ij> --
----- Specifically test SECURE users with ldap 
----- Configure the ldap databases, plus some for reference
-----
----- 'derbySchemeDB'	- BUILTIN authentication
-----						  & some db authorization restriction.
----- 'ldapSchemeDB'		- LDAP authentication
-----						  (or NT thru LDAP)
----- 'ldapSchemeDBJN'	- LDAP setting url through java.naming.*
-----						  some db authorization restriction.
-----
----- let's create all the dbs and configure them.
----- we will authenticate using a default system user that we
----- have configured.
----- A typical bad guy who cannot access any database but guest
----- is Jamie.
-----
-----
----- 'derbySchemeDB' database authentication/authorization config
-----
connect 'derbySchemeDB;create=true;user=system;password=manager';
ij(CONNECTION1)> autocommit off;
ij(CONNECTION1)> prepare p2 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
ij(CONNECTION1)> execute p2 using 'values(''derby.authentication.provider'', ''BUILTIN'')';
Statement executed.
ij(CONNECTION1)> -- let's define users in this database (other than the ones
----- known at the system level. This is for the test
----- These 3 users will only be known in this database
execute p2 using 'values(''derby.user.martin'', ''obfuscateIt'')';
Statement executed.
ij(CONNECTION1)> execute p2 using 'values(''derby.user.dan'', ''makeItFaster'')';
Statement executed.
ij(CONNECTION1)> execute p2 using 'values(''derby.user.mamta'', ''ieScape'')';
Statement executed.
ij(CONNECTION1)> execute p2 using 'values(''derby.database.propertiesOnly'', ''true'')';
Statement executed.
ij(CONNECTION1)> commit;
ij(CONNECTION1)> autocommit on;
ij(CONNECTION1)> --
----- 'ldapSchemeDB' database authentication/authorization config
-----
connect 'ldapSchemeDB;create=true;user=system;password=manager';
ij(CONNECTION2)> autocommit off;
ij(CONNECTION2)> prepare p3 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
ij(CONNECTION2)> execute p3 using 'values(''derby.authentication.provider'', ''LDAP'')';
Statement executed.
ij(CONNECTION2)> execute p3 using 'values(''derby.authentication.server'', ''thehost.opensource.apache.com:389'')';
Statement executed.
ij(CONNECTION2)> execute p3 using 'values(''derby.authentication.ldap.searchBase'', ''o=opensource.apache.com'')';
Statement executed.
ij(CONNECTION2)> -- this is the default search filter
execute p3 using 'values(''derby.authentication.ldap.searchFilter'', ''(&(objectClass=inetOrgPerson)(uid=%USERNAME%))'')';
Statement executed.
ij(CONNECTION2)> commit;
ij(CONNECTION2)> autocommit on;
ij(CONNECTION2)> connect 'ldapSchemeDBJN;create=true;user=system;password=manager';
ij(CONNECTION3)> autocommit off;
ij(CONNECTION3)> prepare p3 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
ij(CONNECTION3)> execute p3 using 'values(''derby.authentication.provider'', ''LDAP'')';
Statement executed.
ij(CONNECTION3)> execute p3 using 'values(''java.naming.provider.url'', ''ldap://thehost.opensource.apache.com:389'')';
Statement executed.
ij(CONNECTION3)> execute p3 using 'values(''derby.authentication.ldap.searchBase'', ''o=opensource.apache.com'')';
Statement executed.
ij(CONNECTION3)> -- this is the default search filter
execute p3 using 'values(''derby.authentication.ldap.searchFilter'', ''(&(objectClass=inetOrgPerson)(uid=%USERNAME%))'')';
Statement executed.
ij(CONNECTION3)> commit;
ij(CONNECTION3)> autocommit on;
ij(CONNECTION3)> disconnect;
ij> --
----- Shutdown the system for database properties to take effect
-----
disconnect all;
ij> connect 'derbySchemeDB;user=system;password=manager;shutdown=true';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij> connect 'ldapSchemeDB;user=system;password=manager;shutdown=true';
ERROR 08006: ldapSchemeDB08006.DDatabase 'ldapSchemeDB' shutdown.((server log XXX)
ij> connect 'ldapSchemeDBJN;user=system;password=manager;shutdown=true';
ERROR 08006: ldapSchemeDBJN08006.DDatabase 'ldapSchemeDBJN' shutdown.((server log XXX)
ij> disconnect all;
ij> -- shuting down the system causes IJ to loose the protocol, therefore
----- we'd be doomed :(
#connect ';shutdown=true;user=system;password=manager';
IJ ERROR: Unable to establish connection
ij> -- 1) Valid authentication & authorization requests/ops
connect 'derbySchemeDB;user=mamta;password=ieScape';
ij> connect 'derbySchemeDB;user=dan;password=makeItFaster';
ij(CONNECTION1)> connect 'derbySchemeDB;user=martin;password=obfuscateIt';
ij(CONNECTION2)> -- Invalid ones:
connect 'derbySchemeDB;user=Jamie;password=theHooligan';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> connect 'derbySchemeDB;user=francois;password=paceesalute';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> show connections;
CONNECTION0 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=mamta;password=ieScape
CONNECTION1 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=dan;password=makeItFaster
CONNECTION2* - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=martin;password=obfuscateIt
* = current connection
ij(CONNECTION2)> --
----- 1rst test phase for LDAP
----- We look-up the user DN and authenticate to LDAP with passed-in
----- credentials
connect 'ldapSchemeDB;user=mamta;password=yeeHaLdap';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> connect 'ldapSchemeDB;user=francois;password=corsica';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> -- Invalid ones:
connect 'ldapSchemeDB;user=Jamie;password=theHooligan';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> connect 'ldapSchemeDB;user=dan;password=makeItFaster';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> -- wrong ldap password
connect 'ldapSchemeDB;user=francois;password=paceesalute';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> show connections;
CONNECTION0 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=mamta;password=ieScape
CONNECTION1 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=dan;password=makeItFaster
CONNECTION2* - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=martin;password=obfuscateIt
* = current connection
ij(CONNECTION2)> --
----- 2nd test phases for LDAP - Cache the User DN locally
----- to avoid the initial look-up
-----
connect 'ldapSchemeDB;user=francois;password=corsica';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> autocommit off;
ij(CONNECTION2)> prepare p5 as 'CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(?,?)';
ij(CONNECTION2)> execute p5 using 'values(''derby.authentication.ldap.searchFilter'', ''derby.user'')';
Statement executed.
ij(CONNECTION2)> -- set the users DN locally now
execute p5 using 'values(''derby.user.mamta'', ''uid=mamta,ou=People,o=opensource.apache.com'')';
Statement executed.
ij(CONNECTION2)> execute p5 using 'values(''derby.user.francois'', ''uid=francois,ou=People,o=opensource.apache.com'')';
Statement executed.
ij(CONNECTION2)> show connections;
CONNECTION0 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=mamta;password=ieScape
CONNECTION1 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=dan;password=makeItFaster
CONNECTION2* - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=martin;password=obfuscateIt
* = current connection
ij(CONNECTION2)> commit;
ij(CONNECTION2)> autocommit on;
ij(CONNECTION2)> -- restart ldapSchemeDB for properties to take effect & reconnect to test
connect 'ldapSchemeDB;user=francois;password=corsica;shutdown=true';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> -- re-test
connect 'ldapSchemeDB;user=mamta;password=yeeHaLdap';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> connect 'ldapSchemeDB;user=francois;password=corsica';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> -- 2a) Some users with no local DN: rachael, kathy
-----     as no local DN cached, look-up will be performed with
-----     default search filter.
-----
connect 'ldapSchemeDB;user=kathy;password=kathyS';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> connect 'ldapSchemeDB;user=rachael;password=rachaelF';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> show connections;
CONNECTION0 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=mamta;password=ieScape
CONNECTION1 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=dan;password=makeItFaster
CONNECTION2* - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=martin;password=obfuscateIt
* = current connection
ij(CONNECTION2)> -- Invalid ones:
connect 'ldapSchemeDB;user=Jamie;password=theHooligan';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> connect 'ldapSchemeDB;user=dan;password=makeItFaster';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> -- wrong ldap password
connect 'ldapSchemeDB;user=francois;password=paceesalute';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> show connections;
CONNECTION0 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=mamta;password=ieScape
CONNECTION1 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=dan;password=makeItFaster
CONNECTION2* - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=martin;password=obfuscateIt
* = current connection
ij(CONNECTION2)> -- Database shutdown - check user - should fail
connect 'derbySchemeDB;shutdown=true';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> connect 'ldapSchemeDB;user=jamie;password=LetMeIn;shutdown=true';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> show connections;
CONNECTION0 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=mamta;password=ieScape
CONNECTION1 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=dan;password=makeItFaster
CONNECTION2* - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=martin;password=obfuscateIt
* = current connection
ij(CONNECTION2)> -- Database shutdown - check user - should succeed
connect 'derbySchemeDB;user=mamta;password=ieScape;shutdown=true';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> connect 'ldapSchemeDB;user=mamta;password=yeeHaLdap;shutdown=true';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> show connections;
CONNECTION0 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=mamta;password=ieScape
CONNECTION1 - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=dan;password=makeItFaster
CONNECTION2* - 	jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:1527/derbySchemeDB;user=martin;password=obfuscateIt
* = current connection
ij(CONNECTION2)> -- Derby system shutdown - check user - should fail
connect ';user=jamie;password=LetMeIn;shutdown=true';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij(CONNECTION2)> disconnect all;
ij> --
----- 1rst test phase for LDAP
----- We look-up the user DN and authenticate to LDAP with passed-in
----- credentials
connect 'ldapSchemeDBJN;user=mamta;password=yeeHaLdap';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij> connect 'ldapSchemeDBJN;user=francois;password=corsica';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij> -- Invalid ones:
connect 'ldapSchemeDBJN;user=Jamie;password=theHooligan';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij> connect 'ldapSchemeDBJN;user=dan;password=makeItFaster';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij> -- wrong ldap password
connect 'ldapSchemeDBJN;user=francois;password=paceesalute';
ERROR (no SQLState): Connection authorization failure occurred.  Reason: userid invalid.
ij> show connections;
No connections available.
ij> disconnect all;
ij> -- Derby system shutdown - check user - should succeed
connect ';user=system;password=manager;shutdown=true';
ERROR XJ015: XJ015.MDerby system shutdown.((server log XXX)
ij>