[ http://issues.apache.org/jira/browse/DERBY-1000?page=all ]
Sunitha Kambhampati updated DERBY-1000:
---------------------------------------
Description:
derby.authentication.server does not recognize secure ldap url - ie if the url
starts with ldaps://
Trying to connect using LDAP authentication with the following properties set
derby.authentication.provider=LDAP
derby.authentication.server=ldaps://xyz.abc.com:636
derby.authentication.ldap.searchBase='ou=xyz,o=abc.com'
derby.authentication.ldap.searchFilter='(emailaddress=%USERNAME%)'
derby.connection.requireAuthentication=true
throws InvalidNameException
ij> connect 'jdbc:derby:testdb;user=a;password=p';
ERROR 08004: Connection refused : javax.naming.InvalidNameException: Invalid
name: /xyz.abc.com:636
Code - LDAPAuthenticationSchemeImpl#setJNDIProviderProperties.
Problem is the code expects that if Context.PROVIDER_URL is not and if
derby.authentication.server is set, then the ldapServer is either of the format
//server:port or it already starts with ldap:// else it just adds ldap:// .
Thus for a ldaps://xyz.com:636 url , it will become ldap://ldaps://xyz.com:636
in the code snippet, dflLDAPURL is ldap://
if (ldapServer.startsWith(dfltLDAPURL))
this.providerURL = ldapServer;
else if (ldapServer.startsWith("//"))
this.providerURL = "ldap:" + ldapServer;
else
this.providerURL = dfltLDAPURL +
ldapServer;
}
initDirContextEnv.put(Context.PROVIDER_URL,
providerURL);
We should support specifiying secure ldap , ie ldaps:// in the
derby.authentication.server. Add condition to support the ldaps://
ie.
if (ldapServer.startsWith(dfltLDAPURL) ||
ldapServer.startsWith("ldaps://"))
this.providerURL = ldapServer;
========
A workaround to the problem is to set the Context.PROVIDER_URL instead.
was:
ij> connect 'jdbc:derby:testdb;user=a;password=p';
ERROR 08004: Connection refused : javax.naming.InvalidNameException: Invalid
name: /server.xyz.com:636
Code - LDAPAuthenticationSchemeImpl#setJNDIProviderProperties.
Problem is the code expects that if Context.PROVIDER_URL is not and if
derby.authentication.server is set, then the ldapServer is either of the format
//server:port or it already starts with ldap:// else it just adds ldap:// .
Thus for a ldaps://xyz.com:636 url , it will become ldap://ldaps://xyz.com:636
in the code snippet, dflLDAPURL is ldap://
if (ldapServer.startsWith(dfltLDAPURL))
this.providerURL = ldapServer;
else if (ldapServer.startsWith("//"))
this.providerURL = "ldap:" + ldapServer;
else
this.providerURL = dfltLDAPURL +
ldapServer;
}
initDirContextEnv.put(Context.PROVIDER_URL,
providerURL);
We should support specifiying secure ldap , ie ldaps:// in the
derby.authentication.server. Add condition to support the ldaps://
ie.
if (ldapServer.startsWith(dfltLDAPURL) ||
ldapServer.startsWith("ldaps://"))
this.providerURL = ldapServer;
========
A workaround to the problem is to set the Context.PROVIDER_URL instead.
> For LDAP authentication: derby.authentication.server should support ldaps://
> as part of the server url.
> -------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1000
> URL: http://issues.apache.org/jira/browse/DERBY-1000
> Project: Derby
> Type: Bug
> Components: Newcomer, Security
> Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.1.1, 10.1.1.2, 10.1.2.0,
> 10.1.2.1, 10.1.2.2, 10.2.0.0
> Environment: all
> Reporter: Sunitha Kambhampati
> Priority: Trivial
>
> derby.authentication.server does not recognize secure ldap url - ie if the
> url starts with ldaps://
> Trying to connect using LDAP authentication with the following properties set
> derby.authentication.provider=LDAP
> derby.authentication.server=ldaps://xyz.abc.com:636
> derby.authentication.ldap.searchBase='ou=xyz,o=abc.com'
> derby.authentication.ldap.searchFilter='(emailaddress=%USERNAME%)'
> derby.connection.requireAuthentication=true
> throws InvalidNameException
> ij> connect 'jdbc:derby:testdb;user=a;password=p';
> ERROR 08004: Connection refused : javax.naming.InvalidNameException: Invalid
> name: /xyz.abc.com:636
> Code - LDAPAuthenticationSchemeImpl#setJNDIProviderProperties.
> Problem is the code expects that if Context.PROVIDER_URL is not and if
> derby.authentication.server is set, then the ldapServer is either of the
> format //server:port or it already starts with ldap:// else it just adds
> ldap:// .
> Thus for a ldaps://xyz.com:636 url , it will become
> ldap://ldaps://xyz.com:636
>
> in the code snippet, dflLDAPURL is ldap://
> if (ldapServer.startsWith(dfltLDAPURL))
> this.providerURL = ldapServer;
> else if (ldapServer.startsWith("//"))
> this.providerURL = "ldap:" + ldapServer;
> else
> this.providerURL = dfltLDAPURL +
> ldapServer;
> }
> initDirContextEnv.put(Context.PROVIDER_URL,
> providerURL);
> We should support specifiying secure ldap , ie ldaps:// in the
> derby.authentication.server. Add condition to support the ldaps://
> ie.
> if (ldapServer.startsWith(dfltLDAPURL) ||
> ldapServer.startsWith("ldaps://"))
> this.providerURL = ldapServer;
> ========
> A workaround to the problem is to set the Context.PROVIDER_URL instead.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
