Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Invalid
-
None
-
None
-
None
-
Network Server running under Debian 5.0 stable, Win XP Service Pack 3 Client, Derby Version 10.7.1.1, ApacheDS 1.5.7
-
Embedded/Client difference, Security
Description
The network server client driver is not recognising LDAP authentication provider configuration when database properties are being used.
When trying to connect with the network client driver error 08004 'userid or password invalid' is thrown:
[derby][SQLException <at> 22c95b] java.sql.SQLException
[derby][SQLException <at> 22c95b] SQL state = 08004
[derby][SQLException <at> 22c95b] Error code = 40000
[derby][SQLException <at> 22c95b] Message = Connection authentication failure occurred. Reason: userid or password invalid.
The same database level properties when connecting using the embedded driver lead to a successful login and everything is working as expected with this driver.
Notes:
As there are two other options in setting up the LDAP authentication provider, here is the behaviour observed for the network driver in these scenarios:
1) when using system-level properties, socket permission errors are given when running with the JAVA security manager enabled; so additional configuration in form of setting up a custom Security Manager is required
2) when supplying the properties as command line arguments at server start-up the properties are recognised (and authorisation is validated as expected without changes required to the default Basic Security Manager)
Here is the output of sysinfo for my environment and the script used for setting the database level properties:
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.connection.requireAuthentication', 'true');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.provider','LDAP');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.server','myserver:10389');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.ldap.searchBase','o=THMB');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.ldap.searchFilter','derby.user');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.thill','uid=thill,o=THMB');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.sqlAuthorization', 'true');
sysinfo for the server
------------------ Java Information ------------------
Java Version: 1.6.0_22
Java Vendor: Sun Microsystems Inc.
Java home: /usr/lib/jvm/java-6-sun-1.6.0.22/jre
Java classpath: /var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyrun.jar
OS name: Linux
OS architecture: i386
OS version: 2.6.26-2-686
Java user name: root
Java user home: /root
Java user dir: /root
java.specification.name: Java Platform API Specification
java.specification.version: 1.6
java.runtime.version: 1.6.0_22-b04
--------- Derby Information --------
JRE - JDBC: Java SE 6 - JDBC 4.0
[/var/lib/derby/db-derby-10.7.1.1-bin/lib/derby.jar] 10.7.1.1 - (1040133)
[/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbytools.jar] 10.7.1.1 - (1040133)
[/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbynet.jar] 10.7.1.1 - (1040133)
[/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyclient.jar] 10.7.1.1 - (1040133)
------------------------------------------------------
----------------- Locale Information -----------------
Current Locale : [English/United States [en_US]]
Found support for locale: [cs]
version: 10.7.1.1 - (1040133)
Found support for locale: [de_DE]
version: 10.7.1.1 - (1040133)
Found support for locale: [es]
version: 10.7.1.1 - (1040133)
Found support for locale: [fr]
version: 10.7.1.1 - (1040133)
Found support for locale: [hu]
version: 10.7.1.1 - (1040133)
Found support for locale: [it]
version: 10.7.1.1 - (1040133)
Found support for locale: [ja_JP]
version: 10.7.1.1 - (1040133)
Found support for locale: [ko_KR]
version: 10.7.1.1 - (1040133)
Found support for locale: [pl]
version: 10.7.1.1 - (1040133)
Found support for locale: [pt_BR]
version: 10.7.1.1 - (1040133)
Found support for locale: [ru]
version: 10.7.1.1 - (1040133)
Found support for locale: [zh_CN]
version: 10.7.1.1 - (1040133)
Found support for locale: [zh_TW]
version: 10.7.1.1 - (1040133)
------------------------------------------------------
sysinfo for the client
------------------ Java-Informationen ------------------
Java-Version: 1.6.0_23
Java-Anbieter: Sun Microsystems Inc.
Java-Home: C:\Programme\Java\jre6
Java-Klassenpfad: C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbyrun.jar
Name des Betriebssystems: Windows XP
Architektur des Betriebssystems: x86
Betriebssystemversion: 5.1
Java-Benutzername: Thomas
Java-Benutzerausgangsverzeichnis: C:\Dokumente und Einstellungen\Thomas
Java-Benutzerverzeichnis: C:\Daten\derby\keys
java.specification.name: Java Platform API Specification
java.specification.version: 1.6
java.runtime.version: 1.6.0_23-b05
--------- Derby-Informationen --------
JRE - JDBC: Java SE 6 - JDBC 4.0
[C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derby.jar] 10.7.1.1 - (1040133)
[C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbytools.jar] 10.7.1.1 - (1040133)
[C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbynet.jar] 10.7.1.1 - (1040133)
[C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbyclient.jar] 10.7.1.1 - (1040133)
------------------------------------------------------
----------------- Informationen zur Ländereinstellung -----------------
Aktuelle Ländereinstellung: [Deutsch/Deutschland [de_DE]]
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [cs]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [de_DE]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [es]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [fr]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [hu]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [it]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [pl]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [pt_BR]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [ru]
Version: 10.7.1.1 - (1040133)
------------------------------------------------------
Attachments
Attachments
Issue Links
- is related to
-
DERBY-4976 LDAP authentication's use of derby.propery for finding dn locally is faulty: search is always performed
- Closed
-
DERBY-3712 Security documentation should state that your java security policy needs to grant you permission to connect to the ldap server if you are using ldap based authentication
- Closed
-
DERBY-4990 Documentation should state a custom security policy being required to use LDAP in conjunction with network driver
- Closed