LDAP directory service
You can allow Derby to
authenticate users against an existing LDAP directory service within your
enterprise. LDAP (lightweight directory access protocol) provides an open
directory access protocol running over TCP/IP. An LDAP directory service can
quickly authenticate a user's name and password.
The runtime library provided with the Java Development Kit (JDK) includes
libraries that allow you to access an LDAP directory service.
To use an LDAP directory service, set derby.authentication.provider to
Examples of LDAP service providers include the 389 Directory Server and
- Setting up Derby to use your LDAP directory service
When specifying LDAP as your authentication service, you must specify what LDAP server to use.
- Guest access to search for DNs
In an LDAP system, users are hierarchically organized in the directory as a set of entries. An entry is a set of name-attribute pairs identified by a unique name, called a DN (distinguished name).
- LDAP performance issues
For performance reasons, the LDAP directory server should be in the same LAN as Derby. Derby does not cache the user's credential information locally and thus must connect to the directory server every time a user connects.
- LDAP restrictions
Derby does not support LDAP groups.