[DERBY-4989] LDAP authentication not working when using network client driver and database level properties - ASF JIRA

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Invalid
Affects Version/s: None
Fix Version/s: None
Component/s: Network Client
Labels:
None
Environment:
Network Server running under Debian 5.0 stable, Win XP Service Pack 3 Client, Derby Version 10.7.1.1, ApacheDS 1.5.7

Bug behavior facts:

Embedded/Client difference, Security

Description

The network server client driver is not recognising LDAP authentication provider configuration when database properties are being used.

When trying to connect with the network client driver error 08004 'userid or password invalid' is thrown:

[derby][SQLException <at> 22c95b] java.sql.SQLException
[derby][SQLException <at> 22c95b] SQL state = 08004
[derby][SQLException <at> 22c95b] Error code = 40000
[derby][SQLException <at> 22c95b] Message = Connection authentication failure occurred. Reason: userid or password invalid.

The same database level properties when connecting using the embedded driver lead to a successful login and everything is working as expected with this driver.

Notes:
As there are two other options in setting up the LDAP authentication provider, here is the behaviour observed for the network driver in these scenarios:
1) when using system-level properties, socket permission errors are given when running with the JAVA security manager enabled; so additional configuration in form of setting up a custom Security Manager is required
2) when supplying the properties as command line arguments at server start-up the properties are recognised (and authorisation is validated as expected without changes required to the default Basic Security Manager)

Here is the output of sysinfo for my environment and the script used for setting the database level properties:

CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.connection.requireAuthentication', 'true');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.provider','LDAP');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.server','myserver:10389');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.ldap.searchBase','o=THMB');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.ldap.searchFilter','derby.user');

CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.thill','uid=thill,o=THMB');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.sqlAuthorization', 'true');

sysinfo for the server
------------------ Java Information ------------------
Java Version: 1.6.0_22
Java Vendor: Sun Microsystems Inc.
Java home: /usr/lib/jvm/java-6-sun-1.6.0.22/jre
Java classpath: /var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyrun.jar
OS name: Linux
OS architecture: i386
OS version: 2.6.26-2-686
Java user name: root
Java user home: /root
Java user dir: /root
java.specification.name: Java Platform API Specification
java.specification.version: 1.6
java.runtime.version: 1.6.0_22-b04
--------- Derby Information --------
JRE - JDBC: Java SE 6 - JDBC 4.0
[/var/lib/derby/db-derby-10.7.1.1-bin/lib/derby.jar] 10.7.1.1 - (1040133)
[/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbytools.jar] 10.7.1.1 - (1040133)
[/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbynet.jar] 10.7.1.1 - (1040133)
[/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyclient.jar] 10.7.1.1 - (1040133)
------------------------------------------------------
----------------- Locale Information -----------------
Current Locale : [English/United States [en_US]]
Found support for locale: [cs]
version: 10.7.1.1 - (1040133)
Found support for locale: [de_DE]
version: 10.7.1.1 - (1040133)
Found support for locale: [es]
version: 10.7.1.1 - (1040133)
Found support for locale: [fr]
version: 10.7.1.1 - (1040133)
Found support for locale: [hu]
version: 10.7.1.1 - (1040133)
Found support for locale: [it]
version: 10.7.1.1 - (1040133)
Found support for locale: [ja_JP]
version: 10.7.1.1 - (1040133)
Found support for locale: [ko_KR]
version: 10.7.1.1 - (1040133)
Found support for locale: [pl]
version: 10.7.1.1 - (1040133)
Found support for locale: [pt_BR]
version: 10.7.1.1 - (1040133)
Found support for locale: [ru]
version: 10.7.1.1 - (1040133)
Found support for locale: [zh_CN]
version: 10.7.1.1 - (1040133)
Found support for locale: [zh_TW]
version: 10.7.1.1 - (1040133)
------------------------------------------------------

sysinfo for the client

------------------ Java-Informationen ------------------
Java-Version: 1.6.0_23
Java-Anbieter: Sun Microsystems Inc.
Java-Home: C:\Programme\Java\jre6
Java-Klassenpfad: C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbyrun.jar
Name des Betriebssystems: Windows XP
Architektur des Betriebssystems: x86
Betriebssystemversion: 5.1
Java-Benutzername: Thomas
Java-Benutzerausgangsverzeichnis: C:\Dokumente und Einstellungen\Thomas
Java-Benutzerverzeichnis: C:\Daten\derby\keys
java.specification.name: Java Platform API Specification
java.specification.version: 1.6
java.runtime.version: 1.6.0_23-b05
--------- Derby-Informationen --------
JRE - JDBC: Java SE 6 - JDBC 4.0
[C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derby.jar] 10.7.1.1 - (1040133)
[C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbytools.jar] 10.7.1.1 - (1040133)
[C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbynet.jar] 10.7.1.1 - (1040133)
[C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbyclient.jar] 10.7.1.1 - (1040133)
------------------------------------------------------
----------------- Informationen zur Ländereinstellung -----------------
Aktuelle Ländereinstellung: [Deutsch/Deutschland [de_DE]]
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [cs]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [de_DE]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [es]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [fr]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [hu]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [it]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [pl]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [pt_BR]
Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [ru]
Version: 10.7.1.1 - (1040133)
------------------------------------------------------

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

mypolicy
31/Jan/11 23:13
6 kB
Dag H. Wanvik
ASF.LICENSE.NOT.GRANTED--screenshot-1.jpg
31/Jan/11 21:18
70 kB
Thomas Hill
ldaprepro.tar.gz
31/Jan/11 21:11
62 kB
Thomas Hill
LDAPrepro.txt
31/Jan/11 21:09
1 kB
Thomas Hill

Issue Links

is related to

DERBY-4976 LDAP authentication's use of derby.propery for finding dn locally is faulty: search is always performed

Closed

DERBY-3712 Security documentation should state that your java security policy needs to grant you permission to connect to the ldap server if you are using ldap based authentication

Closed

DERBY-4990 Documentation should state a custom security policy being required to use LDAP in conjunction with network driver

Closed

LDAP authentication not working when using network client driver and database level properties

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates