You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Dag H. Wanvik (JIRA)" <ji...@apache.org> on 2011/01/18 02:48:45 UTC
[jira] Created: (DERBY-4976) LDAP authentication's use of
derby.propery for finding dn locally is faulty: search is always performed
LDAP authentication's use of derby.propery for finding dn locally is faulty: search is always performed
-------------------------------------------------------------------------------------------------------
Key: DERBY-4976
URL: https://issues.apache.org/jira/browse/DERBY-4976
Project: Derby
Issue Type: Bug
Components: Services
Affects Versions: 10.8.0.0
Reporter: Dag H. Wanvik
cf DERBY-4975.
It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as advertised.
LDAPAuthenticationSchemeImpl contains this code:
#authenticateUser:
:
// Retrieve the user's DN (Distinguished Name) If we're asked to
// look it up locally, do it first and if we don't find it, we go
// against the LDAP server for a look-up (search)
if (useUserPropertyAsDN)
userDN =
authenticationService.getProperty(
org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX);
The lookup happens against the property "derby.user.", the username is not appended first, so userDN always returns null, and search ensues before bind. Cf. this explanation http://db.apache.org/derby/manuals/develop/develop100.html:
> Derby typically initiates a search for a full DN before binding to the directory using the full DN for user authentication. Derby does not initiate a search in the following cases:
>
> * You have set derby.authentication.ldap.searchFilter to derby.user.
> * A user DN has been cached locally for the specific user with the derby.user.UserName property.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-4976) LDAP authentication's use of
derby.propery for finding dn locally is faulty: search is always performed
Posted by "Dag H. Wanvik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-4976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dag H. Wanvik updated DERBY-4976:
---------------------------------
Description:
cf DERBY-4975.
It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as advertised.
LDAPAuthenticationSchemeImpl contains this code:
#authenticateUser:
:
// Retrieve the user's DN (Distinguished Name) If we're asked to
// look it up locally, do it first and if we don't find it, we go
// against the LDAP server for a look-up (search)
if (useUserPropertyAsDN)
userDN =
authenticationService.getProperty(
org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX);
The lookup happens against the property "derby.user.", the username is not appended first, so userDN is always set to null, and search ensues before bind. Cf. this explanation http://db.apache.org/derby/manuals/develop/develop100.html:
> Derby typically initiates a search for a full DN before binding to the directory using the full DN for user authentication. Derby does not initiate a search in the following cases:
>
> * You have set derby.authentication.ldap.searchFilter to derby.user.
> * A user DN has been cached locally for the specific user with the derby.user.UserName property.
was:
cf DERBY-4975.
It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as advertised.
LDAPAuthenticationSchemeImpl contains this code:
#authenticateUser:
:
// Retrieve the user's DN (Distinguished Name) If we're asked to
// look it up locally, do it first and if we don't find it, we go
// against the LDAP server for a look-up (search)
if (useUserPropertyAsDN)
userDN =
authenticationService.getProperty(
org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX);
The lookup happens against the property "derby.user.", the username is not appended first, so userDN always returns null, and search ensues before bind. Cf. this explanation http://db.apache.org/derby/manuals/develop/develop100.html:
> Derby typically initiates a search for a full DN before binding to the directory using the full DN for user authentication. Derby does not initiate a search in the following cases:
>
> * You have set derby.authentication.ldap.searchFilter to derby.user.
> * A user DN has been cached locally for the specific user with the derby.user.UserName property.
> LDAP authentication's use of derby.propery for finding dn locally is faulty: search is always performed
> -------------------------------------------------------------------------------------------------------
>
> Key: DERBY-4976
> URL: https://issues.apache.org/jira/browse/DERBY-4976
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.8.0.0
> Reporter: Dag H. Wanvik
>
> cf DERBY-4975.
> It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as advertised.
> LDAPAuthenticationSchemeImpl contains this code:
> #authenticateUser:
> :
> // Retrieve the user's DN (Distinguished Name) If we're asked to
> // look it up locally, do it first and if we don't find it, we go
> // against the LDAP server for a look-up (search)
> if (useUserPropertyAsDN)
> userDN =
> authenticationService.getProperty(
> org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX);
> The lookup happens against the property "derby.user.", the username is not appended first, so userDN is always set to null, and search ensues before bind. Cf. this explanation http://db.apache.org/derby/manuals/develop/develop100.html:
> > Derby typically initiates a search for a full DN before binding to the directory using the full DN for user authentication. Derby does not initiate a search in the following cases:
> >
> > * You have set derby.authentication.ldap.searchFilter to derby.user.
> > * A user DN has been cached locally for the specific user with the derby.user.UserName property.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-4976) LDAP authentication's use of
derby.propery for finding dn locally is faulty: search is always performed
Posted by "Dag H. Wanvik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-4976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dag H. Wanvik updated DERBY-4976:
---------------------------------
Affects Version/s: (was: 10.8.0.0)
10.0.2.0
10.0.2.1
10.1.1.0
10.1.2.1
10.1.3.1
10.2.1.6
10.2.2.0
10.3.1.4
10.3.2.1
10.3.3.0
10.4.1.3
10.4.2.0
10.5.1.1
10.5.2.0
10.5.3.0
10.6.1.0
10.6.2.1
10.7.1.1
> LDAP authentication's use of derby.propery for finding dn locally is faulty: search is always performed
> -------------------------------------------------------------------------------------------------------
>
> Key: DERBY-4976
> URL: https://issues.apache.org/jira/browse/DERBY-4976
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4, 10.3.2.1, 10.3.3.0, 10.4.1.3, 10.4.2.0, 10.5.1.1, 10.5.2.0, 10.5.3.0, 10.6.1.0, 10.6.2.1, 10.7.1.1
> Reporter: Dag H. Wanvik
>
> cf DERBY-4975.
> It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as advertised.
> LDAPAuthenticationSchemeImpl contains this code:
> #authenticateUser:
> :
> // Retrieve the user's DN (Distinguished Name) If we're asked to
> // look it up locally, do it first and if we don't find it, we go
> // against the LDAP server for a look-up (search)
> if (useUserPropertyAsDN)
> userDN =
> authenticationService.getProperty(
> org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX);
> The lookup happens against the property "derby.user.", the username is not appended first, so userDN is always set to null, and search ensues before bind. Cf. this explanation http://db.apache.org/derby/manuals/develop/develop100.html:
> > Derby typically initiates a search for a full DN before binding to the directory using the full DN for user authentication. Derby does not initiate a search in the following cases:
> >
> > * You have set derby.authentication.ldap.searchFilter to derby.user.
> > * A user DN has been cached locally for the specific user with the derby.user.UserName property.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-4976) LDAP authentication's use of
derby.propery for finding dn locally is faulty: search is always performed
Posted by "Mike Matrigali (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-4976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike Matrigali updated DERBY-4976:
----------------------------------
Urgency: Normal
Labels: derby_triage10_8 (was: )
> LDAP authentication's use of derby.propery for finding dn locally is faulty: search is always performed
> -------------------------------------------------------------------------------------------------------
>
> Key: DERBY-4976
> URL: https://issues.apache.org/jira/browse/DERBY-4976
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4, 10.3.2.1, 10.3.3.0, 10.4.1.3, 10.4.2.0, 10.5.1.1, 10.5.2.0, 10.5.3.0, 10.6.1.0, 10.6.2.1, 10.7.1.1
> Reporter: Dag H. Wanvik
> Labels: derby_triage10_8
>
> cf DERBY-4975.
> It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as advertised.
> LDAPAuthenticationSchemeImpl contains this code:
> #authenticateUser:
> :
> // Retrieve the user's DN (Distinguished Name) If we're asked to
> // look it up locally, do it first and if we don't find it, we go
> // against the LDAP server for a look-up (search)
> if (useUserPropertyAsDN)
> userDN =
> authenticationService.getProperty(
> org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX);
> The lookup happens against the property "derby.user.", the username is not appended first, so userDN is always set to null, and search ensues before bind. Cf. this explanation http://db.apache.org/derby/manuals/develop/develop100.html:
> > Derby typically initiates a search for a full DN before binding to the directory using the full DN for user authentication. Derby does not initiate a search in the following cases:
> >
> > * You have set derby.authentication.ldap.searchFilter to derby.user.
> > * A user DN has been cached locally for the specific user with the derby.user.UserName property.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-4976) LDAP authentication's use of
derby.propery for finding dn locally is faulty: search is always performed
Posted by "Dag H. Wanvik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-4976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dag H. Wanvik updated DERBY-4976:
---------------------------------
Issue & fix info: [Known fix]
Marking "known fix": append the username to the prefix before looking up the property value.
> LDAP authentication's use of derby.propery for finding dn locally is faulty: search is always performed
> -------------------------------------------------------------------------------------------------------
>
> Key: DERBY-4976
> URL: https://issues.apache.org/jira/browse/DERBY-4976
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4, 10.3.2.1, 10.3.3.0, 10.4.1.3, 10.4.2.0, 10.5.1.1, 10.5.2.0, 10.5.3.0, 10.6.1.0, 10.6.2.1, 10.7.1.1
> Reporter: Dag H. Wanvik
>
> cf DERBY-4975.
> It seems derby.authentication.ldap.searchFilter=derby.user doesn't work as advertised.
> LDAPAuthenticationSchemeImpl contains this code:
> #authenticateUser:
> :
> // Retrieve the user's DN (Distinguished Name) If we're asked to
> // look it up locally, do it first and if we don't find it, we go
> // against the LDAP server for a look-up (search)
> if (useUserPropertyAsDN)
> userDN =
> authenticationService.getProperty(
> org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX);
> The lookup happens against the property "derby.user.", the username is not appended first, so userDN is always set to null, and search ensues before bind. Cf. this explanation http://db.apache.org/derby/manuals/develop/develop100.html:
> > Derby typically initiates a search for a full DN before binding to the directory using the full DN for user authentication. Derby does not initiate a search in the following cases:
> >
> > * You have set derby.authentication.ldap.searchFilter to derby.user.
> > * A user DN has been cached locally for the specific user with the derby.user.UserName property.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.