You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Sunitha Kambhampati (JIRA)" <de...@db.apache.org> on 2006/02/22 04:07:21 UTC

[jira] Created: (DERBY-1026) LDAP with caching DNs in derby.user.userName as database property does not work

LDAP with caching DNs in derby.user.userName as database property does not work
-------------------------------------------------------------------------------

         Key: DERBY-1026
         URL: http://issues.apache.org/jira/browse/DERBY-1026
     Project: Derby
        Type: Bug
  Components: Security  
    Versions: 10.2.0.0, 10.1.2.2, 10.1.2.0, 10.1.2.1, 10.1.1.2, 10.1.1.0, 10.1.1.1, 10.0.2.1, 10.0.2.0    
    Reporter: Sunitha Kambhampati
    Priority: Minor


The documentation talks about LDAP support with mapping user names to derby users using the derby.user.'userName' property. 

See links
http://db.apache.org/derby/docs/dev/tuning/rtunproper37341.html
http://db.apache.org/derby/docs/dev/tuning/rtunproper27355.html

Per the documentation, one can use the derby.user property to set the DN for a user,and when using LDAP, setting the search filter to derby.user will pick up the DN from this property if available. This is not working when I tried it out by caching a user's dn as a database-level property.

Found the following issues:

1)Setting the database property derby.user.userName to a DN does not work:
Problem in AuthenticationServiceBase#map. 
-- If there is a system property derby.authentication.provider=LDAP, setting of derby.user.userName to a DN value as a database property will encrypt the DN value and store it. The code seems to expect that the derby.authentication.provider is set to LDAP as a database property, else it considers it as a password and encrypts the value. 
-- it doesnt return the correct mapped value for the property for the LDAP and derby.user.userName case. Returns null instead of returning the clear text DN value.


2) the LDAP code itself doesnt pick up the userDN.

In LDAPAuthenticationSchemeImpl#authenticateUser
            if (useUserPropertyAsDN)
                userDN =
                    authenticationService.getProperty(
                        org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX)

Here  USER_PROPERTY_PREFIX is derby.user.
The key should be USER_PROPERTY_PREFIX+userName.  

3) After the code issues are fixed, it would be nice if documentation can be added to give a full example of how to go about doing LDAP authentication with caching DNs in derby.user. 


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Updated: (DERBY-1026) LDAP with caching DNs in derby.user.userName as database property does not work

Posted by "Sunitha Kambhampati (JIRA)" <de...@db.apache.org>.
     [ http://issues.apache.org/jira/browse/DERBY-1026?page=all ]

Sunitha Kambhampati updated DERBY-1026:
---------------------------------------

    Component: Newcomer

> LDAP with caching DNs in derby.user.userName as database property does not work
> -------------------------------------------------------------------------------
>
>          Key: DERBY-1026
>          URL: http://issues.apache.org/jira/browse/DERBY-1026
>      Project: Derby
>         Type: Bug

>   Components: Security, Newcomer
>     Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.2.0.0, 10.1.2.0, 10.1.1.1, 10.1.1.2, 10.1.2.1, 10.1.2.2
>     Reporter: Sunitha Kambhampati
>     Priority: Minor

>
> The documentation talks about LDAP support with mapping user names to derby users using the derby.user.'userName' property. 
> See links
> http://db.apache.org/derby/docs/dev/tuning/rtunproper37341.html
> http://db.apache.org/derby/docs/dev/tuning/rtunproper27355.html
> Per the documentation, one can use the derby.user property to set the DN for a user,and when using LDAP, setting the search filter to derby.user will pick up the DN from this property if available. This is not working when I tried it out by caching a user's dn as a database-level property.
> Found the following issues:
> 1)Setting the database property derby.user.userName to a DN does not work:
> Problem in AuthenticationServiceBase#map. 
> -- If there is a system property derby.authentication.provider=LDAP, setting of derby.user.userName to a DN value as a database property will encrypt the DN value and store it. The code seems to expect that the derby.authentication.provider is set to LDAP as a database property, else it considers it as a password and encrypts the value. 
> -- it doesnt return the correct mapped value for the property for the LDAP and derby.user.userName case. Returns null instead of returning the clear text DN value.
> 2) the LDAP code itself doesnt pick up the userDN.
> In LDAPAuthenticationSchemeImpl#authenticateUser
>             if (useUserPropertyAsDN)
>                 userDN =
>                     authenticationService.getProperty(
>                         org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX)
> Here  USER_PROPERTY_PREFIX is derby.user.
> The key should be USER_PROPERTY_PREFIX+userName.  
> 3) After the code issues are fixed, it would be nice if documentation can be added to give a full example of how to go about doing LDAP authentication with caching DNs in derby.user. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Updated: (DERBY-1026) LDAP with caching DNs in derby.user.userName as database property does not work

Posted by "Dag H. Wanvik (JIRA)" <ji...@apache.org>.
     [ https://issues.apache.org/jira/browse/DERBY-1026?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dag H. Wanvik updated DERBY-1026:
---------------------------------

    Component/s: Services

> LDAP with caching DNs in derby.user.userName as database property does not work
> -------------------------------------------------------------------------------
>
>                 Key: DERBY-1026
>                 URL: https://issues.apache.org/jira/browse/DERBY-1026
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6
>            Reporter: Sunitha Kambhampati
>            Priority: Minor
>
> The documentation talks about LDAP support with mapping user names to derby users using the derby.user.'userName' property. 
> See links
> http://db.apache.org/derby/docs/dev/tuning/rtunproper37341.html
> http://db.apache.org/derby/docs/dev/tuning/rtunproper27355.html
> Per the documentation, one can use the derby.user property to set the DN for a user,and when using LDAP, setting the search filter to derby.user will pick up the DN from this property if available. This is not working when I tried it out by caching a user's dn as a database-level property.
> Found the following issues:
> 1)Setting the database property derby.user.userName to a DN does not work:
> Problem in AuthenticationServiceBase#map. 
> -- If there is a system property derby.authentication.provider=LDAP, setting of derby.user.userName to a DN value as a database property will encrypt the DN value and store it. The code seems to expect that the derby.authentication.provider is set to LDAP as a database property, else it considers it as a password and encrypts the value. 
> -- it doesnt return the correct mapped value for the property for the LDAP and derby.user.userName case. Returns null instead of returning the clear text DN value.
> 2) the LDAP code itself doesnt pick up the userDN.
> In LDAPAuthenticationSchemeImpl#authenticateUser
>             if (useUserPropertyAsDN)
>                 userDN =
>                     authenticationService.getProperty(
>                         org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX)
> Here  USER_PROPERTY_PREFIX is derby.user.
> The key should be USER_PROPERTY_PREFIX+userName.  
> 3) After the code issues are fixed, it would be nice if documentation can be added to give a full example of how to go about doing LDAP authentication with caching DNs in derby.user. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (DERBY-1026) LDAP with caching DNs in derby.user.userName as database property does not work

Posted by "Dag H. Wanvik (JIRA)" <ji...@apache.org>.
     [ https://issues.apache.org/jira/browse/DERBY-1026?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dag H. Wanvik updated DERBY-1026:
---------------------------------

    Issue & fix info: [Newcomer]

> LDAP with caching DNs in derby.user.userName as database property does not work
> -------------------------------------------------------------------------------
>
>                 Key: DERBY-1026
>                 URL: https://issues.apache.org/jira/browse/DERBY-1026
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6
>            Reporter: Sunitha Kambhampati
>            Priority: Minor
>
> The documentation talks about LDAP support with mapping user names to derby users using the derby.user.'userName' property. 
> See links
> http://db.apache.org/derby/docs/dev/tuning/rtunproper37341.html
> http://db.apache.org/derby/docs/dev/tuning/rtunproper27355.html
> Per the documentation, one can use the derby.user property to set the DN for a user,and when using LDAP, setting the search filter to derby.user will pick up the DN from this property if available. This is not working when I tried it out by caching a user's dn as a database-level property.
> Found the following issues:
> 1)Setting the database property derby.user.userName to a DN does not work:
> Problem in AuthenticationServiceBase#map. 
> -- If there is a system property derby.authentication.provider=LDAP, setting of derby.user.userName to a DN value as a database property will encrypt the DN value and store it. The code seems to expect that the derby.authentication.provider is set to LDAP as a database property, else it considers it as a password and encrypts the value. 
> -- it doesnt return the correct mapped value for the property for the LDAP and derby.user.userName case. Returns null instead of returning the clear text DN value.
> 2) the LDAP code itself doesnt pick up the userDN.
> In LDAPAuthenticationSchemeImpl#authenticateUser
>             if (useUserPropertyAsDN)
>                 userDN =
>                     authenticationService.getProperty(
>                         org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX)
> Here  USER_PROPERTY_PREFIX is derby.user.
> The key should be USER_PROPERTY_PREFIX+userName.  
> 3) After the code issues are fixed, it would be nice if documentation can be added to give a full example of how to go about doing LDAP authentication with caching DNs in derby.user. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.