[
https://issues.apache.org/jira/browse/DERBY-4976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dag H. Wanvik updated DERBY-4976:
---------------------------------
Description:
cf DERBY-4975.
It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as
advertised.
LDAPAuthenticationSchemeImpl contains this code:
#authenticateUser:
:
// Retrieve the user's DN (Distinguished Name) If we're asked to
// look it up locally, do it first and if we don't find it, we go
// against the LDAP server for a look-up (search)
if (useUserPropertyAsDN)
userDN =
authenticationService.getProperty(
org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX);
The lookup happens against the property "derby.user.", the username is not
appended first, so userDN is always set to null, and search ensues before bind.
Cf. this explanation http://db.apache.org/derby/manuals/develop/develop100.html:
> Derby typically initiates a search for a full DN before binding to the
> directory using the full DN for user authentication. Derby does not initiate
> a search in the following cases:
>
> * You have set derby.authentication.ldap.searchFilter to derby.user.
> * A user DN has been cached locally for the specific user with the
> derby.user.UserName property.
was:
cf DERBY-4975.
It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as
advertised.
LDAPAuthenticationSchemeImpl contains this code:
#authenticateUser:
:
// Retrieve the user's DN (Distinguished Name) If we're asked to
// look it up locally, do it first and if we don't find it, we go
// against the LDAP server for a look-up (search)
if (useUserPropertyAsDN)
userDN =
authenticationService.getProperty(
org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX);
The lookup happens against the property "derby.user.", the username is not
appended first, so userDN always returns null, and search ensues before bind.
Cf. this explanation http://db.apache.org/derby/manuals/develop/develop100.html:
> Derby typically initiates a search for a full DN before binding to the
> directory using the full DN for user authentication. Derby does not initiate
> a search in the following cases:
>
> * You have set derby.authentication.ldap.searchFilter to derby.user.
> * A user DN has been cached locally for the specific user with the
> derby.user.UserName property.
> LDAP authentication's use of derby.propery for finding dn locally is faulty:
> search is always performed
> -------------------------------------------------------------------------------------------------------
>
> Key: DERBY-4976
> URL: https://issues.apache.org/jira/browse/DERBY-4976
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.8.0.0
> Reporter: Dag H. Wanvik
>
> cf DERBY-4975.
> It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as
> advertised.
> LDAPAuthenticationSchemeImpl contains this code:
> #authenticateUser:
> :
> // Retrieve the user's DN (Distinguished Name) If we're asked to
> // look it up locally, do it first and if we don't find it, we go
> // against the LDAP server for a look-up (search)
> if (useUserPropertyAsDN)
> userDN =
> authenticationService.getProperty(
>
> org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX);
> The lookup happens against the property "derby.user.", the username is not
> appended first, so userDN is always set to null, and search ensues before
> bind. Cf. this explanation
> http://db.apache.org/derby/manuals/develop/develop100.html:
> > Derby typically initiates a search for a full DN before binding to the
> > directory using the full DN for user authentication. Derby does not
> > initiate a search in the following cases:
> >
> > * You have set derby.authentication.ldap.searchFilter to derby.user.
> > * A user DN has been cached locally for the specific user with the
> > derby.user.UserName property.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
