[jira] Created: (DERBY-4989) LDAP authentication not working when using network client driver and database level properties

Sat, 29 Jan 2011 03:41:15 -0800 

LDAP authentication not working when using network client driver and database 
level properties
----------------------------------------------------------------------------------------------

                 Key: DERBY-4989
                 URL: https://issues.apache.org/jira/browse/DERBY-4989
             Project: Derby
          Issue Type: Bug
          Components: Network Client
         Environment: Network Server running under Debian 5.0 stable, Win XP 
Service Pack 3 Client, Derby Version 10.7.1.1
            Reporter: Thomas Hill


The network server client driver is not recognising LDAP authentication 
provider configuration when database properties are being used. 

When trying to connect with the network client driver error 08004 'userid or 
password invalid' is thrown:

[derby][SQLException <at> 22c95b] java.sql.SQLException
[derby][SQLException <at> 22c95b] SQL state  = 08004
[derby][SQLException <at> 22c95b] Error code = 40000
[derby][SQLException <at> 22c95b] Message    = Connection authentication 
failure occurred.  Reason: userid or password invalid.

The same database level properties when connecting using the embedded driver 
lead to a successful login and everything is working as expected with this 
driver.

Notes:
As there are two other options in setting up the LDAP authentication provider, 
here is the behaviour observed for the network driver in these scenarios:
1) when using system-level properties, socket permission errors are given when 
running with the JAVA security manager enabled; so additional configuration in 
form of setting up a custom Security Manager is required
2) when supplying the properties as command line arguments at server start-up 
the properties are recognised (and authorisation is validated as expected 
without changes required to the default Basic Security Manager)

Here is the output of sysinfo for my environment and the script used for 
setting the database level properties:

CALL 
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.connection.requireAuthentication',
 'true');
CALL 
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.provider','LDAP');
CALL 
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.server','myserver:10389');
CALL 
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.ldap.searchBase','o=THMB');
CALL 
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.ldap.searchFilter','derby.user');

CALL 
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.thill','uid=thill,o=THMB');
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.sqlAuthorization', 
'true');

sysinfo for the server
------------------ Java Information ------------------
Java Version:    1.6.0_22
Java Vendor:     Sun Microsystems Inc.
Java home:       /usr/lib/jvm/java-6-sun-1.6.0.22/jre
Java classpath:  /var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyrun.jar
OS name:         Linux
OS architecture: i386
OS version:      2.6.26-2-686
Java user name:  root
Java user home:  /root
Java user dir:   /root
java.specification.name: Java Platform API Specification
java.specification.version: 1.6
java.runtime.version: 1.6.0_22-b04
--------- Derby Information --------
JRE - JDBC: Java SE 6 - JDBC 4.0
[/var/lib/derby/db-derby-10.7.1.1-bin/lib/derby.jar] 10.7.1.1 - (1040133)
[/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbytools.jar] 10.7.1.1 - (1040133)
[/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbynet.jar] 10.7.1.1 - (1040133)
[/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyclient.jar] 10.7.1.1 - (1040133)
------------------------------------------------------
----------------- Locale Information -----------------
Current Locale :  [English/United States [en_US]]
Found support for locale: [cs]
         version: 10.7.1.1 - (1040133)
Found support for locale: [de_DE]
         version: 10.7.1.1 - (1040133)
Found support for locale: [es]
         version: 10.7.1.1 - (1040133)
Found support for locale: [fr]
         version: 10.7.1.1 - (1040133)
Found support for locale: [hu]
         version: 10.7.1.1 - (1040133)
Found support for locale: [it]
         version: 10.7.1.1 - (1040133)
Found support for locale: [ja_JP]
         version: 10.7.1.1 - (1040133)
Found support for locale: [ko_KR]
         version: 10.7.1.1 - (1040133)
Found support for locale: [pl]
         version: 10.7.1.1 - (1040133)
Found support for locale: [pt_BR]
         version: 10.7.1.1 - (1040133)
Found support for locale: [ru]
         version: 10.7.1.1 - (1040133)
Found support for locale: [zh_CN]
         version: 10.7.1.1 - (1040133)
Found support for locale: [zh_TW]
         version: 10.7.1.1 - (1040133)
------------------------------------------------------


sysinfo for the client

------------------ Java-Informationen ------------------
Java-Version: 1.6.0_23
Java-Anbieter: Sun Microsystems Inc.
Java-Home: C:\Programme\Java\jre6
Java-Klassenpfad: C:\Programme\Apache 
Derby\db-derby-10.7.1.1-bin\lib\derbyrun.jar
Name des Betriebssystems: Windows XP
Architektur des Betriebssystems: x86
Betriebssystemversion: 5.1
Java-Benutzername: Thomas
Java-Benutzerausgangsverzeichnis: C:\Dokumente und Einstellungen\Thomas
Java-Benutzerverzeichnis: C:\Daten\derby\keys
java.specification.name: Java Platform API Specification
java.specification.version: 1.6
java.runtime.version: 1.6.0_23-b05
--------- Derby-Informationen --------
JRE - JDBC: Java SE 6 - JDBC 4.0
[C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derby.jar] 10.7.1.1 - 
(1040133)
[C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbytools.jar] 10.7.1.1 - 
(1040133)
[C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbynet.jar] 10.7.1.1 - 
(1040133)
[C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbyclient.jar] 10.7.1.1 
- (1040133)
------------------------------------------------------
----------------- Informationen zur Ländereinstellung -----------------
Aktuelle Ländereinstellung:  [Deutsch/Deutschland [de_DE]]
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [cs]
         Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [de_DE]
         Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [es]
         Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [fr]
         Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [hu]
         Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [it]
         Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [pl]
         Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [pt_BR]
         Version: 10.7.1.1 - (1040133)
Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [ru]
         Version: 10.7.1.1 - (1040133)
------------------------------------------------------


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to