Return-Path: X-Original-To: apmail-db-derby-dev-archive@www.apache.org Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 00E159FDD for ; Fri, 28 Dec 2012 09:56:16 +0000 (UTC) Received: (qmail 42435 invoked by uid 500); 28 Dec 2012 09:56:13 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 42083 invoked by uid 500); 28 Dec 2012 09:56:13 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 41563 invoked by uid 99); 28 Dec 2012 09:56:12 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Dec 2012 09:56:12 +0000 Date: Fri, 28 Dec 2012 09:56:12 +0000 (UTC) From: "Knut Anders Hatlen (JIRA)" To: derby-dev@db.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Resolved] (DERBY-4976) LDAP authentication's use of derby.propery for finding dn locally is faulty: search is always performed MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/DERBY-4976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Knut Anders Hatlen resolved DERBY-4976. --------------------------------------- Resolution: Duplicate This looks like a duplicate of DERBY-1026. Resolving as such. > LDAP authentication's use of derby.propery for finding dn locally is faulty: search is always performed > ------------------------------------------------------------------------------------------------------- > > Key: DERBY-4976 > URL: https://issues.apache.org/jira/browse/DERBY-4976 > Project: Derby > Issue Type: Bug > Components: Services > Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4, 10.3.2.1, 10.3.3.0, 10.4.1.3, 10.4.2.0, 10.5.1.1, 10.5.2.0, 10.5.3.0, 10.6.1.0, 10.6.2.1, 10.7.1.1 > Reporter: Dag H. Wanvik > Labels: derby_triage10_8 > > cf DERBY-4975. > It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as advertised. > LDAPAuthenticationSchemeImpl contains this code: > #authenticateUser: > : > // Retrieve the user's DN (Distinguished Name) If we're asked to > // look it up locally, do it first and if we don't find it, we go > // against the LDAP server for a look-up (search) > if (useUserPropertyAsDN) > userDN = > authenticationService.getProperty( > org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX); > The lookup happens against the property "derby.user.", the username is not appended first, so userDN is always set to null, and search ensues before bind. Cf. this explanation http://db.apache.org/derby/manuals/develop/develop100.html: > > Derby typically initiates a search for a full DN before binding to the directory using the full DN for user authentication. Derby does not initiate a search in the following cases: > > > > * You have set derby.authentication.ldap.searchFilter to derby.user. > > * A user DN has been cached locally for the specific user with the derby.user.UserName property. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira