You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2012/11/29 14:17:04 UTC
svn commit: r1415153 - in /qpid/branches/0.20/qpid/doc/book/src/java-broker:
./ Java-Broker-Security-Authentication-Providers.xml
Author: robbie
Date: Thu Nov 29 13:17:04 2012
New Revision: 1415153
URL: http://svn.apache.org/viewvc?rev=1415153&view=rev
Log:
QPID-4462: add some documentation regarding the security provider workaround, until the issue can be fixed
merge from trunk r1414821
Modified:
qpid/branches/0.20/qpid/doc/book/src/java-broker/ (props changed)
qpid/branches/0.20/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml
Propchange: qpid/branches/0.20/qpid/doc/book/src/java-broker/
------------------------------------------------------------------------------
Merged /qpid/trunk/qpid/doc/book/src/java-broker:r1414821
Modified: qpid/branches/0.20/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml
URL: http://svn.apache.org/viewvc/qpid/branches/0.20/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml?rev=1415153&r1=1415152&r2=1415153&view=diff
==============================================================================
--- qpid/branches/0.20/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml (original)
+++ qpid/branches/0.20/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml Thu Nov 29 13:17:04 2012
@@ -38,18 +38,44 @@
</section>
- <section>
+ <section id="LDAPAuthManager">
<title>LDAP</title>
+
+ <para>
+ LDAP authentication can be configured using the <simple-ldap-auth-manager> element
+ within the <security> section. An example of how to configure this is shown below.
+ Please note this example also configures an unused <pd-auth-manager> to use an empty
+ password file, this is a workaround for an issue relating to registration of security providers.
+ </para>
+
+ <para>
+ <emphasis>NOTE: When using LDAP authentication, you must also use SSL on the brokers AMQP messaging and
+ JMX/HTTP management ports in order to protect passwords during transmission to the broker.</emphasis>
+ </para>
<example>
<title>Configuring LDAP authentication</title>
<programlisting><![CDATA[
<security>
- <simple-ldap-auth-manager>
- <provider-url>ldaps://example.com:636/</provider-url>
- <search-context>dc=example\,dc=com</search-context>
- <search-filter>(uid={0})</search-filter>
- </simple-ldap-auth-manager>
- ...
+ <default-auth-manager>SimpleLDAPAuthenticationManager</default-auth-manager>
+ <simple-ldap-auth-manager>
+ <provider-url>ldaps://example.com:636/</provider-url>
+ <search-context>dc=example\,dc=com</search-context>
+ <search-filter>(uid={0})</search-filter>
+ </simple-ldap-auth-manager>
+
+ <!-- Unused pd-auth-manager, a workaround to register the necessary security providers -->
+ <pd-auth-manager>
+ <principal-database>
+ <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
+ <attributes>
+ <attribute>
+ <name>passwordFile</name>
+ <value>${conf}/emptyPasswdFile</value>
+ </attribute>
+ </attributes>
+ </principal-database>
+ <pd-auth-manager>
+ ...
</security>]]></programlisting>
</example>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org