You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@activemq.apache.org by "Dejan Bosanac (JIRA)" <ji...@apache.org> on 2012/06/11 11:29:43 UTC

[jira] [Resolved] (AMQ-3845) CachedLDAPAuthorizationMap doesn't handle the ldap connectino dying

     [ https://issues.apache.org/jira/browse/AMQ-3845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dejan Bosanac resolved AMQ-3845.
--------------------------------

       Resolution: Fixed
    Fix Version/s: 5.7.0

Fixed with svn revision 1348761. I added some logic around handling a context and recreating it if necessary.
                
> CachedLDAPAuthorizationMap doesn't handle the ldap connectino dying
> -------------------------------------------------------------------
>
>                 Key: AMQ-3845
>                 URL: https://issues.apache.org/jira/browse/AMQ-3845
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.6.0
>            Reporter: Mike Bryant
>            Assignee: Dejan Bosanac
>              Labels: authorization, ldap, quick_to_fix, security
>             Fix For: 5.7.0
>
>   Original Estimate: 10m
>  Remaining Estimate: 10m
>
> If the ldap connection dies for some reason (ldap server restarting etc.), the broker will continue to attempt to use the old connection for authorization, resulting in all attempts to use the broker being denied.
> In CachedLDAPAuthorizationMap.java, the open() function just returns the context if one exists. Instead, it should check to see if the context is still valid, and if not create one.
> Alternatively, the caching of the ldap connection can be removed entirely, and then in the refreshInterval>0 case, a new ldap connection will be made each refresh interval (default setting: every 5 minutes).
> i.e. delete these lines:
>         if (context != null) {
>             return context;
>         }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira