[jira] Closed: (DERBY-1000) For LDAP authentication: derby.authentication.server should support ldaps:// as part of the server url.

Tue, 11 Jul 2006 11:50:29 -0700 

     [ http://issues.apache.org/jira/browse/DERBY-1000?page=all ]
     
Sunitha Kambhampati closed DERBY-1000:
--------------------------------------


> For LDAP authentication: derby.authentication.server should support ldaps:// 
> as part of the server url.
> -------------------------------------------------------------------------------------------------------
>
>          Key: DERBY-1000
>          URL: http://issues.apache.org/jira/browse/DERBY-1000
>      Project: Derby
>         Type: Bug

>   Components: Newcomer, Security
>     Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.1.1, 10.1.1.2, 10.1.2.0, 
> 10.1.2.1, 10.1.2.2, 10.2.0.0
>  Environment: all
>     Reporter: Sunitha Kambhampati
>     Assignee: Anders Morken
>     Priority: Trivial
>      Fix For: 10.2.0.0
>  Attachments: DERBY-1000.patch, DERBY1000-docs.patch
>
> derby.authentication.server does not recognize secure ldap url - ie if  the 
> url starts with ldaps:// 
> Trying to connect using LDAP authentication with the following properties set
> derby.authentication.provider=LDAP
> derby.authentication.server=ldaps://xyz.abc.com:636
> derby.authentication.ldap.searchBase='ou=xyz,o=abc.com'
> derby.authentication.ldap.searchFilter='(emailaddress=%USERNAME%)'
> derby.connection.requireAuthentication=true
> throws InvalidNameException
> ij> connect 'jdbc:derby:testdb;user=a;password=p';
> ERROR 08004: Connection refused : javax.naming.InvalidNameException: Invalid 
> name: /xyz.abc.com:636
> Code - LDAPAuthenticationSchemeImpl#setJNDIProviderProperties.
> Problem is the code expects that if Context.PROVIDER_URL is not and if 
> derby.authentication.server is set, then the ldapServer is either of the 
> format //server:port  or it already starts with ldap://  else it just adds 
> ldap://  .
> Thus for a ldaps://xyz.com:636  url , it will become 
> ldap://ldaps://xyz.com:636
>                                                                               
>        in the code snippet, dflLDAPURL is ldap://
>                               if (ldapServer.startsWith(dfltLDAPURL))
>                                       this.providerURL = ldapServer;
>                               else if (ldapServer.startsWith("//"))
>                                       this.providerURL = "ldap:" + ldapServer;
>                               else
>                                       this.providerURL = dfltLDAPURL + 
> ldapServer;
>                       }
>                       initDirContextEnv.put(Context.PROVIDER_URL, 
> providerURL);
> We should support specifiying secure ldap , ie ldaps://  in the 
> derby.authentication.server. Add condition to support the ldaps:// 
> ie. 
>                       if (ldapServer.startsWith(dfltLDAPURL) || 
> ldapServer.startsWith("ldaps://"))
>                                       this.providerURL = ldapServer;
> ========
> A workaround to the problem is to set the Context.PROVIDER_URL instead.  

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to