[
https://issues.apache.org/jira/browse/DERBY-857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535243
]
kmarsden edited comment on DERBY-857 at 10/16/07 6:04 AM:
----------------------------------------------------------------
This is the offending code in LDAPAuthenticationSchemeImpl. It is only an
issue for a sane build and only with the property
derby.debug.true=AuthenticationTrace set, which is probably why it hasn't come
up on the user list.
Interestingly, nothing shows up in this file, for successful or unsuccessful
connections. Lastly the name of the file CloudLDAP.out is not ideal. I see
three options
1) Put a priv block around this code. Change the filename and make sure the bug
doesn't reproduce.
2) Remove the code altogether since it is not working.
3) Try to get LDAP tracing working. Suggestions welcome.
if (SanityManager.DEBUG)
{
if (SanityManager.DEBUG_ON(
AuthenticationServiceBase.AuthenticationTrace)) {
try {
initDirContextEnv.put("com.sun.naming.ldap.trace.ber",
new
java.io.FileOutputStream("CloudLDAP.out"));
} catch (java.io.IOException ie) {}
}
}
was (Author: kmarsden):
This is the offending code in LDAPAuthenticationSchemeImpl. It is only an
issue for a sane build and only with the property
derby.debug.true=AuthenticationTrace set, which is probably why it hasn't come
up on the user list.
Interestingly, nothing shows up in this file, for successful or unsuccessful
connections and the com.sun.naming.ldap.trace.ber, I think is not portable.
Lastly the name of the file CloudLDAP.out is not ideal. I see three options
1) Put a priv block around this code. Change the filename and make sure the bug
doesn't reproduce.
2) Remove the code altogether since it is not portable/working.
3) Find some portable way to invoke LDAP tracing. Suggestions welcome.
if (SanityManager.DEBUG)
{
if (SanityManager.DEBUG_ON(
AuthenticationServiceBase.AuthenticationTrace)) {
try {
initDirContextEnv.put("com.sun.naming.ldap.trace.ber",
new
java.io.FileOutputStream("CloudLDAP.out"));
} catch (java.io.IOException ie) {}
}
}
> LDAP user authentication fails under a security manager
> -------------------------------------------------------
>
> Key: DERBY-857
> URL: https://issues.apache.org/jira/browse/DERBY-857
> Project: Derby
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.2.1.6
> Reporter: Daniel John Debrunner
> Assignee: Kathey Marsden
>
> Running the test jdbcapi/secureUsers1.sql with a security manager results in:
> > ERROR 08004: Connection refused : javax.naming.CommunicationException:
> > noSuchMachine:389 [Root exception is java.security.AccessControlException:
> > access denied (java.net.SocketPermission noSuchMachine resolve)]
> Adding this permission to the policy file has no effect. which means a priv
> block is required around the LDAP call.
> permission java.net.SocketPermission "noSuchMachine", "resolve";
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
