db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas <Thomas.K.H...@t-online.de>
Subject Trying to migrate to LDAP (but getting Error 08004)
Date Sun, 16 Jan 2011 19:47:04 GMT

Thanks for reading my post. Any help to get Derby work with LDAP would be
greatly appreciated.

What I am trying to achieve and what I have done so far:

I would like to prepare my system for production use and migrate off the 
BUILTIN authentication system to use LDAP as external directory service.

My testing environment is Apache Derby 10.7.1 on a stable Debian 5.x Lenny
server running on my own local area network and accessed from a Windows XP
client on the same network. As LDAP server I have chosen ApacheDS 1.5.7
which is running on the same server machine as the Derby Network Server.
While trying to get Derby to speak to my LDAP server I have for now 
turned off SSL.

The following preparations have been taken on the Derby side:
(the server machine is called 'miniserver')

export DERBY_HOME=/var/lib/derby/db-derby-10.7.1.1-bin
java -jar -Dderby.system.home=/var/lib/derby/db-derby-10.7.1.1-data 
$DERBY_HOME/lib/derbyrun.jar server start -h 0.0.0.0

java -jar -Dderby.system.home=/var/lib/derby/db-derby-10.7.1.1-data  
$DERBY_HOME/lib/derbyrun.jar ij

connect 'jdbc:derby://miniserver:1527/ldaptest;create=true';

CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.connection.requireAuthentication', 'true');

CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.authentication.provider','LDAP');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.authentication.server','miniserver:10389');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.authentication.ldap.searchBase','o=THMB');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.user.thill','uid=thill,o=THMB');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.database.sqlAuthorization', 'true');

connect 'jdbc:derby://miniserver:1527/ldaptest;shutdown=true';
(all these statement execute without any problem)

jndi.jar, ldap.jar and providerutil.jar are part of my CLASSPATH,
the jar files have also been copied into the $DERBY_HOME$/lib folder
and also the complete folder structure for jndi112 and LDAP103 as 
downloaded from the Oracle/SUN homepage were copied into derby.system.home.


ApacheDS is running fine and two test users (one with uid=thill and 
userPassword=xx) have been defined in my directory. 
====> IMPORTANT: Accessing the directory from Apache Directory Studio 
and/or by using the java program AdvancedBindDemo which can be found 
on the ApacheDS tutorial is working as expected!!, i.e. I can 
successfully bind with uid=thill, o=thmb and userPassword xx.
So I am assuming the server side is in good shape.

However when trying to speak to Directory Server from Derby/IJ I am
getting error messages. 
Here is my connect statement:
connect 'jdbc:derby://miniserver:1527/ldaptest;user=thill;password=xx';
and the trace output (I have added line breaks as needed to allow
posting here):

BEGIN TRACE_DRIVER_CONFIGURATION
Driver: Apache Derby Network Client JDBC Driver 10.7.1.1 - (1040133)
Compatible JRE versions: { 1.3, 1.4 }
Range checking enabled: true
Bug check level: 0xff
Default fetch size: 64
Default isolation: 2
No security manager detected.
Detected local client host: miniserver/127.0.1.1
JDBC 1 system property jdbc.drivers = null
Java Runtime Environment version 1.6.0_22
Java Runtime Environment vendor = Sun Microsystems Inc.
Java vendor URL = http://java.sun.com/
Java installation directory = /usr/lib/jvm/java-6-sun-1.6.0.22/jre
Java Virtual Machine specification version = 1.0
Java Virtual Machine specification vendor = Sun Microsystems Inc.
Java Virtual Machine specification name = Java Virtual Machine 
Specification
Java Virtual Machine implementation version = 17.1-b03
Java Virtual Machine implementation vendor = Sun Microsystems Inc.
Java Virtual Machine implementation name = Java HotSpot(TM) Client VM
Java Runtime Environment specification version = 1.6
Java Runtime Environment specification vendor = Sun Microsystems Inc.
Java Runtime Environment specification name = Java Platform API Specification
Java class format version number = 50.0
Java class path = /var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyrun.jar
Java native library path = /usr/lib/jvm/java-6-sun-1.6.0.22/jre/lib
/i386/client:
/usr/lib/jvm/java-6-sun-1.6.0.22/jre/lib/i386:/usr/lib/jvm
/java-6-sun-1.6.0.22/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib
Path of extension directory or directories = /usr/lib/jvm
/java-6-sun-1.6.0.22/jre/lib/ext:/usr/java/packages/lib/ext
Operating system name = Linux
Operating system architecture = i386
Operating system version = 2.6.26-2-686
File separator ("/" on UNIX) = /
Path separator (":" on UNIX) = :
User's account name = root
User's home directory = /root
User's current working directory = /root
END TRACE_DRIVER_CONFIGURATION
BEGIN TRACE_CONNECTS
Attempting connection to miniserver:1527/ldaptest;traceFile=/root/trace.out
Using properties: { user=thill, traceFile=/root/trace.out, password=** }
END TRACE_CONNECTS
[net][time:1295204362513][thread:main][tracepoint:1][Request.flush]
       SEND BUFFER: EXCSAT                 (ASCII)           (EBCDIC)
       0 1 2 3 4 5 6 7   8 9 A B C D E F   0123456789ABCDEF  0123456789ABCDEF
0000   006AD04100010064  10410010115E8485  .j.A...d.A...^..  .|}..........;de
0010   9982A88495839481  89950009116DC485  .............m..  rbydncmain..._De
0020   9982A80021115AC4  D5C3F1F0F0F7F061  ....!.Z........a  rby...!DNC10070/
0030   F1F04BF74BF14BF1  4060404DF1F0F4F0  ..K.K.K.@`@M....  10.7.1.1 - (1040
0040   F1F3F35D00181404  1403000724070007  ...]........$...  133)............
0050   240F000714400007  1C0804B8000E1147  $....@.........G  ..... ..........
0060   D8C4C5D9C2E861D1  E5D4              ......a...        QDERBY/JVM      

       SEND BUFFER: ACCSEC                 (ASCII)           (EBCDIC)
0000   0036D00100020030  106D000611A20003  .6.....0.m......  ..}......_...s..
0010   0026211093848197  A385A2A35EA39981  .&!.........^...  ....ldaptest;tra
0020   8385C68993857E61  999696A361A39981  ......~a....a...  ceFile=/root/tra
0030   83854B96A4A3                        ..K...            ce.out          

[net][time:1295204362515][thread:main][tracepoint:2][Reply.fill]
       RECEIVE BUFFER: EXCSATRD            (ASCII)           (EBCDIC)
       0 1 2 3 4 5 6 7   8 9 A B C D E F   0123456789ABCDEF  0123456789ABCDEF
0000   0088D04200010082  1443001D115ED585  ...B.....C...^..  .h}....b.....;Ne
0010   A3A6969992E28599  A58599C39695A399  ................  tworkServerContr
0020   9693409481899500  1814041403000724  ..@............$  ol main.........
0030   070007240F000714  4000071C0804B800  ...$....@.......  ........ .......
0040   101147C197818388  8540C4859982A800  ..G......@......  ...Apache Derby.
0050   18116DD585A3A696  9992E28599A58599  ..m.............  .._NetworkServer
0060   C39695A399969300  21115AC3E2E2F1F0  ........!.Z.....  Control...!CSS10
0070   F0F7F061F1F04BF7  4BF14BF14060404D  ...a..K.K.K.@`@M  070/10.7.1.1 - (
0080   F1F0F4F0F1F3F35D                    .......]          1040133)        

       RECEIVE BUFFER: ACCSECRD            (ASCII)           (EBCDIC)
0000   0010D0020002000A  14AC000611A20003  ................  ..}..........s..

[net][time:1295204362543][thread:main][tracepoint:1][Request.flush]
       SEND BUFFER: SECCHK                 (ASCII)           (EBCDIC)
       0 1 2 3 4 5 6 7   8 9 A B C D E F   0123456789ABCDEF  0123456789ABCDEF
0000   0045D0410001003F  106E000611A20003  .E.A...?.n......  ..}......>...s..
0010   002621106C646170  746573743B747261  .&!.ldaptest;tra  ....%./......../
0020   636546696C653D2F  726F6F742F747261  ceFile=/root/tra  ....%....??..../
0030   63652E6F75740009  11A07468696C6C00  ce.out....thill.  ...?.........%%.
0040   0611A12A2A                          ...**             ..~..           

       SEND BUFFER: ACCRDB                 (ASCII)           (EBCDIC)
0000   00B8D001000200B2  2001002621106C64  ........ ..&!.ld  ..}...........%.
0010   6170746573743B74  7261636546696C65  aptest;traceFile  /......../....%.
0020   3D2F726F6F742F74  726163652E6F7574  =/root/trace.out  ...??..../...?..
0030   0006210F2407000C  112E444E43313030  ..!.$.....DNC100  ...........+....
0040   3730003C210437C4  D5C3F1F0F0F7F0D1  70.<!.7.........  .......DNC10070J
0050   E5D4404040404040  4040404040404040  ..@@@@@@@@@@@@@@  VM              
0060   4084859982A88495  8394818995404040  @............@@@   derbydncmain   
0070   4040404040404040  404040404000000D  @@@@@@@@@@@@@...               ...
0080   002F51544453514C  41534300172135D5  ./QTDSQLASC..!5.  .......<.......N
0090   C6F0F0F0F1F0F12E  D7F2C3C4012D9032  .............-.2  F000101.P2CD....
00A0   2917001600350006  119C04B80006119D  )....5..........  ................
00B0   04B00006119E04B8                    ........          ........        

[net][time:1295204363203][thread:main][tracepoint:2][Reply.fill]
       RECEIVE BUFFER: SECCHKRM            (ASCII)           (EBCDIC)
       0 1 2 3 4 5 6 7   8 9 A B C D E F   0123456789ABCDEF  0123456789ABCDEF
0000   0015D0020001000F  1219000611490008  .............I..  ..}.............
0010   000511A413                          .....             ...u.           

BEGIN TRACE_DIAGNOSTICS
[derby][SQLException@22c95b] java.sql.SQLException
[derby][SQLException@22c95b] SQL state  = 08004
[derby][SQLException@22c95b] Error code = 40000
[derby][SQLException@22c95b] Message    = Connection authentication failure 
occurred.  Reason: userid or password invalid.
[derby][SQLException@22c95b] Stack trace follows
org.apache.derby.client.am.SqlException: Connection authentication failure 
occurred.  Reason: userid or password invalid.
	at org.apache.derby.client.net.NetConnection.
mapSecchkcd(Unknown Source)
	at org.apache.derby.client.net.NetConnection.
securityCheckComplete(Unknown Source)
	at org.apache.derby.client.net.NetConnectionReply.
parseSECCHKRM(Unknown Source)
	at org.apache.derby.client.net.NetConnectionReply.
parseSECCHKreply(Unknown Source)
	at org.apache.derby.client.net.NetConnectionReply.
readSecurityCheck(Unknown Source)
	at org.apache.derby.client.net.NetConnection.
readSecurityCheckAndAccessRdb(Unknown Source)
	at org.apache.derby.client.net.NetConnection.
flowSecurityCheckAndAccessRdb(Unknown Source)
	at org.apache.derby.client.net.NetConnection.
flowUSRIDPWDconnect(Unknown Source)
	at org.apache.derby.client.net.NetConnection.
flowConnect(Unknown Source)
	at org.apache.derby.client.net.NetConnection.
<init>(Unknown Source)
	at org.apache.derby.client.net.NetConnection40.
<init>(Unknown Source)
	at org.apache.derby.client.net.ClientJDBCObjectFactoryImpl40.
newNetConnection(Unknown Source)
	at org.apache.derby.jdbc.ClientDriver.connect(Unknown Source)
	at java.sql.DriverManager.getConnection(DriverManager.java:582)
	at java.sql.DriverManager.getConnection(DriverManager.java:154)
	at org.apache.derby.impl.tools.ij.ij.dynamicConnection(Unknown Source)
	at org.apache.derby.impl.tools.ij.ij.ConnectStatement(Unknown Source)
	at org.apache.derby.impl.tools.ij.ij.ijStatement(Unknown Source)
	at org.apache.derby.impl.tools.ij.utilMain.
runScriptGuts(Unknown Source)
	at org.apache.derby.impl.tools.ij.utilMain.go(Unknown Source)
	at org.apache.derby.impl.tools.ij.Main.go(Unknown Source)
	at org.apache.derby.impl.tools.ij.Main.mainCore(Unknown Source)
	at org.apache.derby.impl.tools.ij.Main.main(Unknown Source)
	at org.apache.derby.tools.ij.main(Unknown Source)
	at org.apache.derby.iapi.tools.run.main(Unknown Source)
END TRACE_DIAGNOSTICS


Mime
View raw message