You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Amit Kumar (JIRA)" <ji...@apache.org> on 2010/12/01 16:51:10 UTC
[jira] Created: (AMQ-3064) Security: LDAPLoginModule: Specifying
userRoleName as 'memberOf' fetches the full DN of the group, and
initializes a GroupPrincipal with full DN
Security: LDAPLoginModule: Specifying userRoleName as 'memberOf' fetches the full DN of the group, and initializes a GroupPrincipal with full DN
------------------------------------------------------------------------------------------------------------------------------------------------
Key: AMQ-3064
URL: https://issues.apache.org/jira/browse/AMQ-3064
Project: ActiveMQ
Issue Type: Wish
Affects Versions: 5.3.0
Reporter: Amit Kumar
In the sample below, when I specify the userRoleName as 'memberOf', it initializes a GroupPrincipal with the name as full DN. e.g. 'CN=somegroupIAMMemberOf,OU=Groups,O=domain'...
This may not work if the expected role is 'somegroupIAMMemberOf'.
TestLogin {
org.apache.activemq.jaas.LDAPLoginModule required
debug=false
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://something:389"
connectionUsername="uid=generic.gen,OU=Generics,O=something"
connectionPassword="generic123"
connectionProtocol=""
authentication=simple
userBase="OU=Users,O=something"
userSearchMatching="(uid={0})"
userSearchSubtree=true
userRoleName="memberOf"
roleName="CN"
roleBase="OU=Groups,O=something"
roleSearchMatching="member={0}"
roleSearchSubtree=true
;
};
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQ-3064) Security: LDAPLoginModule: Specifying
userRoleName as 'memberOf' fetches the full DN of the group, and
initializes a GroupPrincipal with full DN
Posted by "Amit Kumar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMQ-3064?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Amit Kumar updated AMQ-3064:
----------------------------
Priority: Minor (was: Major)
> Security: LDAPLoginModule: Specifying userRoleName as 'memberOf' fetches the full DN of the group, and initializes a GroupPrincipal with full DN
> ------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-3064
> URL: https://issues.apache.org/jira/browse/AMQ-3064
> Project: ActiveMQ
> Issue Type: Wish
> Affects Versions: 5.3.0
> Reporter: Amit Kumar
> Priority: Minor
>
> In the sample below, when I specify the userRoleName as 'memberOf', it initializes a GroupPrincipal with the name as full DN. e.g. 'CN=somegroupIAMMemberOf,OU=Groups,O=domain'...
> This may not work if the expected role is 'somegroupIAMMemberOf'.
> TestLogin {
> org.apache.activemq.jaas.LDAPLoginModule required
> debug=false
> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
> connectionURL="ldap://something:389"
> connectionUsername="uid=generic.gen,OU=Generics,O=something"
> connectionPassword="generic123"
> connectionProtocol=""
> authentication=simple
> userBase="OU=Users,O=something"
> userSearchMatching="(uid={0})"
> userSearchSubtree=true
> userRoleName="memberOf"
> roleName="CN"
> roleBase="OU=Groups,O=something"
> roleSearchMatching="member={0}"
> roleSearchSubtree=true
> ;
> };
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.