Class LDAPAuthenticationSchemeImpl

java.lang.Object
org.apache.derby.impl.jdbc.authentication.JNDIAuthenticationSchemeBase
org.apache.derby.impl.jdbc.authentication.LDAPAuthenticationSchemeImpl
All Implemented Interfaces:
UserAuthenticator

public final class LDAPAuthenticationSchemeImpl extends JNDIAuthenticationSchemeBase
This is the Derby LDAP authentication scheme implementation. JNDI system/environment properties can be set at the database level as database properties. They will be picked-up and set in the JNDI initial context if any are found. We do connect first to the LDAP server in order to retrieve the user's distinguished name (DN) and then we reconnect and try to authenticate with the user's DN and passed-in password. In 2.0 release, we first connect to do a search (user full DN lookup). This initial lookup can be done through anonymous bind or using special LDAP search credentials that the user may have configured on the LDAP settings for the database or the system. It is a typical operation with LDAP servers where sometimes it is hard to tell/guess in advance a users' full DN's. NOTE: In a future release, we will cache/maintain the user DN within the the Derby database or system to avoid the initial lookup. Also note that LDAP search/retrieval operations are usually very fast. The default LDAP url is ldap:/// (ldap://localhost:389/)
See Also:
  • Field Details

  • Constructor Details

  • Method Details

    • authenticateUser

      public boolean authenticateUser(String userName, String userPassword, String databaseName, Properties info) throws SQLException
      Authenticate the passed-in user's credentials. We authenticate against a LDAP Server.
      Parameters:
      userName - The user's name used to connect to JBMS system
      userPassword - The user's password used to connect to JBMS system
      databaseName - The database which the user wants to connect to.
      info - Additional jdbc connection info.
      Returns:
      false if the connection request should be denied, true if the connection request should proceed. If false is returned the connection attempt will receive a SQLException with SQL State 08004.
      Throws:
      SQLException - An exception processing the request, connection request will be denied. The SQL exception will be returned to the connection attempt.
    • privInitialDirContext

      private DirContext privInitialDirContext(Properties env) throws NamingException
      Call new InitialDirContext in a privilege block
      Parameters:
      env - environment used to create the initial DirContext. Null indicates an empty environment.
      Returns:
      an initial DirContext using the supplied environment.
      Throws:
      NamingException
    • setJNDIProviderProperties

      protected void setJNDIProviderProperties()
      This method basically tests and sets default/expected JNDI properties for the JNDI provider scheme (here it is LDAP).
      Specified by:
      setJNDIProviderProperties in class JNDIAuthenticationSchemeBase
    • getDNFromUID

      private String getDNFromUID(String uid) throws NamingException
      Search for the full user's DN in the LDAP server. LDAP server bind may or not be anonymous. If the admin does not want us to do anonymous bind/search, then we must have been given principal/credentials in order to successfully bind to perform the user's DN search.
      Throws:
      NamingException - if could not retrieve the user DN.