When specifying LDAP as your authentication service, you must specify what LDAP server to use.
To connect to the OpenDS LDAP server, add the following lines to your Derby configuration file, derby.properties. You may also want to store these properties in your database and lock them down by setting the derby.database.propertiesOnly property (see Configuring coarse-grained user authorization for an example of how to lock down database properties):
derby.connection.requireAuthentication=true derby.authentication.server=ldap://127.0.0.1:1389 derby.authentication.provider=LDAP derby.authentication.ldap.searchAuthPW=YOUR_SELECTED_PASSWORD derby.authentication.ldap.searchAuthDN=cn=Directory Manager derby.authentication.ldap.searchBase=dc=example,dc=com derby.authentication.ldap.searchFilter=objectClass=person
Finally, start ij in the directory where you created your derby.properties (this ensures that embedded Derby will come up with the authentication settings listed above). Run the following commands:
java org.apache.derby.tools.ij ij version 10.11 ij> connect 'jdbc:derby:testdb;create=true;user=tquist;password=tquist';
Verify that authentication works by trying to connect again, this time with bad credentials:
java org.apache.derby.tools.ij ij version 10.11 ij> connect 'jdbc:derby:testdb;create=true;user=tquist;password=badpassword'; ERROR 08004: Connection authentication failure occurred. Reason: Invalid authentication...
When you set the property derby.authentication.server, you can specify the LDAP server using just the server name, the server name and its port number separated by a colon, or an ldap URL as shown in the example. If you do not provide a full URL, Derby will by default use unencrypted LDAP. To use SSL encrypted LDAP, specify a URL that starts with ldaps://. For details on the derby.authentication.server and derby.authentication.provider properties, see the Derby Reference Manual.