Class LDAPAuthenticationSchemeImpl
java.lang.Object
org.apache.derby.impl.jdbc.authentication.JNDIAuthenticationSchemeBase
org.apache.derby.impl.jdbc.authentication.LDAPAuthenticationSchemeImpl
- All Implemented Interfaces:
UserAuthenticator
This is the Derby LDAP authentication scheme implementation.
JNDI system/environment properties can be set at the database
level as database properties. They will be picked-up and set in
the JNDI initial context if any are found.
We do connect first to the LDAP server in order to retrieve the
user's distinguished name (DN) and then we reconnect and try to
authenticate with the user's DN and passed-in password.
In 2.0 release, we first connect to do a search (user full DN lookup).
This initial lookup can be done through anonymous bind or using special
LDAP search credentials that the user may have configured on the
LDAP settings for the database or the system.
It is a typical operation with LDAP servers where sometimes it is
hard to tell/guess in advance a users' full DN's.
NOTE: In a future release, we will cache/maintain the user DN within
the the Derby database or system to avoid the initial lookup.
Also note that LDAP search/retrieval operations are usually very fast.
The default LDAP url is ldap:/// (ldap://localhost:389/)
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final String[]
private static final String
private static final String
private static final String
private static final String
private static final String
private static final String
private static final String
private String
private String
private String
private String
private String
private boolean
Fields inherited from class org.apache.derby.impl.jdbc.authentication.JNDIAuthenticationSchemeBase
authenticationService, initDirContextEnv, providerURL
-
Constructor Summary
ConstructorsConstructorDescriptionLDAPAuthenticationSchemeImpl
(JNDIAuthenticationService as, Properties dbProperties) -
Method Summary
Modifier and TypeMethodDescriptionboolean
authenticateUser
(String userName, String userPassword, String databaseName, Properties info) Authenticate the passed-in user's credentials.private String
getDNFromUID
(String uid) Search for the full user's DN in the LDAP server.private DirContext
Call new InitialDirContext in a privilege blockprotected void
This method basically tests and sets default/expected JNDI properties for the JNDI provider scheme (here it is LDAP).Methods inherited from class org.apache.derby.impl.jdbc.authentication.JNDIAuthenticationSchemeBase
getLoginSQLException
-
Field Details
-
dfltLDAPURL
- See Also:
-
searchBaseDN
-
leftSearchFilter
-
rightSearchFilter
-
useUserPropertyAsDN
private boolean useUserPropertyAsDN -
searchAuthDN
-
searchAuthPW
-
attrDN
-
LDAP_SEARCH_BASE
- See Also:
-
LDAP_SEARCH_FILTER
- See Also:
-
LDAP_SEARCH_AUTH_DN
- See Also:
-
LDAP_SEARCH_AUTH_PW
- See Also:
-
LDAP_LOCAL_USER_DN
- See Also:
-
LDAP_SEARCH_FILTER_USERNAME
- See Also:
-
-
Constructor Details
-
LDAPAuthenticationSchemeImpl
-
-
Method Details
-
authenticateUser
public boolean authenticateUser(String userName, String userPassword, String databaseName, Properties info) throws SQLException Authenticate the passed-in user's credentials. We authenticate against a LDAP Server.- Parameters:
userName
- The user's name used to connect to JBMS systemuserPassword
- The user's password used to connect to JBMS systemdatabaseName
- The database which the user wants to connect to.info
- Additional jdbc connection info.- Returns:
- false if the connection request should be denied, true if the connection request should proceed. If false is returned the connection attempt will receive a SQLException with SQL State 08004.
- Throws:
SQLException
- An exception processing the request, connection request will be denied. The SQL exception will be returned to the connection attempt.
-
privInitialDirContext
Call new InitialDirContext in a privilege block- Parameters:
env
- environment used to create the initial DirContext. Null indicates an empty environment.- Returns:
- an initial DirContext using the supplied environment.
- Throws:
NamingException
-
setJNDIProviderProperties
protected void setJNDIProviderProperties()This method basically tests and sets default/expected JNDI properties for the JNDI provider scheme (here it is LDAP).- Specified by:
setJNDIProviderProperties
in classJNDIAuthenticationSchemeBase
-
getDNFromUID
Search for the full user's DN in the LDAP server. LDAP server bind may or not be anonymous. If the admin does not want us to do anonymous bind/search, then we must have been given principal/credentials in order to successfully bind to perform the user's DN search.- Throws:
NamingException
- if could not retrieve the user DN.
-