Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 17535 invoked from network); 3 Feb 2011 22:00:54 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 3 Feb 2011 22:00:54 -0000 Received: (qmail 10485 invoked by uid 500); 3 Feb 2011 22:00:54 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 10406 invoked by uid 500); 3 Feb 2011 22:00:53 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 10399 invoked by uid 99); 3 Feb 2011 22:00:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Feb 2011 22:00:53 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED,T_RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Feb 2011 22:00:50 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 1207318CF0D for ; Thu, 3 Feb 2011 22:00:29 +0000 (UTC) Date: Thu, 3 Feb 2011 22:00:29 +0000 (UTC) From: "Dag H. Wanvik (JIRA)" To: derby-dev@db.apache.org Message-ID: <1725728610.8567.1296770429070.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <8679550.286631296301244261.JavaMail.jira@thor> Subject: [jira] Commented: (DERBY-4989) LDAP authentication not working when using network client driver and database level properties MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-4989?page=3Dcom.atlassian= .jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D1299= 0332#comment-12990332 ]=20 Dag H. Wanvik commented on DERBY-4989: -------------------------------------- As for the hard-coding, the policy file is read by Java initially, so in or= der to use the ${} in the policy file, you'd need to supply those on the command line, e.g. as -Dderby.system.home, so Java w= ould know how to expand it properly. When Derby reads derby.properties, it'= s to late for the Java runtime. It might be just as good to expand it in th= e policy file, your choice :) > LDAP authentication not working when using network client driver and data= base level properties > -------------------------------------------------------------------------= --------------------- > > Key: DERBY-4989 > URL: https://issues.apache.org/jira/browse/DERBY-4989 > Project: Derby > Issue Type: Bug > Components: Network Client > Environment: Network Server running under Debian 5.0 stable, Win = XP Service Pack 3 Client, Derby Version 10.7.1.1, ApacheDS 1.5.7 > Reporter: Thomas Hill > Attachments: LDAPrepro.txt, ldaprepro.tar.gz, mypolicy, screensho= t-1.jpg > > > The network server client driver is not recognising LDAP authentication p= rovider configuration when database properties are being used.=20 > When trying to connect with the network client driver error 08004 'userid= or password invalid' is thrown: > [derby][SQLException 22c95b] java.sql.SQLException > [derby][SQLException 22c95b] SQL state =3D 08004 > [derby][SQLException 22c95b] Error code =3D 40000 > [derby][SQLException 22c95b] Message =3D Connection authenticatio= n failure occurred. Reason: userid or password invalid. > The same database level properties when connecting using the embedded dri= ver lead to a successful login and everything is working as expected with t= his driver. > Notes: > As there are two other options in setting up the LDAP authentication prov= ider, here is the behaviour observed for the network driver in these scenar= ios: > 1) when using system-level properties, socket permission errors are given= when running with the JAVA security manager enabled; so additional configu= ration in form of setting up a custom Security Manager is required > 2) when supplying the properties as command line arguments at server star= t-up the properties are recognised (and authorisation is validated as expec= ted without changes required to the default Basic Security Manager) > Here is the output of sysinfo for my environment and the script used for = setting the database level properties: > CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.connection.requireAuth= entication', 'true'); > CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.provide= r','LDAP'); > CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.server'= ,'myserver:10389'); > CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.ldap.se= archBase','o=3DTHMB'); > CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.ldap.se= archFilter','derby.user'); > CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.thill','uid=3Dthi= ll,o=3DTHMB'); > CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.sqlAuthorizat= ion', 'true'); > sysinfo for the server > ------------------ Java Information ------------------ > Java Version: 1.6.0_22 > Java Vendor: Sun Microsystems Inc. > Java home: /usr/lib/jvm/java-6-sun-1.6.0.22/jre > Java classpath: /var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyrun.jar > OS name: Linux > OS architecture: i386 > OS version: 2.6.26-2-686 > Java user name: root > Java user home: /root > Java user dir: /root > java.specification.name: Java Platform API Specification > java.specification.version: 1.6 > java.runtime.version: 1.6.0_22-b04 > --------- Derby Information -------- > JRE - JDBC: Java SE 6 - JDBC 4.0 > [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derby.jar] 10.7.1.1 - (1040133) > [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbytools.jar] 10.7.1.1 - (104= 0133) > [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbynet.jar] 10.7.1.1 - (10401= 33) > [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyclient.jar] 10.7.1.1 - (10= 40133) > ------------------------------------------------------ > ----------------- Locale Information ----------------- > Current Locale : [English/United States [en_US]] > Found support for locale: [cs] > =09 version: 10.7.1.1 - (1040133) > Found support for locale: [de_DE] > =09 version: 10.7.1.1 - (1040133) > Found support for locale: [es] > =09 version: 10.7.1.1 - (1040133) > Found support for locale: [fr] > =09 version: 10.7.1.1 - (1040133) > Found support for locale: [hu] > =09 version: 10.7.1.1 - (1040133) > Found support for locale: [it] > =09 version: 10.7.1.1 - (1040133) > Found support for locale: [ja_JP] > =09 version: 10.7.1.1 - (1040133) > Found support for locale: [ko_KR] > =09 version: 10.7.1.1 - (1040133) > Found support for locale: [pl] > =09 version: 10.7.1.1 - (1040133) > Found support for locale: [pt_BR] > =09 version: 10.7.1.1 - (1040133) > Found support for locale: [ru] > =09 version: 10.7.1.1 - (1040133) > Found support for locale: [zh_CN] > =09 version: 10.7.1.1 - (1040133) > Found support for locale: [zh_TW] > =09 version: 10.7.1.1 - (1040133) > ------------------------------------------------------ > sysinfo for the client > ------------------ Java-Informationen ------------------ > Java-Version: 1.6.0_23 > Java-Anbieter: Sun Microsystems Inc. > Java-Home: C:\Programme\Java\jre6 > Java-Klassenpfad: C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\der= byrun.jar > Name des Betriebssystems: Windows XP > Architektur des Betriebssystems: x86 > Betriebssystemversion: 5.1 > Java-Benutzername: Thomas > Java-Benutzerausgangsverzeichnis: C:\Dokumente und Einstellungen\Thomas > Java-Benutzerverzeichnis: C:\Daten\derby\keys > java.specification.name: Java Platform API Specification > java.specification.version: 1.6 > java.runtime.version: 1.6.0_23-b05 > --------- Derby-Informationen -------- > JRE - JDBC: Java SE 6 - JDBC 4.0 > [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derby.jar] 10.7.1.1 = - (1040133) > [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbytools.jar] 10.7= .1.1 - (1040133) > [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbynet.jar] 10.7.1= .1 - (1040133) > [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbyclient.jar] 10.= 7.1.1 - (1040133) > ------------------------------------------------------ > ----------------- Informationen zur L=C3=A4ndereinstellung --------------= --- > Aktuelle L=C3=A4ndereinstellung: [Deutsch/Deutschland [de_DE]] > Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung = gefunden: [cs] > =09 Version: 10.7.1.1 - (1040133) > Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung = gefunden: [de_DE] > =09 Version: 10.7.1.1 - (1040133) > Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung = gefunden: [es] > =09 Version: 10.7.1.1 - (1040133) > Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung = gefunden: [fr] > =09 Version: 10.7.1.1 - (1040133) > Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung = gefunden: [hu] > =09 Version: 10.7.1.1 - (1040133) > Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung = gefunden: [it] > =09 Version: 10.7.1.1 - (1040133) > Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung = gefunden: [pl] > =09 Version: 10.7.1.1 - (1040133) > Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung = gefunden: [pt_BR] > =09 Version: 10.7.1.1 - (1040133) > Es wurde Unterst=C3=BCtzung f=C3=BCr die folgende L=C3=A4ndereinstellung = gefunden: [ru] > =09 Version: 10.7.1.1 - (1040133) > ------------------------------------------------------ --=20 This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira