LDAP authentication's use of derby.propery for finding dn locally is faulty:
search is always performed
-------------------------------------------------------------------------------------------------------
Key: DERBY-4976
URL: https://issues.apache.org/jira/browse/DERBY-4976
Project: Derby
Issue Type: Bug
Components: Services
Affects Versions: 10.8.0.0
Reporter: Dag H. Wanvik
cf DERBY-4975.
It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as
advertised.
LDAPAuthenticationSchemeImpl contains this code:
#authenticateUser:
:
// Retrieve the user's DN (Distinguished Name) If we're asked to
// look it up locally, do it first and if we don't find it, we go
// against the LDAP server for a look-up (search)
if (useUserPropertyAsDN)
userDN =
authenticationService.getProperty(
org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX);
The lookup happens against the property "derby.user.", the username is not
appended first, so userDN always returns null, and search ensues before bind.
Cf. this explanation http://db.apache.org/derby/manuals/develop/develop100.html:
> Derby typically initiates a search for a full DN before binding to the
> directory using the full DN for user authentication. Derby does not initiate
> a search in the following cases:
>
> * You have set derby.authentication.ldap.searchFilter to derby.user.
> * A user DN has been cached locally for the specific user with the
> derby.user.UserName property.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
