Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
tutorial:adm:mssql_database_support [2020/06/24 14:59]
apeterova integrated authentication
tutorial:adm:mssql_database_support [2020/06/24 15:09] (current)
apeterova domain user note
Line 91: Line 91:
 An example is valid for JDBC driver [[https://​docs.microsoft.com/​en-us/​sql/​connect/​jdbc/​download-microsoft-jdbc-driver-for-sql-server?​view=sql-server-2017|from official Microsoft Docs]] or [[http://​clojars.org/​repo/​com/​microsoft/​sqlserver/​sqljdbc4/​4.0/​sqljdbc4-4.0.jar|Sqljdbc4 4.0]], if you want to use another driver please setup the correct url. An example is valid for JDBC driver [[https://​docs.microsoft.com/​en-us/​sql/​connect/​jdbc/​download-microsoft-jdbc-driver-for-sql-server?​view=sql-server-2017|from official Microsoft Docs]] or [[http://​clojars.org/​repo/​com/​microsoft/​sqlserver/​sqljdbc4/​4.0/​sqljdbc4-4.0.jar|Sqljdbc4 4.0]], if you want to use another driver please setup the correct url.
  
-FIXME Not fully tested. ​If you need to use a domain user, set the property username like this: ''​DOMAIN\\idmamin''​. Java will translate the double backslash to a single backslash. If you use only single backslash, it will not be sent to the SQL Server at all and the SQL Server will not find the user. Also, if you have too long login, use its shorter version (sAMAccountName).+If you need to use a domain user, set the property username like this: ''​DOMAIN\\idmamin''​. Java will translate the double backslash to a single backslash. If you use only single backslash, it will not be sent to the SQL Server at all and the SQL Server will not find the user. Also, if you have too long login, use its shorter version (sAMAccountName). ​Also you should probably set ''​authentication=ActiveDirectoryIntegrated'',​ but it hasn't been truly tested yet. FIXME
  
 === Windows Integrated Authentication === === Windows Integrated Authentication ===
Line 121: Line 121:
 The example is valid for SQL server running on the server "​xsqlserver123",​ instance "​CZECHIDM",​ database "​bcv\_idm\_storage"​. Note that the parameters username and password are omitted; this is required for this type of authentication. The example is valid for SQL server running on the server "​xsqlserver123",​ instance "​CZECHIDM",​ database "​bcv\_idm\_storage"​. Note that the parameters username and password are omitted; this is required for this type of authentication.
  
-Finally, restart the Apache Tomcat8 service so all changes take place.+7. Add SQL server certificate to Java truststore (FIXME how?). Workaround: add property ''​trustServerCertificate=true''​ to the JDBC URL above. 
 +</​note>​ 
 + 
 +8. Finally, restart the Apache Tomcat8 service so all changes take place. 
 + 
  
  
Line 184: Line 189:
   * which type of authentication is used - e.g. if you use a domain account ("NT account"​) in combination with SQL Server authentication made for local accounts.   * which type of authentication is used - e.g. if you use a domain account ("NT account"​) in combination with SQL Server authentication made for local accounts.
  
 +==== Instances and ports ====
 +
 +Usually, you don't need to specify the port when connecting to SQL Server. By default the driver calls built-in [[https://​docs.microsoft.com/​en-us/​sql/​tools/​configuration-manager/​sql-server-browser-service?​view=sql-server-ver15|SQL Server Browser service]] and obtains the dynamic port, where the DB instance runs. This works also when there is only a default instance.
 +
 +The default SQL Server port (1433) doesn'​t need to be accessible through the network, so don't use it in the connection URL if you don't need to.