LDAP directory service
You can allow Derby to
authenticate users against an existing LDAP directory service within your
enterprise. LDAP (lightweight directory access protocol) provides an open
directory access protocol running over TCP/IP. An LDAP directory service can
quickly authenticate a user's name and password.
To use an LDAP directory service, set derby.authentication.provider to LDAP.
Examples of LDAP service providers are:
- Libraries for LDAP user authentication
To use an LDAP directory service with Derby, you need these libraries in your classpath.
- Setting up Derby to use your LDAP directory service
When specifying LDAP as your authentication service, you must specify what LDAP server to use.
- Guest access to search for DNs
In an LDAP system, users are hierarchically organized in the directory as a set of entries. An entry is a set of name-attribute pairs identified by a unique name, called a DN (distinguished name).
- LDAP performance issues
For performance reasons, the LDAP directory server should be in the same LAN as Derby. Derby does not cache the user's credential information locally and thus must connect to the directory server every time a user connects.
- Considerations when using Windows NT with LDAP
Netscape provides LDAP functionality for Windows NT systems with its Netscape Directory Synchronization service, which synchronizes the Windows NT users with the Netscape Directory Server. SSL is recommended in this configuration.
- LDAP restrictions
Derby does not support LDAP groups.