You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Sunitha Kambhampati (JIRA)" <de...@db.apache.org> on 2006/02/22 04:07:21 UTC
[jira] Created: (DERBY-1026) LDAP with caching DNs in
derby.user.userName as database property does not work
LDAP with caching DNs in derby.user.userName as database property does not work
-------------------------------------------------------------------------------
Key: DERBY-1026
URL: http://issues.apache.org/jira/browse/DERBY-1026
Project: Derby
Type: Bug
Components: Security
Versions: 10.2.0.0, 10.1.2.2, 10.1.2.0, 10.1.2.1, 10.1.1.2, 10.1.1.0, 10.1.1.1, 10.0.2.1, 10.0.2.0
Reporter: Sunitha Kambhampati
Priority: Minor
The documentation talks about LDAP support with mapping user names to derby users using the derby.user.'userName' property.
See links
http://db.apache.org/derby/docs/dev/tuning/rtunproper37341.html
http://db.apache.org/derby/docs/dev/tuning/rtunproper27355.html
Per the documentation, one can use the derby.user property to set the DN for a user,and when using LDAP, setting the search filter to derby.user will pick up the DN from this property if available. This is not working when I tried it out by caching a user's dn as a database-level property.
Found the following issues:
1)Setting the database property derby.user.userName to a DN does not work:
Problem in AuthenticationServiceBase#map.
-- If there is a system property derby.authentication.provider=LDAP, setting of derby.user.userName to a DN value as a database property will encrypt the DN value and store it. The code seems to expect that the derby.authentication.provider is set to LDAP as a database property, else it considers it as a password and encrypts the value.
-- it doesnt return the correct mapped value for the property for the LDAP and derby.user.userName case. Returns null instead of returning the clear text DN value.
2) the LDAP code itself doesnt pick up the userDN.
In LDAPAuthenticationSchemeImpl#authenticateUser
if (useUserPropertyAsDN)
userDN =
authenticationService.getProperty(
org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX)
Here USER_PROPERTY_PREFIX is derby.user.
The key should be USER_PROPERTY_PREFIX+userName.
3) After the code issues are fixed, it would be nice if documentation can be added to give a full example of how to go about doing LDAP authentication with caching DNs in derby.user.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1026) LDAP with caching DNs in
derby.user.userName as database property does not work
Posted by "Sunitha Kambhampati (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1026?page=all ]
Sunitha Kambhampati updated DERBY-1026:
---------------------------------------
Component: Newcomer
> LDAP with caching DNs in derby.user.userName as database property does not work
> -------------------------------------------------------------------------------
>
> Key: DERBY-1026
> URL: http://issues.apache.org/jira/browse/DERBY-1026
> Project: Derby
> Type: Bug
> Components: Security, Newcomer
> Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.2.0.0, 10.1.2.0, 10.1.1.1, 10.1.1.2, 10.1.2.1, 10.1.2.2
> Reporter: Sunitha Kambhampati
> Priority: Minor
>
> The documentation talks about LDAP support with mapping user names to derby users using the derby.user.'userName' property.
> See links
> http://db.apache.org/derby/docs/dev/tuning/rtunproper37341.html
> http://db.apache.org/derby/docs/dev/tuning/rtunproper27355.html
> Per the documentation, one can use the derby.user property to set the DN for a user,and when using LDAP, setting the search filter to derby.user will pick up the DN from this property if available. This is not working when I tried it out by caching a user's dn as a database-level property.
> Found the following issues:
> 1)Setting the database property derby.user.userName to a DN does not work:
> Problem in AuthenticationServiceBase#map.
> -- If there is a system property derby.authentication.provider=LDAP, setting of derby.user.userName to a DN value as a database property will encrypt the DN value and store it. The code seems to expect that the derby.authentication.provider is set to LDAP as a database property, else it considers it as a password and encrypts the value.
> -- it doesnt return the correct mapped value for the property for the LDAP and derby.user.userName case. Returns null instead of returning the clear text DN value.
> 2) the LDAP code itself doesnt pick up the userDN.
> In LDAPAuthenticationSchemeImpl#authenticateUser
> if (useUserPropertyAsDN)
> userDN =
> authenticationService.getProperty(
> org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX)
> Here USER_PROPERTY_PREFIX is derby.user.
> The key should be USER_PROPERTY_PREFIX+userName.
> 3) After the code issues are fixed, it would be nice if documentation can be added to give a full example of how to go about doing LDAP authentication with caching DNs in derby.user.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1026) LDAP with caching DNs in
derby.user.userName as database property does not work
Posted by "Dag H. Wanvik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1026?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dag H. Wanvik updated DERBY-1026:
---------------------------------
Component/s: Services
> LDAP with caching DNs in derby.user.userName as database property does not work
> -------------------------------------------------------------------------------
>
> Key: DERBY-1026
> URL: https://issues.apache.org/jira/browse/DERBY-1026
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6
> Reporter: Sunitha Kambhampati
> Priority: Minor
>
> The documentation talks about LDAP support with mapping user names to derby users using the derby.user.'userName' property.
> See links
> http://db.apache.org/derby/docs/dev/tuning/rtunproper37341.html
> http://db.apache.org/derby/docs/dev/tuning/rtunproper27355.html
> Per the documentation, one can use the derby.user property to set the DN for a user,and when using LDAP, setting the search filter to derby.user will pick up the DN from this property if available. This is not working when I tried it out by caching a user's dn as a database-level property.
> Found the following issues:
> 1)Setting the database property derby.user.userName to a DN does not work:
> Problem in AuthenticationServiceBase#map.
> -- If there is a system property derby.authentication.provider=LDAP, setting of derby.user.userName to a DN value as a database property will encrypt the DN value and store it. The code seems to expect that the derby.authentication.provider is set to LDAP as a database property, else it considers it as a password and encrypts the value.
> -- it doesnt return the correct mapped value for the property for the LDAP and derby.user.userName case. Returns null instead of returning the clear text DN value.
> 2) the LDAP code itself doesnt pick up the userDN.
> In LDAPAuthenticationSchemeImpl#authenticateUser
> if (useUserPropertyAsDN)
> userDN =
> authenticationService.getProperty(
> org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX)
> Here USER_PROPERTY_PREFIX is derby.user.
> The key should be USER_PROPERTY_PREFIX+userName.
> 3) After the code issues are fixed, it would be nice if documentation can be added to give a full example of how to go about doing LDAP authentication with caching DNs in derby.user.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-1026) LDAP with caching DNs in
derby.user.userName as database property does not work
Posted by "Dag H. Wanvik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1026?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dag H. Wanvik updated DERBY-1026:
---------------------------------
Issue & fix info: [Newcomer]
> LDAP with caching DNs in derby.user.userName as database property does not work
> -------------------------------------------------------------------------------
>
> Key: DERBY-1026
> URL: https://issues.apache.org/jira/browse/DERBY-1026
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6
> Reporter: Sunitha Kambhampati
> Priority: Minor
>
> The documentation talks about LDAP support with mapping user names to derby users using the derby.user.'userName' property.
> See links
> http://db.apache.org/derby/docs/dev/tuning/rtunproper37341.html
> http://db.apache.org/derby/docs/dev/tuning/rtunproper27355.html
> Per the documentation, one can use the derby.user property to set the DN for a user,and when using LDAP, setting the search filter to derby.user will pick up the DN from this property if available. This is not working when I tried it out by caching a user's dn as a database-level property.
> Found the following issues:
> 1)Setting the database property derby.user.userName to a DN does not work:
> Problem in AuthenticationServiceBase#map.
> -- If there is a system property derby.authentication.provider=LDAP, setting of derby.user.userName to a DN value as a database property will encrypt the DN value and store it. The code seems to expect that the derby.authentication.provider is set to LDAP as a database property, else it considers it as a password and encrypts the value.
> -- it doesnt return the correct mapped value for the property for the LDAP and derby.user.userName case. Returns null instead of returning the clear text DN value.
> 2) the LDAP code itself doesnt pick up the userDN.
> In LDAPAuthenticationSchemeImpl#authenticateUser
> if (useUserPropertyAsDN)
> userDN =
> authenticationService.getProperty(
> org.apache.derby.iapi.reference.Property.USER_PROPERTY_PREFIX)
> Here USER_PROPERTY_PREFIX is derby.user.
> The key should be USER_PROPERTY_PREFIX+userName.
> 3) After the code issues are fixed, it would be nice if documentation can be added to give a full example of how to go about doing LDAP authentication with caching DNs in derby.user.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.