You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "André Hurschler (Jira)" <ji...@apache.org> on 2021/11/16 22:59:00 UTC

[jira] [Created] (ARTEMIS-3582) random AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from /172.27.48.12:49550. Username: lot-sfmsri.fenmqprd; SSL certificate subject DN: unavailable

André Hurschler created ARTEMIS-3582:
----------------------------------------

             Summary: random AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from /172.27.48.12:49550. Username: lot-sfmsri.fenmqprd; SSL certificate subject DN: unavailable
                 Key: ARTEMIS-3582
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3582
             Project: ActiveMQ Artemis
          Issue Type: Bug
          Components: Broker
    Affects Versions: 2.19.0
            Reporter: André Hurschler


With different random users we get the following error message:

 

AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from /172.27.48.12:49550. Username: lot-sfmsri.fenmqprd; SSL certificate subject DN: unavailable

 

16.11.21 23:05:03,150    
2021-11-16 23:05:03,150 WARN  [org.apache.activemq.artemis.core.client] AMQ212037: Connection failure to /172.27.48.12:49478 has been detected: User name [lot-sfmsri.fenmqprd] or password is invalid. [code=GENERIC_EXCEPTION]
component = org.apache.activemq.artemis.core.clienthost = fenacosrv43113log_level = WARNsource = /amq_prd/log/artemis.log

 

After a restart of the Broker other Users have the same Problem.

We use an ActiveDirectory as the LDAP directory

 

activemq {
   /*
   org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient
       debug=false
       reload=true
       org.apache.activemq.jaas.properties.user="artemis-users.properties"
       org.apache.activemq.jaas.properties.role="artemis-roles.properties";

   org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule sufficient
       debug=false
       org.apache.activemq.jaas.guest.user="admin"
       org.apache.activemq.jaas.guest.role="amq";
   */

   org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule sufficient
       debug=true
       initialContextFactory="com.sun.jndi.ldap.LdapCtxFactory"

       /*
       connectionURL - specify the location of the directory server using an ldap URL, ldap://Host:Port.
       You can optionally qualify this URL, by adding a forward slash, /, followed by the DN of a particular node in the directory tree.
       For example, ldap://ldapserver:10389/ou=system.
       */
       /*
       connectionURL="ldap://main.corp.fenaco.com:389/"
       */
       connectionURL="ldap://ad-ldap-rzsur.main.corp.fenaco.com:389/"


       /*
       authentication - specifies the authentication method used when binding to the LDAP server. Can take either of the values,
         - simple (username and password),
         - GSSAPI (Kerberos SASL) or
         - none (anonymous)
       */
       authentication="simple"



--
This message was sent by Atlassian Jira
(v8.20.1#820001)