You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by arpitshah_29 <ar...@yahoo.com> on 2018/04/13 05:58:02 UTC
Re: ActiveMQ Locking down Web Console via LDAP
Hello All -
I am also stuck in same limbo - is there anyone out there who has
successfully Locked down ActiveMQ Console using LDAP?
--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Re: ActiveMQ Locking down Web Console via LDAP
Posted by Tim Bain <tb...@alumni.duke.edu>.
Looks great, thanks for sharing.
Tim
On Thu, May 14, 2020, 7:24 AM eleipold <el...@workhorseintegrations.com>
wrote:
> With the help of this articles and a couple of others, I think I solved the
> problem. Below is a blog that I wrote on it:
>
>
> https://www.workhorseintegrations.com/2020/05/14/securing-activemq-console-with-ldap/
>
>
>
>
>
> --
> Sent from:
> http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
>
Re: ActiveMQ Locking down Web Console via LDAP
Posted by eleipold <el...@workhorseintegrations.com>.
With the help of this articles and a couple of others, I think I solved the
problem. Below is a blog that I wrote on it:
https://www.workhorseintegrations.com/2020/05/14/securing-activemq-console-with-ldap/
--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Re: ActiveMQ Locking down Web Console via LDAP
Posted by eleipold <el...@workhorseintegrations.com>.
I have the same issue with Active Directory and ActiveMQ 5.15.10. The
documentation refers to a cached LDAP configuration. However, that does not
appear to be the correct solution for me. I tried other solutions, including
two login.config configurations, one for the broker and one for the Web
console. The broker is working properly, but the Web console is not. The
problem that I have with the Web console is that
org.eclipse.jetty.plus.jaas.JAASLoginService class no longer exists and I
cannot find a replacement for it.
(from jetty.xml)
<bean id="securityLoginService"
class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<property name="name" value="ActiveMQLDAPRealm" />
<property name="LoginModuleName" value="JettyLdapConfiguration"/>
<property name="CallbackHandlerClass"
value="org.eclipse.jetty.plus.jaas.callback.DefaultCallbackHandler" />
<property name="roleClassNames"
value="org.eclipse.jetty.plus.jaas.JAASRole" />
</bean>
(from login.config)
JettyLdapConfiguration {
org.eclipse.jetty.plus.jaas.spi.LdapLoginModule required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
hostname="********"
port="3269"
useLdaps="true"
bindDn="CN=*****,OU=*******,OU=IntegrationServices,DC=dev,DC=local"
bindPassword="*************"
authenticationMethod="simple"
forceBindingLogin="false"
userBaseDn="DC=dev,DC=local"
userRdnAttribute="uid"
userIdAttribute="uid"
userObjectClass="Person"
roleBaseDn="(memberOf=OU=******,OU=**********,DC=dev,DC=local)"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="groupOfNames"
authenticated="true"
;
};
--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html