You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Justin Bertram (JIRA)" <ji...@apache.org> on 2016/01/29 03:45:39 UTC

[jira] [Commented] (AMQ-6148) When use LDAP auth, Activemq should not always connect to ldap service to do authentication

    [ https://issues.apache.org/jira/browse/AMQ-6148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15122828#comment-15122828 ] 

Justin Bertram commented on AMQ-6148:
-------------------------------------

For what it's worth, [Apache ActiveMQ Artemis|http://activemq.apache.org/artemis/] (a sub-project of Apache ActiveMQ) employs a caching mechanism so that whatever login module is being used isn't called *every* time an authentication is performed.  It's controlled by a simple time-out.  You can see the details in [org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl|https://github.com/apache/activemq-artemis/blob/master/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java]

> When use LDAP auth, Activemq should not always connect to ldap service to do authentication
> -------------------------------------------------------------------------------------------
>
>                 Key: AMQ-6148
>                 URL: https://issues.apache.org/jira/browse/AMQ-6148
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.11.1
>            Reporter: JIE CHEN
>            Priority: Critical
>
> I am using LDAP service to do authentication for ActiveMQ, and I found everytime ActiveMQ servers try to establish a connection between ActiveMQ client, the ActiveMQ server will create a connection to LDAP server to do authentication. That's is not good, think about there are thousands of ActiveMQ clients are trying to connect to ActiveMQ servers, the ActiveMQ servers will need to create thousands of connections to LDAP servers. And moreover it is not reliable as well because the connection between LDAP servers and ActiveMQ servers could be broken sometimes. We need something similar as Cached LDAP Authorization Module. It is more reasonable that the ActiveMQ will cache the ldap account credential in local memory and refresh in certain interval.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)