[jira] Resolved: (DERBY-1000) For LDAP authentication: derby.authentication.server should support ldaps:// as part of the server url.

[Knut Anders Hatlen (JIRA)]

     [ http://issues.apache.org/jira/browse/DERBY-1000?page=all ]
     
Knut Anders Hatlen resolved DERBY-1000:
---------------------------------------

    Fix Version: 10.2.0.0
     Resolution: Fixed
     Derby Info:   (was: [Patch Available])

I think the doc patch is ready to be committed too.

Code patch committed with revision 419852.
Doc patch committed with revision 419853.

Thanks to Anders for fixing the code and updating the documentation. Thanks to 
Sunitha for reviewing the changes.

> For LDAP authentication: derby.authentication.server should support ldaps:// 
> as part of the server url.
> -------------------------------------------------------------------------------------------------------
>
>          Key: DERBY-1000
>          URL: http://issues.apache.org/jira/browse/DERBY-1000
>      Project: Derby
>         Type: Bug

>   Components: Newcomer, Security
>     Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.1.1, 10.1.1.2, 10.1.2.0, 
> 10.1.2.1, 10.1.2.2, 10.2.0.0
>  Environment: all
>     Reporter: Sunitha Kambhampati
>     Assignee: Anders Morken
>     Priority: Trivial
>      Fix For: 10.2.0.0
>  Attachments: DERBY-1000.patch, DERBY1000-docs.patch
>
> derby.authentication.server does not recognize secure ldap url - ie if  the 
> url starts with ldaps:// 
> Trying to connect using LDAP authentication with the following properties set
> derby.authentication.provider=LDAP
> derby.authentication.server=ldaps://xyz.abc.com:636
> derby.authentication.ldap.searchBase='ou=xyz,o=abc.com'
> derby.authentication.ldap.searchFilter='(emailaddress=%USERNAME%)'
> derby.connection.requireAuthentication=true
> throws InvalidNameException
> ij> connect 'jdbc:derby:testdb;user=a;password=p';
> ERROR 08004: Connection refused : javax.naming.InvalidNameException: Invalid 
> name: /xyz.abc.com:636
> Code - LDAPAuthenticationSchemeImpl#setJNDIProviderProperties.
> Problem is the code expects that if Context.PROVIDER_URL is not and if 
> derby.authentication.server is set, then the ldapServer is either of the 
> format //server:port  or it already starts with ldap://  else it just adds 
> ldap://  .
> Thus for a ldaps://xyz.com:636  url , it will become 
> ldap://ldaps://xyz.com:636
>                                                                               
>        in the code snippet, dflLDAPURL is ldap://
>                               if (ldapServer.startsWith(dfltLDAPURL))
>                                       this.providerURL = ldapServer;
>                               else if (ldapServer.startsWith("//"))
>                                       this.providerURL = "ldap:" + ldapServer;
>                               else
>                                       this.providerURL = dfltLDAPURL + 
> ldapServer;
>                       }
>                       initDirContextEnv.put(Context.PROVIDER_URL, 
> providerURL);
> We should support specifiying secure ldap , ie ldaps://  in the 
> derby.authentication.server. Add condition to support the ldaps:// 
> ie. 
>                       if (ldapServer.startsWith(dfltLDAPURL) || 
> ldapServer.startsWith("ldaps://"))
>                                       this.providerURL = ldapServer;
> ========
> A workaround to the problem is to set the Context.PROVIDER_URL instead.  

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira