[
https://issues.apache.org/jira/browse/DERBY-4989?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12990327#comment-12990327
]
Dag H. Wanvik commented on DERBY-4989:
--------------------------------------
Hi Thomas,
when you do the shutdown, you can just omit the explicit security manager
settings: the command you invoke actually acts as a client that talks to the
running server to shut it down, so you don't need to run that client under the
security manager, i.e.: not this:
java -Djava.security.manager -Djava.security.policy=mypolicy -jar
$DERBY_HOME/derbyrun.jar server shutdown
but like this:
java -jar $DERBY_HOME/derbyrun.jar server shutdown
Hope this helps! This is all rather convoluted I'm afraid, as your experience
shows. I think we need to improve our docs in this area.
(Optional): Note that system shutdown can be protected too, if you wish, by
specifying system wide settings for authentication, e.g. by having this is
derby.properties (or on the server start commandline with defines):
derby.connection.requireAuthentication=true
derby.authentication.provider=LDAP
derby.authentication.server=miniserver:10389
derby.authentication.ldap.searchBase=o=THMB
In that case you would need to shut down in this way:
java -jar $DERBY_HOME/derbyrun.jar server shutdown -user thill -password
<password>
> LDAP authentication not working when using network client driver and database
> level properties
> ----------------------------------------------------------------------------------------------
>
> Key: DERBY-4989
> URL: https://issues.apache.org/jira/browse/DERBY-4989
> Project: Derby
> Issue Type: Bug
> Components: Network Client
> Environment: Network Server running under Debian 5.0 stable, Win XP
> Service Pack 3 Client, Derby Version 10.7.1.1, ApacheDS 1.5.7
> Reporter: Thomas Hill
> Attachments: LDAPrepro.txt, ldaprepro.tar.gz, mypolicy,
> screenshot-1.jpg
>
>
> The network server client driver is not recognising LDAP authentication
> provider configuration when database properties are being used.
> When trying to connect with the network client driver error 08004 'userid or
> password invalid' is thrown:
> [derby][SQLException <at> 22c95b] java.sql.SQLException
> [derby][SQLException <at> 22c95b] SQL state = 08004
> [derby][SQLException <at> 22c95b] Error code = 40000
> [derby][SQLException <at> 22c95b] Message = Connection authentication
> failure occurred. Reason: userid or password invalid.
> The same database level properties when connecting using the embedded driver
> lead to a successful login and everything is working as expected with this
> driver.
> Notes:
> As there are two other options in setting up the LDAP authentication
> provider, here is the behaviour observed for the network driver in these
> scenarios:
> 1) when using system-level properties, socket permission errors are given
> when running with the JAVA security manager enabled; so additional
> configuration in form of setting up a custom Security Manager is required
> 2) when supplying the properties as command line arguments at server start-up
> the properties are recognised (and authorisation is validated as expected
> without changes required to the default Basic Security Manager)
> Here is the output of sysinfo for my environment and the script used for
> setting the database level properties:
> CALL
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.connection.requireAuthentication',
> 'true');
> CALL
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.provider','LDAP');
> CALL
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.server','myserver:10389');
> CALL
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.ldap.searchBase','o=THMB');
> CALL
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.authentication.ldap.searchFilter','derby.user');
> CALL
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.thill','uid=thill,o=THMB');
> CALL
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.sqlAuthorization',
> 'true');
> sysinfo for the server
> ------------------ Java Information ------------------
> Java Version: 1.6.0_22
> Java Vendor: Sun Microsystems Inc.
> Java home: /usr/lib/jvm/java-6-sun-1.6.0.22/jre
> Java classpath: /var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyrun.jar
> OS name: Linux
> OS architecture: i386
> OS version: 2.6.26-2-686
> Java user name: root
> Java user home: /root
> Java user dir: /root
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.6
> java.runtime.version: 1.6.0_22-b04
> --------- Derby Information --------
> JRE - JDBC: Java SE 6 - JDBC 4.0
> [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derby.jar] 10.7.1.1 - (1040133)
> [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbytools.jar] 10.7.1.1 - (1040133)
> [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbynet.jar] 10.7.1.1 - (1040133)
> [/var/lib/derby/db-derby-10.7.1.1-bin/lib/derbyclient.jar] 10.7.1.1 -
> (1040133)
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [cs]
> version: 10.7.1.1 - (1040133)
> Found support for locale: [de_DE]
> version: 10.7.1.1 - (1040133)
> Found support for locale: [es]
> version: 10.7.1.1 - (1040133)
> Found support for locale: [fr]
> version: 10.7.1.1 - (1040133)
> Found support for locale: [hu]
> version: 10.7.1.1 - (1040133)
> Found support for locale: [it]
> version: 10.7.1.1 - (1040133)
> Found support for locale: [ja_JP]
> version: 10.7.1.1 - (1040133)
> Found support for locale: [ko_KR]
> version: 10.7.1.1 - (1040133)
> Found support for locale: [pl]
> version: 10.7.1.1 - (1040133)
> Found support for locale: [pt_BR]
> version: 10.7.1.1 - (1040133)
> Found support for locale: [ru]
> version: 10.7.1.1 - (1040133)
> Found support for locale: [zh_CN]
> version: 10.7.1.1 - (1040133)
> Found support for locale: [zh_TW]
> version: 10.7.1.1 - (1040133)
> ------------------------------------------------------
> sysinfo for the client
> ------------------ Java-Informationen ------------------
> Java-Version: 1.6.0_23
> Java-Anbieter: Sun Microsystems Inc.
> Java-Home: C:\Programme\Java\jre6
> Java-Klassenpfad: C:\Programme\Apache
> Derby\db-derby-10.7.1.1-bin\lib\derbyrun.jar
> Name des Betriebssystems: Windows XP
> Architektur des Betriebssystems: x86
> Betriebssystemversion: 5.1
> Java-Benutzername: Thomas
> Java-Benutzerausgangsverzeichnis: C:\Dokumente und Einstellungen\Thomas
> Java-Benutzerverzeichnis: C:\Daten\derby\keys
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.6
> java.runtime.version: 1.6.0_23-b05
> --------- Derby-Informationen --------
> JRE - JDBC: Java SE 6 - JDBC 4.0
> [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derby.jar] 10.7.1.1 -
> (1040133)
> [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbytools.jar] 10.7.1.1
> - (1040133)
> [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbynet.jar] 10.7.1.1 -
> (1040133)
> [C:\Programme\Apache Derby\db-derby-10.7.1.1-bin\lib\derbyclient.jar]
> 10.7.1.1 - (1040133)
> ------------------------------------------------------
> ----------------- Informationen zur Ländereinstellung -----------------
> Aktuelle Ländereinstellung: [Deutsch/Deutschland [de_DE]]
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [cs]
> Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [de_DE]
> Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [es]
> Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [fr]
> Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [hu]
> Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [it]
> Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [pl]
> Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [pt_BR]
> Version: 10.7.1.1 - (1040133)
> Es wurde Unterstützung für die folgende Ländereinstellung gefunden: [ru]
> Version: 10.7.1.1 - (1040133)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
