[LDAP] User is not authorized to create topic://ActiveMQ.Advisory.Connection

[Burkhard <bu...@gmail.com>]

I'm trying to implement LDAP based authentication and authorization in
ActiveMQ.

The LDAP part is done with ApacheDS 2.0.

I created the users (e.g. uid=user2,ou=users,o=X) as inetOrgPerson with a
SHA userPassword.
The ou=system looks like this: 
LDAP.png <http://activemq.2283324.n4.nabble.com/file/t379096/LDAP.png>  

The shiro.ini contains:
ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=users,o=X
ldapRealm.contextFactory.url = ldap://localhost:10389
securityManager.realms = $ldapRealm

The authentication is working from Java:

Factory<SecurityManager> factory = new
IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
AuthenticationToken authenticationToken = new UsernamePasswordToken("user2",
"password123");
AuthenticationInfo authenticationInfo =
securityManager.authenticate(authenticationToken);
System.out.println("authenticationInfo: " + authenticationInfo);
//authenticationInfo: user2

However, when connecting to the MoM-Broker and trying to send a Message I
get the following Exception:

SecurityException: Subject [user2] is not authorized to create destination:
topic://ActiveMQ.Advisory.Connection

How can I grant this user to create the destination topic?

For reference, I tried to get an answer  here
<https://stackoverflow.com/q/50703245/12860>   first.




--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html