1.1
Table Of Contents
- Contents
- About the SQLFire User's Guide
- Supported Configurations and System Requirements
- Getting Started with vFabric SQLFire
- Managing Your Data in vFabric SQLFire
- Designing vFabric SQLFire Databases
- Using Server Groups to Manage Data
- Partitioning Tables
- Replicating Tables
- Estimating Memory Requirements
- Using Disk Stores to Persist Data
- Exporting and Importing Data with vFabric SQLFire
- Using Table Functions to Import Data as a SQLFire Tables
- Developing Applications with SQLFire
- Starting SQLFire Servers with the FabricServer Interface
- Developing Java Clients and Peers
- Configuring SQLFire as a JDBC Datasource
- Storing and Loading JAR Files in SQLFire
- Developing ADO.NET Client Applications
- About the ADO.NET Driver
- ADO.NET Driver Classes
- Installing and Using the ADO.NET driver
- Connecting to SQLFire with the ADO.NET Driver
- Managing Connections
- Executing SQL Commands
- Working with Result Sets
- Storing a Table
- Storing Multiple Tables
- Specifying Command Parameters with SQLFParameter
- Updating Row Data
- Adding Rows to a Table
- Managing SQLFire Transactions
- Performing Batch Updates
- Generic Coding with the SQLFire ADO.NET Driver
- Using SQLFire.NET Designer
- Understanding the Data Consistency Model
- Using Distributed Transactions in Your Applications
- Using Data-Aware Stored Procedures
- Using the Procedure Provider API
- Using the Custom Result Processor API
- Programming User-Defined Types
- Using Result Sets and Cursors
- Caching Data with vFabric SQLFire
- Deploying vFabric SQLFire
- SQLFire Deployment Models
- Steps to Plan and Configure a Deployment
- Configuring Discovery Mechanisms
- Starting and Configuring SQLFire Servers
- Configuring Multi-site (WAN) Deployments
- Configuring Authentication and Authorization
- Configuring User Authentication
- User Names in Authentication and Authorization
- Configuring User Authorization
- Configuring Network Encryption and Authentication with SSL/TLS
- Managing and Monitoring vFabric SQLFire
- Configuring and Using SQLFire Log Files
- Querying SQLFire System Tables and Indexes
- Evaluating Query Plans and Query Statistics
- Overriding Optimizer Choices
- Evaluating System and Application Performance
- Using Java Management Extensions (JMX)
- Best Practices for Tuning Performance
- Detecting and Handling Network Segmentation ("Split Brain")
- vFabric SQLFire Reference
- Configuration Properties
- JDBC API
- Mapping java.sql.Types to SQL Types
- java.sql.BatchUpdateException Class
- java.sql.Connection Interface
- java.sql.DatabaseMetaData Interface
- java.sql.Driver Interface
- java.sql.DriverManager.getConnection Method
- java.sql.PreparedStatement Interface
- java.sql.ResultSet Interface
- java.sql.SavePoint Class
- java.sql.SQLException Class
- java.sql.Statement Class
- javax.sql.XADataSource
- sqlf Launcher Commands
- sqlf backup
- sqlf compact-all-disk-stores
- sqlf compact-disk-store
- sqlf encrypt-password
- sqlf install-jar
- sqlf list-missing-disk-stores
- sqlf locator
- sqlf Logging Support
- sqlf merge-logs
- sqlf remove-jar
- sqlf replace-jar
- sqlf revoke-missing-disk-store
- sqlf server
- sqlf show-disk-store-metadata
- sqlf shut-down-all
- sqlf stats
- sqlf upgrade-disk-store
- sqlf validate-disk-store
- sqlf version
- sqlf write-data-dtd-to-file
- sqlf write-data-to-db
- sqlf write-data-to-xml
- sqlf write-schema-to-db
- sqlf write-schema-to-sql
- sqlf write-schema-to-xml
- sqlf Interactive Commands
- absolute
- after last
- async
- autocommit
- before first
- close
- commit
- connect
- connect client
- connect peer
- describe
- disconnect
- driver
- elapsedtime
- execute
- exit
- first
- get scroll insensitive cursor
- GetCurrentRowNumber
- help
- last
- LocalizedDisplay
- MaximumDisplayWidth
- next
- prepare
- previous
- protocol
- relative
- remove
- rollback
- run
- set connection
- show
- wait for
- SQLFire API
- SQL Language Reference
- Keywords and Identifiers
- SQL Statements
- ALTER TABLE
- CALL
- CREATE Statements
- DECLARE GLOBAL TEMPORARY TABLE
- DELETE
- EXPLAIN
- DROP statements
- GRANT
- INSERT
- REVOKE
- SELECT
- SET ISOLATION
- SET SCHEMA
- TRUNCATE TABLE
- UPDATE
- SQL Queries
- SQL Clauses
- SQL Expressions
- JOIN Operations
- Built-in Functions
- Standard Built-in Functions
- Aggregates (set functions)
- ABS or ABSVAL function
- ACOS function
- ASIN function
- ATAN function
- ATAN2 function
- AVG function
- BIGINT function
- CASE expressions
- CAST function
- CEIL or CEILING function
- CHAR function
- COALESCE function
- Concatenation operator
- COS function
- COSH function
- COT function
- COUNT function
- COUNT(*) function
- CURRENT DATE function
- CURRENT_DATE function
- CURRENT ISOLATION function
- CURRENT_ROLE function
- CURRENT SCHEMA function
- CURRENT TIME function
- CURRENT_TIME function
- CURRENT TIMESTAMP function
- CURRENT_TIMESTAMP function
- CURRENT_USER function
- DATE function
- DAY function
- DEGREES function
- DOUBLE function
- EXP function
- FLOOR function
- HOUR function
- INTEGER function
- LCASE or LOWER function
- LENGTH function
- LN or LOG function
- LOG10 function
- LOCATE function
- LTRIM function
- MAX function
- MIN function
- MINUTE function
- MOD function
- MONTH function
- NULLIF expressions
- PI function
- RADIANS function
- RANDOM function
- RAND function
- RTRIM function
- SECOND function
- SESSION_USER function
- SIGN function
- SIN function
- SINH function
- SMALLINT function
- SQRT function
- SUBSTR function
- SUM function
- TAN function
- TANH function
- TIME function
- TIMESTAMP function
- TRIM function
- UCASE or UPPER function
- USER function
- VARCHAR function
- XMLEXISTS operator
- XMLPARSE operator
- XMLQUERY operator
- XMLSERIALIZE operator
- YEAR function
- SQLFire Built-in Functions
- Standard Built-in Functions
- Built-in System Procedures
- Standard Built-in Procedures
- SYSCS_UTIL.EMPTY_STATEMENT_CACHE
- SYSCS_UTIL.EXPORT_QUERY
- SYSCS_UTIL.EXPORT_TABLE
- SYSCS_UTIL.IMPORT_DATA
- SYSCS_UTIL.IMPORT_DATA_EX
- SYSCS_UTIL.IMPORT_DATA_LOBS_FROM_EXTFILE system procedure
- SYSCS_UTIL.IMPORT_TABLE
- SYSCS_UTIL.IMPORT_TABLE_EX
- SYSCS_UTIL.IMPORT_TABLE_LOBS_FROM_EXTFILE
- SYSCS_UTIL.SET_EXPLAIN_CONNECTION
- SYSCS_UTIL.SET_STATISTICS_TIMING
- JAR Installation Procedures
- Callback Configuration Procedures
- Heap Eviction Configuration Procedures
- WAN Configuration Procedures
- Standard Built-in Procedures
- Data Types
- SQL Standards Conformance
- System Tables
- ASYNCEVENTLISTENERS
- GATEWAYRECEIVERS
- GATEWAYSENDERS
- INDEXES
- JARS
- MEMBERS
- MEMORYANALYTICS
- STATEMENTPLANS
- SYSALIASES
- SYSCHECKS
- SYSCOLPERMS
- SYSCOLUMNS
- SYSCONGLOMERATES
- SYSCONSTRAINTS
- SYSDEPENDS
- SYSDISKSTORES
- SYSFILES
- SYSFOREIGNKEYS
- SYSKEYS
- SYSROLES
- SYSROUTINEPERMS
- SYSSCHEMAS
- SYSSTATEMENTS
- SYSSTATISTICS
- SYSTABLEPERMS
- SYSTABLES
- SYSTRIGGERS
- SYSVIEWS
- Exception Messages and SQL States
- ADO.NET Driver Reference
- SQLFire Data Types in ADO.NET
- VMware.Data.SQLFire.BatchUpdateException
- VMWare.Data.SQLFire.SQLFClientConnection
- VMware.Data.SQLFire.SQLFCommand
- VMware.Data.SQLFire.SQLFCommandBuilder
- VMware.Data.SQLFire.SQLFType
- VMware.Data.SQLFire.SQLFDataAdapter
- VMware.Data.SQLFire.SQLFDataReader
- VMware.Data.SQLFire.SQLFException
- VMware.Data.SQLFire.SQLFParameter
- VMware.Data.SQLFire.SQLFParameterCollection
- VMware.Data.SQLFire.SQLFTransaction
- vFabric SQLFire Limitations
- Troubleshooting Common Problems
- vFabric SQLFire Glossary
- Index
Typically, the user knows only a simple user name (for example, the first part of the DN above, mary). With
SQLFire, you do not need the full DN, because an LDAP client (SQLFire) can go to the directory first as a guest
or even an anonymous user, search for the full DN, then rebind to the directory using the full DN (and thus
authenticate the user).
SQLFire typically initiates a search for a full DN before binding to the directory using the full DN for user
authentication. SQLFire does not initiate a search in the following cases:
• You have set sqlfire.auth-ldap-search-filter to sqlfire.user.
• A user DN has been cached locally for the specific user with the sqlfire.user.UserName property.
For more information, see sqlfire.auth-ldap-search-filter.
Some systems permit anonymous searches; other require a user DN and password. You can specify a user's DN
and password for the search with the properties listed below. In addition, you can limit the scope of the search
by specifying a filter (definition of the object class for the user) and a base (directory from which to begin the
search) with the properties listed below.
Note: Each of the following properties must be specified as a system property when you boot a SQLFire
peer. For example, when booting a new SQLFire server with sqlf, use the command-line option
-J-Dsqlfire.auth-ldap-search-base=searchbase.
• sqlfire.auth-ldap-search-dn (required if your LDAP provider does not support anonymous binding)
Specifies the DN with which to bind (authenticate) to the server when searching for user DNs. This parameter
is optional if anonymous access is supported by your server. If specified, this value must be a DN recognized
by the directory service, and it must also have the authority to search for the entries.
If not set, it defaults to an anonymous search using the root DN specified by the sqlfire.auth-ldap-search-base
property. For example:
uid=guest,o=example.com
• sqlfire.auth-ldap-search-pw (optional)
Specifies the password to use for the guest user configured above to bind to the directory service when looking
up the DN. If not set, it defaults to an anonymous search using the root DN specified by the
sqlfire.auth-ldap-search-base property.
myPassword
• sqlfire.auth-ldap-search-base (required)
Specifies the root DN of the point in your hierarchy from which to begin a guest search for the user's DN. For
example:
ou=people,o=example.com
By default, SQLFire tries to bind the anonymous user for searching when you configure
sqlfire.auth-ldap-search-base. If your LDAP server does not support anonymous binding, also configure
sqlfire.auth-ldap-search-dn and sqlfire.auth-ldap-search-pw.
When using Netscape Directory Server, set this property to the root DN, the special entry to which access
control does not apply (optional).
To narrow the search, you can specify a user's objectClass.
• sqlfire.auth-ldap-search-filter (optional)
Set sqlfire.auth-ldap-search-filter to a logical expression that specifies what constitutes a user for your LDAP
directory service. The default value of this property is objectClass=inetOrgPerson. For example:
objectClass=person
243
Configuring Authentication and Authorization