You can allow Derby to authenticate users against an existing LDAP directory service within your enterprise. LDAP (lightweight directory access protocol) provides an open directory access protocol running over TCP/IP. An LDAP directory service can quickly authenticate a user's name and password.
The runtime library provided with the Java Development Kit (JDK) includes libraries that allow you to access an LDAP directory service. See the API documentation for the javax.naming.ldap package at http://download.oracle.com/javase/6/docs/api/, the LDAP section of the JNDI tutorial at http://download.oracle.com/javase/tutorial/jndi/ldap/, and the LDAP section of the JNDI specification at http://download.oracle.com/javase/1.5.0/docs/guide/jndi/spec/jndi/jndi.5.html#pgfId=999241.
To use an LDAP directory service, set derby.authentication.provider to LDAP and specify appropriate permissions in your security policy file.
Examples of LDAP service providers include the 389 Directory Server and OpenLDAP.