[jira] Updated: (DERBY-4976) LDAP authentication's use of derby.propery for finding dn locally is faulty: search is always performed
[ https://issues.apache.org/jira/browse/DERBY-4976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mike Matrigali updated DERBY-4976: -- Urgency: Normal Labels: derby_triage10_8 (was: ) > LDAP authentication's use of derby.propery for finding dn locally is faulty: > search is always performed > --- > > Key: DERBY-4976 > URL: https://issues.apache.org/jira/browse/DERBY-4976 > Project: Derby > Issue Type: Bug > Components: Services >Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, > 10.2.1.6, 10.2.2.0, 10.3.1.4, 10.3.2.1, 10.3.3.0, 10.4.1.3, 10.4.2.0, > 10.5.1.1, 10.5.2.0, 10.5.3.0, 10.6.1.0, 10.6.2.1, 10.7.1.1 >Reporter: Dag H. Wanvik > Labels: derby_triage10_8 > > cf DERBY-4975. > It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as > advertised. > LDAPAuthenticationSchemeImpl contains this code: > #authenticateUser: > : > // Retrieve the user's DN (Distinguished Name) If we're asked to > // look it up locally, do it first and if we don't find it, we go > // against the LDAP server for a look-up (search) > if (useUserPropertyAsDN) > userDN = > authenticationService.getProperty( > > org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX); > The lookup happens against the property "derby.user.", the username is not > appended first, so userDN is always set to null, and search ensues before > bind. Cf. this explanation > http://db.apache.org/derby/manuals/develop/develop100.html: > > Derby typically initiates a search for a full DN before binding to the > > directory using the full DN for user authentication. Derby does not > > initiate a search in the following cases: > > > > * You have set derby.authentication.ldap.searchFilter to derby.user. > > * A user DN has been cached locally for the specific user with the > > derby.user.UserName property. -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-4976) LDAP authentication's use of derby.propery for finding dn locally is faulty: search is always performed
[ https://issues.apache.org/jira/browse/DERBY-4976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dag H. Wanvik updated DERBY-4976: - Issue & fix info: [Known fix] Marking "known fix": append the username to the prefix before looking up the property value. > LDAP authentication's use of derby.propery for finding dn locally is faulty: > search is always performed > --- > > Key: DERBY-4976 > URL: https://issues.apache.org/jira/browse/DERBY-4976 > Project: Derby > Issue Type: Bug > Components: Services >Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, > 10.2.1.6, 10.2.2.0, 10.3.1.4, 10.3.2.1, 10.3.3.0, 10.4.1.3, 10.4.2.0, > 10.5.1.1, 10.5.2.0, 10.5.3.0, 10.6.1.0, 10.6.2.1, 10.7.1.1 >Reporter: Dag H. Wanvik > > cf DERBY-4975. > It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as > advertised. > LDAPAuthenticationSchemeImpl contains this code: > #authenticateUser: > : > // Retrieve the user's DN (Distinguished Name) If we're asked to > // look it up locally, do it first and if we don't find it, we go > // against the LDAP server for a look-up (search) > if (useUserPropertyAsDN) > userDN = > authenticationService.getProperty( > > org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX); > The lookup happens against the property "derby.user.", the username is not > appended first, so userDN is always set to null, and search ensues before > bind. Cf. this explanation > http://db.apache.org/derby/manuals/develop/develop100.html: > > Derby typically initiates a search for a full DN before binding to the > > directory using the full DN for user authentication. Derby does not > > initiate a search in the following cases: > > > > * You have set derby.authentication.ldap.searchFilter to derby.user. > > * A user DN has been cached locally for the specific user with the > > derby.user.UserName property. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-4976) LDAP authentication's use of derby.propery for finding dn locally is faulty: search is always performed
[ https://issues.apache.org/jira/browse/DERBY-4976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dag H. Wanvik updated DERBY-4976: - Affects Version/s: (was: 10.8.0.0) 10.0.2.0 10.0.2.1 10.1.1.0 10.1.2.1 10.1.3.1 10.2.1.6 10.2.2.0 10.3.1.4 10.3.2.1 10.3.3.0 10.4.1.3 10.4.2.0 10.5.1.1 10.5.2.0 10.5.3.0 10.6.1.0 10.6.2.1 10.7.1.1 > LDAP authentication's use of derby.propery for finding dn locally is faulty: > search is always performed > --- > > Key: DERBY-4976 > URL: https://issues.apache.org/jira/browse/DERBY-4976 > Project: Derby > Issue Type: Bug > Components: Services >Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, > 10.2.1.6, 10.2.2.0, 10.3.1.4, 10.3.2.1, 10.3.3.0, 10.4.1.3, 10.4.2.0, > 10.5.1.1, 10.5.2.0, 10.5.3.0, 10.6.1.0, 10.6.2.1, 10.7.1.1 >Reporter: Dag H. Wanvik > > cf DERBY-4975. > It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as > advertised. > LDAPAuthenticationSchemeImpl contains this code: > #authenticateUser: > : > // Retrieve the user's DN (Distinguished Name) If we're asked to > // look it up locally, do it first and if we don't find it, we go > // against the LDAP server for a look-up (search) > if (useUserPropertyAsDN) > userDN = > authenticationService.getProperty( > > org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX); > The lookup happens against the property "derby.user.", the username is not > appended first, so userDN is always set to null, and search ensues before > bind. Cf. this explanation > http://db.apache.org/derby/manuals/develop/develop100.html: > > Derby typically initiates a search for a full DN before binding to the > > directory using the full DN for user authentication. Derby does not > > initiate a search in the following cases: > > > > * You have set derby.authentication.ldap.searchFilter to derby.user. > > * A user DN has been cached locally for the specific user with the > > derby.user.UserName property. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-4976) LDAP authentication's use of derby.propery for finding dn locally is faulty: search is always performed
[ https://issues.apache.org/jira/browse/DERBY-4976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dag H. Wanvik updated DERBY-4976: - Description: cf DERBY-4975. It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as advertised. LDAPAuthenticationSchemeImpl contains this code: #authenticateUser: : // Retrieve the user's DN (Distinguished Name) If we're asked to // look it up locally, do it first and if we don't find it, we go // against the LDAP server for a look-up (search) if (useUserPropertyAsDN) userDN = authenticationService.getProperty( org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX); The lookup happens against the property "derby.user.", the username is not appended first, so userDN is always set to null, and search ensues before bind. Cf. this explanation http://db.apache.org/derby/manuals/develop/develop100.html: > Derby typically initiates a search for a full DN before binding to the > directory using the full DN for user authentication. Derby does not initiate > a search in the following cases: > > * You have set derby.authentication.ldap.searchFilter to derby.user. > * A user DN has been cached locally for the specific user with the > derby.user.UserName property. was: cf DERBY-4975. It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as advertised. LDAPAuthenticationSchemeImpl contains this code: #authenticateUser: : // Retrieve the user's DN (Distinguished Name) If we're asked to // look it up locally, do it first and if we don't find it, we go // against the LDAP server for a look-up (search) if (useUserPropertyAsDN) userDN = authenticationService.getProperty( org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX); The lookup happens against the property "derby.user.", the username is not appended first, so userDN always returns null, and search ensues before bind. Cf. this explanation http://db.apache.org/derby/manuals/develop/develop100.html: > Derby typically initiates a search for a full DN before binding to the > directory using the full DN for user authentication. Derby does not initiate > a search in the following cases: > > * You have set derby.authentication.ldap.searchFilter to derby.user. > * A user DN has been cached locally for the specific user with the > derby.user.UserName property. > LDAP authentication's use of derby.propery for finding dn locally is faulty: > search is always performed > --- > > Key: DERBY-4976 > URL: https://issues.apache.org/jira/browse/DERBY-4976 > Project: Derby > Issue Type: Bug > Components: Services >Affects Versions: 10.8.0.0 >Reporter: Dag H. Wanvik > > cf DERBY-4975. > It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as > advertised. > LDAPAuthenticationSchemeImpl contains this code: > #authenticateUser: > : > // Retrieve the user's DN (Distinguished Name) If we're asked to > // look it up locally, do it first and if we don't find it, we go > // against the LDAP server for a look-up (search) > if (useUserPropertyAsDN) > userDN = > authenticationService.getProperty( > > org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX); > The lookup happens against the property "derby.user.", the username is not > appended first, so userDN is always set to null, and search ensues before > bind. Cf. this explanation > http://db.apache.org/derby/manuals/develop/develop100.html: > > Derby typically initiates a search for a full DN before binding to the > > directory using the full DN for user authentication. Derby does not > > initiate a search in the following cases: > > > > * You have set derby.authentication.ldap.searchFilter to derby.user. > > * A user DN has been cached locally for the specific user with the > > derby.user.UserName property. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
