You can allow Derby to
authenticate users against an existing LDAP directory service within your
enterprise. LDAP (lightweight directory access protocol) provides an open
directory access protocol running over TCP/IP. An LDAP directory service can
quickly authenticate a user's name and password.
The runtime library provided with the Java Development Kit (JDK) includes
libraries that allow you to access an LDAP directory service.
To use an LDAP directory service, set derby.authentication.provider to
Examples of LDAP service providers include the 389 Directory Server and
Guest access to search for DNs
In an LDAP system, users are hierarchically organized in the directory as a set of entries. An entry is a set of name-attribute pairs identified by a unique name, called a DN (distinguished name).
LDAP performance issues
For performance reasons, the LDAP directory server should be in the same LAN as Derby. Derby does not cache the user's credential information locally and thus must connect to the directory server every time a user connects.