[
http://issues.apache.org/jira/browse/DERBY-1000?page=comments#action_12366858 ]
Francois Orsini commented on DERBY-1000:
----------------------------------------
Correct - I remember testing LDAPS using the Context.PROVIDER_URL route.
The derby tuning guide documentation should also make mention of using the JNDI
Context.PROVIDER_URL property to connect to an LDAP server, as an alternative
to the derby 'derby.authentication.server' property. (see
'derby.authentication.server' property section).
Upon fixing this simple issue, The syntax for the derby
'derby.authentication.server' property should be enhanced to also mention
LDAPS: as a valid syntax as well as adding an example in the respective section.
derby.authentication.server=
[{ ldap: | ldaps: | nisplus: }]
[//]
{
hostname
:
portnumber |
nisServerName
/
nisDomain
}
##LDAPS example
derby.authentication.server=ldaps://godfrey:9090
> For LDAP authentication: derby.authentication.server should support ldaps://
> as part of the server url.
> -------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1000
> URL: http://issues.apache.org/jira/browse/DERBY-1000
> Project: Derby
> Type: Bug
> Components: Newcomer, Security
> Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.1.1, 10.1.1.2, 10.1.2.0,
> 10.1.2.1, 10.1.2.2, 10.2.0.0
> Environment: all
> Reporter: Sunitha Kambhampati
> Priority: Trivial
>
> derby.authentication.server does not recognize secure ldap url - ie if the
> url starts with ldaps://
> Trying to connect using LDAP authentication with the following properties set
> derby.authentication.provider=LDAP
> derby.authentication.server=ldaps://xyz.abc.com:636
> derby.authentication.ldap.searchBase='ou=xyz,o=abc.com'
> derby.authentication.ldap.searchFilter='(emailaddress=%USERNAME%)'
> derby.connection.requireAuthentication=true
> throws InvalidNameException
> ij> connect 'jdbc:derby:testdb;user=a;password=p';
> ERROR 08004: Connection refused : javax.naming.InvalidNameException: Invalid
> name: /xyz.abc.com:636
> Code - LDAPAuthenticationSchemeImpl#setJNDIProviderProperties.
> Problem is the code expects that if Context.PROVIDER_URL is not and if
> derby.authentication.server is set, then the ldapServer is either of the
> format //server:port or it already starts with ldap:// else it just adds
> ldap:// .
> Thus for a ldaps://xyz.com:636 url , it will become
> ldap://ldaps://xyz.com:636
>
> in the code snippet, dflLDAPURL is ldap://
> if (ldapServer.startsWith(dfltLDAPURL))
> this.providerURL = ldapServer;
> else if (ldapServer.startsWith("//"))
> this.providerURL = "ldap:" + ldapServer;
> else
> this.providerURL = dfltLDAPURL +
> ldapServer;
> }
> initDirContextEnv.put(Context.PROVIDER_URL,
> providerURL);
> We should support specifiying secure ldap , ie ldaps:// in the
> derby.authentication.server. Add condition to support the ldaps://
> ie.
> if (ldapServer.startsWith(dfltLDAPURL) ||
> ldapServer.startsWith("ldaps://"))
> this.providerURL = ldapServer;
> ========
> A workaround to the problem is to set the Context.PROVIDER_URL instead.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
