version: 10.7.1.1 - (1040133)
> Found support for locale: [fr]
> =09 version: 10.7.1.1 - (1040133)
> Found support for locale: [hu]
> =09 version: 10.7.1.1 - (1040133)
> Found support for locale: [it]
> =09 version: 10.7.1.1 - (1040133)
> Found support for locale: [ja_JP]
> =09 version: 10.7.1.1 - (1040133)
> Found support for locale: [ko_KR]
> =09 version: 10.7.1.1 - (1040133)
> Found support for locale: [pl]
> =09 version: 10.7.1.1 - (1040133)
> Found support for locale: [pt_BR]
> =09 version: 10.7.1.1 - (1040133)
> Found support for locale: [ru]
> =09 version: 10.7.1.1 - (1040133)
> Found support for locale: [zh_CN]
> =09 version: 10.7.1.1 - (1040133)
> Found support for locale: [zh_TW]
> =09 version: 10.7.1.1 - (1040133)
> ------------------------------------------------------
> sysinfo for the client
> ------------------ Java-Informationen ------------------
> Java-Version: 1.6.0_23
> Java-Anbieter: Sun Microsystems Inc.
> Java-Home: C:\Programme\Java\jre6
> Java-Klassenpfad: C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\der=
byrun.jar
> Name des Betriebssystems: Windows XP
> Architektur des Betriebssystems: x86
> Betriebssystemversion: 5.1
> Java-Benutzername: Thomas
> Java-Benutzerausgangsverzeichnis: C:\Dokumente und Einstellungen\Thomas
> Java-Benutzerverzeichnis: C:\Daten\derby\keys
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.6
> java.runtime.version: 1.6.0_23-b05
> --------- Derby-Informationen --------
> JRE - JDBC: Java SE 6 - JDBC 4.0
> [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derby.jar] 10.7.1.1 =
- (1040133)
> [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbytools.jar] 10.7=
.1.1 - (1040133)
> [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbynet.jar] 10.7.1=
.1 - (1040133)
> [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbyclient.jar] 10.=
7.1.1 - (1040133)
> ------------------------------------------------------
> ----------------- Informationen zur L=C3=A4ndereinstellung --------------=
---
> Aktuelle L=C3=A4ndereinstellung:  [Deutsch/Deutschland [de_DE]]
> Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung =
gefunden: [cs]
> =09 Version: 10.7.1.1 - (1040133)
> Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung =
gefunden: [de_DE]
> =09 Version: 10.7.1.1 - (1040133)
> Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung =
gefunden: [es]
> =09 Version: 10.7.1.1 - (1040133)
> Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung =
gefunden: [fr]
> =09 Version: 10.7.1.1 - (1040133)
> Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung =
gefunden: [hu]
> =09 Version: 10.7.1.1 - (1040133)
> Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung =
gefunden: [it]
> =09 Version: 10.7.1.1 - (1040133)
> Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung =
gefunden: [pl]
> =09 Version: 10.7.1.1 - (1040133)
> Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung =
gefunden: [pt_BR]
> =09 Version: 10.7.1.1 - (1040133)
> Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung =
gefunden: [ru]
> =09 Version: 10.7.1.1 - (1040133)
> ------------------------------------------------------

--=20
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira