You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Amit Kumar (JIRA)" <ji...@apache.org> on 2010/12/01 16:28:12 UTC
[jira] Created: (AMQ-3063) Security: LDAPLoginModule: User role
search does not work if connectionUsername and connectionPassword are not
specified
Security: LDAPLoginModule: User role search does not work if connectionUsername and connectionPassword are not specified
------------------------------------------------------------------------------------------------------------------------
Key: AMQ-3063
URL: https://issues.apache.org/jira/browse/AMQ-3063
Project: ActiveMQ
Issue Type: Improvement
Affects Versions: 5.3.0
Environment: LDAP/AD
Reporter: Amit Kumar
Priority: Minor
LDAPLoginModule authenticate() method calls bindUser() for authentication and then immediately after that, it calls getRoles() to fetch the roles for the user based on the specified role search criteria. Note that the bindUser() removes the "java.security.principal" environment if no connectionUsername/password is provided. Calling getRoles() after that does not work because it needs the security principal in the environment to perform the role search.
A sample JAAS Login configuration is provided below -
TestLogin {
org.apache.activemq.jaas.LDAPLoginModule required
debug=false
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://somehost:389"
connectionProtocol=""
authentication=simple
userBase="OU=users,O=domain"
userSearchMatching="(uid={0})"
userSearchSubtree=true
userRoleName="memberOf"
roleName="CN"
roleBase="OU=Groups,O=domain"
roleSearchMatching="member={0}"
roleSearchSubtree=true
;
};
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.