You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Chris Krusch (Jira)" <ji...@apache.org> on 2022/05/06 18:18:00 UTC

[jira] [Comment Edited] (AMQ-8599) cachedLDAPAuthorizationMap - Security failures following LDAP Connection failures

    [ https://issues.apache.org/jira/browse/AMQ-8599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17533020#comment-17533020 ] 

Chris Krusch edited comment on AMQ-8599 at 5/6/22 6:17 PM:
-----------------------------------------------------------

We realized when submitting this that our refreshInterval is actually set to 900 which is way too short but may explain why the problem only lasted for 15 seconds.  We'll be updating it to 300,000 (5 min) shortly...


was (Author: JIRAUSER285335):
We realized when submitting this that our refreshInterval=900 is way too short but may explain why the problem only lasted for 15 seconds.  We'll be updating it to 300,000 (5 min) shortly...

> cachedLDAPAuthorizationMap - Security failures following LDAP Connection failures
> ---------------------------------------------------------------------------------
>
>                 Key: AMQ-8599
>                 URL: https://issues.apache.org/jira/browse/AMQ-8599
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Security/JAAS
>    Affects Versions: 5.16.4
>         Environment: ActiveMQ Classic 5.16.4
> Configured for LDAP authentication via jaas, loading of authorization data via cachedLDAPauthorizationMap module
> We realized when submitting this that our refreshInterval=900 is way too short but may explain why the problem only lasted for 15 seconds.  We'll be updating it to 300,000 (5 min) shortly...
>            Reporter: Chris Krusch
>            Priority: Major
>         Attachments: cachedLDAPauthorization-Config.txt, cachedLDAPauthorization-Logs.txt
>
>
> Authorization errors occurred for a period of time (15 seconds) following a failed LDAP connection in cachedLDAPAuthorizationMap. Query interval is set to 5 minutes.
> Log files showing behaviour and associated configuration will be attached.
> Difficult to produce a test that can simulate the LDAP failure and resulting behaviour.
> My understanding is the module should continue with the previously loaded authorization maps if any errors are encountered loading a new configuration, so opening as a possible bug.
>  



--
This message was sent by Atlassian Jira
(v8.20.7#820007)