db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas <Thomas.K.H...@t-online.de>
Subject Re: Trying to migrate to LDAP (but getting Error 08004)
Date Tue, 18 Jan 2011 20:26:03 GMT
I have now tested the following two scenarios in conjunction with the network 
1) using system-wide properties rather than data-base level properties
2) as you suggested, supply the properties as command line parameters

ad 1) when trying to connect using IJ I continue to receive error 08004,
however now the following messages are written to derby.log (which I have to 
admit do not tell me much at this stage - but at least it looks like the 
network driver has recognized the "LDAP" related properties. Note: I had
started IJ on the same machine where Derby and directory server are running)
me much :
Tue Jan 18 20:44:36 CET 2011:
Booting Derby version The Apache Software Foundation - Apache Derby - 
- (1040133): instance a816c00e-012d-9aa7-e0cc-00005302821d 
on database directory /var/lib/derby/db-derby-  with 
class loader sun.misc.Launcher$AppClassLoader@7d772e 
Loaded from file:/var/lib/derby/db-derby-
java.vendor=Sun Microsystems Inc.
Database Class Loader started - derby.database.classpath=''
Tue Jan 18 20:44:37 CET 2011 Thread[DRDAConnThread_3,5,main] (XID = 13), 
(SESSIONID = 0), (DATABASE = ldaptest), (DRDAID = {1}), Cleanup action starting
java.sql.SQLException: Connection refused : javax.naming.CommunicationException
: miniserver:10389 [Root exception is java.security.AccessControlException: 
access denied (java.net.SocketPermission miniserver resolve)]
	at org.apache.derby.impl.jdbc.authentication.
	JNDIAuthenticationSchemeBase.getLoginSQLException(Unknown Source)
	at org.apache.derby.impl.jdbc.authentication.LDAPAuthentication
	SchemeImpl.authenticateUser(Unknown Source)
	at org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase.
	authenticate(Unknown Source)
	at org.apache.derby.impl.jdbc.EmbedConnection.checkUserCredentials
	(Unknown Source)
	at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source)
	at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown Source)
	at org.apache.derby.impl.jdbc.EmbedConnection40.<init>(Unknown Source)
	at org.apache.derby.jdbc.Driver40.getNewEmbedConnection(Unknown Source)
	at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source)
	at org.apache.derby.jdbc.AutoloadedDriver.connect(Unknown Source)
	at org.apache.derby.impl.drda.Database.makeConnection(Unknown Source)
	at org.apache.derby.impl.drda.DRDAConnThread.getConnFromDatabaseName
	(Unknown Source)
	at org.apache.derby.impl.drda.DRDAConnThread.verifyUserIdPassword
	(Unknown Source)
	at org.apache.derby.impl.drda.DRDAConnThread.parseSECCHK(Unknown Source)
	at org.apache.derby.impl.drda.DRDAConnThread.parseDRDAConnection
	(Unknown Source)
	at org.apache.derby.impl.drda.DRDAConnThread.processCommands
	(Unknown Source)
	at org.apache.derby.impl.drda.DRDAConnThread.run(Unknown Source)
Cleanup action completed
Tue Jan 18 20:44:37 CET 2011 Thread[DRDAConnThread_3,5,main] 
(DATABASE = ldaptest), (DRDAID = {1}), Connection refused : javax.naming.
CommunicationException: miniserver:10389 [Root exception is java.security.
AccessControlException: access denied (java.net.SocketPermission 
miniserver resolve)]

Here is the derby.properties file used:
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#     http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# See the License for the specific language governing permissions and
# limitations under the License.

# derby.properties
# we are using the default properties values for this demo
# derby.drda.logConnections=true
# derby.drda.traceAll=true

ad 2) I have passed the properties on the command line as suggested (after 
having removed the derby.properties file). In this scenario the network 
driver lead to the same results as the embedded driver. Athorisation worked
as expected; no entries in derby.log.

In summary my testing seems to evidence that the network driver is only
working in conjunction with LDAP authorization if the required properties
are passed on the command line when starting up the server. (So there is 
a way to achieve what I was trying to do.) However, when defining
the properties as data-base properties, these are ignored by the driver. (which
I would say is a bug). When defining the properties as system-wide properties 
in derby.properties, then the< seem to be recognized, but this sceanrio might 
require modification of the security policy file (which I don't know yet), 
before this approach will potentially work as well.

Btw: the documentation is lacking details/guidance in this regards


View raw message