You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by ngcutura <ng...@gmail.com> on 2006/06/14 10:48:42 UTC
LDAP Authorization
Hi all,
Is it possible to configure (with existing modules) LDAP authorization?
It is clear to me how to achieve LDAP authentication but I would also like
to use LDAP to store access privileges instead of having them in AMQ config
file.
Regards,
NGC
--
View this message in context: http://www.nabble.com/LDAP-Authorization-t1784884.html#a4861283
Sent from the ActiveMQ - User forum at Nabble.com.
Re: LDAP Authorization
Posted by qbeardn <bo...@msn.com>.
We are also trying to use LDAP for user authentication and message
authorization. A co-worker of mine found a mismatch between the code and
documentation [1].
After assorted code and configuration tweaks, he has arrived at what seems
like a reasonable set of changes and also has a way to authorize message by
queue/topic provided they are predefined. I am aware that JMS does not
allow wild-carded destinations (though ActiveMQ does), and we are looking
for a way to make use of that in our authorization. We are considering
creating a new AuthorizationMap that would reuse much of LDAPAuthorization,
but it seems to me that there is likely a solution which we are just not
finding.
Any help out there?
thanks, bob
[1] For example, on
http://activemq.apache.org/security.html
in the section
LDAP Authentication Using the JAAS Plugin
the configuration parameter
topicSearchMatching
must have been updated to
topicSearchMatchingFormat
which is a MessageFormat in ActiveMQ 5.3.2.
lhays wrote:
>
> I am trying to prototype the use of ActiveMQ and openLDAP, and I am new to
> both applications.
> I see there are issues with the LDAPAuthorizationMap, (AMQ-826).
> I have successfully connected and sent messages/topics through a message
> broker using simpleAuthentication and authorizationEntries, (FUSE
> 5.3.0.5).
> I tried two different authentication/authorization configurations with
> LDAP:
> - authentication/authorization with LDAP
> - authentication with LDAP and authorization with the activemq.xml
> I receive an error on start up when using a LDAPAuthorizationMap, (No
> property "topicSearchFormat" found).
> I receive authorization errors for Advisory Connection topics when I try
> to authorize with the activemq.xml.
>
> I have 2 questions:
> 1. Is there another way to retrieve topic authorization from an LDAP
> source?
> 2. What configuration allows you to authenticate using JAAS/LDAP but
> authorize using the activemq.xml settings?
>
>
> Thanks,
> Lawrence
>
> lhays03@gmail.com
>
>
> ngcutura wrote:
>>
>> There is an issue associated with this (AMQ-826). Conversation has moved
>> there.
>>
>> First version is already included in AMQ (SVN and daily snapshots). I
>> have new version that is complete but I need to finish unit tests before
>> I send the patch.
>>
>> Regards,
>> NGC
>>
>>
>> Sagi Mann wrote:
>>>
>>> Hi, are there any news on this? Could you provide the link to your
>>> thread in the dev forum?
>>>
>>>
>>>
>>
>>
>
>
--
View this message in context: http://old.nabble.com/LDAP-Authorization-tp4861283p29493119.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: LDAP Authorization
Posted by lhays <lh...@gmail.com>.
I am trying to prototype the use of ActiveMQ and openLDAP, and I am new to
both applications.
I see there are issues with the LDAPAuthorizationMap, (AMQ-826).
I have successfully connected and sent messages/topics through a message
broker using simpleAuthentication and authorizationEntries, (FUSE 5.3.0.5).
I tried two different authentication/authorization configurations with LDAP:
- authentication/authorization with LDAP
- authentication with LDAP and authorization with the activemq.xml
I receive an error on start up when using a LDAPAuthorizationMap, (No
property "topicSearchFormat" found).
I receive authorization errors for Advisory Connection topics when I try to
authorize with the activemq.xml.
I have 2 questions:
1. Is there another way to retrieve topic authorization from an LDAP source?
2. What configuration allows you to authenticate using JAAS/LDAP but
authorize using the activemq.xml settings?
Thanks,
Lawrence
lhays03@gmail.com
ngcutura wrote:
>
> There is an issue associated with this (AMQ-826). Conversation has moved
> there.
>
> First version is already included in AMQ (SVN and daily snapshots). I have
> new version that is complete but I need to finish unit tests before I send
> the patch.
>
> Regards,
> NGC
>
>
> Sagi Mann wrote:
>>
>> Hi, are there any news on this? Could you provide the link to your thread
>> in the dev forum?
>>
>>
>>
>
>
--
View this message in context: http://old.nabble.com/LDAP-Authorization-tp4861283p27864409.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: LDAP Authorization
Posted by ngcutura <ng...@gmail.com>.
There is an issue associated with this (AMQ-826). Conversation has moved
there.
First version is already included in AMQ (SVN and daily snapshots). I have
new version that is complete but I need to finish unit tests before I send
the patch.
Regards,
NGC
Sagi Mann wrote:
>
> Hi, are there any news on this? Could you provide the link to your thread
> in the dev forum?
>
>
>
--
View this message in context: http://www.nabble.com/LDAP-Authorization-tf1784884.html#a8073660
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: LDAP Authorization
Posted by Sagi Mann <sa...@gmail.com>.
Hi, are there any news on this? Could you provide the link to your thread in
the dev forum?
--
View this message in context: http://www.nabble.com/LDAP-Authorization-tf1784884.html#a8072372
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: LDAP Authorization
Posted by ngcutura <ng...@gmail.com>.
Hi,
Thank you Hiram and James for help. I followed your instructions and started
some tests with LDAP Authorization Map. I opened a thread on developers'
forum with some questions regarding integration of LDAPAuthorizationMap into
AMQ.
Some guidance would be very helpful!
Thanks and regards,
NGC
--
View this message in context: http://www.nabble.com/LDAP-Authorization-tf1784884.html#a5090045
Sent from the ActiveMQ - User forum at Nabble.com.
Re: LDAP Authorization
Posted by James Strachan <ja...@gmail.com>.
Agreed. Also the unit tests can take a while to run so I'd recommend doing...
svn co https://svn.apache.org/repos/asf/incubator/activemq/trunk activemq
cd activemq
mvn clean install -Dmaven.test.skip=true
On 6/14/06, Hiram Chirino <hi...@hiramchirino.com> wrote:
> I would checkout all of activemq, not just the core.
>
> then run mvn eclipse:eclipse at the root.
> this should setup eclipse project for each of the modules.
>
>
> On 6/14/06, ngcutura <ng...@gmail.com> wrote:
> >
> > Help me start! :-)
> >
> > I downloaded Maven 2 plugin for Eclipse, installed and checked out
> > activemq-core. It won't build, eclipse cannot find activemq-parent.
> >
> > <parent>
> > <artifactId>activemq-parent</artifactId>
> > <groupId>incubator-activemq</groupId>
> > <version>4.1-SNAPSHOT</version>
> > </parent>
> >
> > I am aware that this question is off topic but I cannot get going... I have
> > no experience with Maven and I cannot create ordinary Eclipse project as
> > libraries are missing (Maven knows how to get them but I don't) ...
> > Instructions for NetBeans IDE will also do.
> >
> > Help!
> > NGC
> >
> > --
> > View this message in context: http://www.nabble.com/LDAP-Authorization-t1784884.html#a4868014
> > Sent from the ActiveMQ - User forum at Nabble.com.
> >
> >
>
>
> --
> Regards,
> Hiram
>
--
James
-------
http://radio.weblogs.com/0112098/
Re: LDAP Authorization
Posted by Hiram Chirino <hi...@hiramchirino.com>.
I would checkout all of activemq, not just the core.
then run mvn eclipse:eclipse at the root.
this should setup eclipse project for each of the modules.
On 6/14/06, ngcutura <ng...@gmail.com> wrote:
>
> Help me start! :-)
>
> I downloaded Maven 2 plugin for Eclipse, installed and checked out
> activemq-core. It won't build, eclipse cannot find activemq-parent.
>
> <parent>
> <artifactId>activemq-parent</artifactId>
> <groupId>incubator-activemq</groupId>
> <version>4.1-SNAPSHOT</version>
> </parent>
>
> I am aware that this question is off topic but I cannot get going... I have
> no experience with Maven and I cannot create ordinary Eclipse project as
> libraries are missing (Maven knows how to get them but I don't) ...
> Instructions for NetBeans IDE will also do.
>
> Help!
> NGC
>
> --
> View this message in context: http://www.nabble.com/LDAP-Authorization-t1784884.html#a4868014
> Sent from the ActiveMQ - User forum at Nabble.com.
>
>
--
Regards,
Hiram
Re: LDAP Authorization
Posted by ngcutura <ng...@gmail.com>.
Help me start! :-)
I downloaded Maven 2 plugin for Eclipse, installed and checked out
activemq-core. It won't build, eclipse cannot find activemq-parent.
<parent>
<artifactId>activemq-parent</artifactId>
<groupId>incubator-activemq</groupId>
<version>4.1-SNAPSHOT</version>
</parent>
I am aware that this question is off topic but I cannot get going... I have
no experience with Maven and I cannot create ordinary Eclipse project as
libraries are missing (Maven knows how to get them but I don't) ...
Instructions for NetBeans IDE will also do.
Help!
NGC
--
View this message in context: http://www.nabble.com/LDAP-Authorization-t1784884.html#a4868014
Sent from the ActiveMQ - User forum at Nabble.com.
Re: LDAP Authorization
Posted by James Strachan <ja...@gmail.com>.
On 6/14/06, ngcutura <ng...@gmail.com> wrote:
>
> So I thought looking at the sources...
>
> OK, I'll volounteer! I need that functionality, anyway. :-)
Great!
> I'll need some guidance during implementation. Should I subscribe to the
> developer mailing list?
Sure - or you could use the online developer forum (its the same mailing list)
http://www.nabble.com/ActiveMQ---Dev-f2355.html
--
James
-------
http://radio.weblogs.com/0112098/
Re: LDAP Authorization
Posted by ngcutura <ng...@gmail.com>.
So I thought looking at the sources...
OK, I'll volounteer! I need that functionality, anyway. :-)
I'll need some guidance during implementation. Should I subscribe to the
developer mailing list?
Regards,
NGC
--
View this message in context: http://www.nabble.com/LDAP-Authorization-t1784884.html#a4862446
Sent from the ActiveMQ - User forum at Nabble.com.
Re: LDAP Authorization
Posted by James Strachan <ja...@gmail.com>.
On 6/14/06, ngcutura <ng...@gmail.com> wrote:
>
> Hi all,
>
> Is it possible to configure (with existing modules) LDAP authorization?
>
> It is clear to me how to achieve LDAP authentication but I would also like
> to use LDAP to store access privileges instead of having them in AMQ config
> file.
We've all the plugins to make it fairly easy to slot an implementation
of this into ActiveMQ - but we have no implementation just yet :)
We basically need an implementation of the AuthorizationMap interface...
http://incubator.apache.org/activemq/maven/activemq-core/apidocs/org/apache/activemq/security/AuthorizationMap.html
which uses LDAP/JNDI to find the available ACLs for a given
destination. Then we can just configure that on the
AuthorizationPlugin.
We welcome contributions if anyone fancies taking a stab at this
http://incubator.apache.org/activemq/contributing.html
--
James
-------
http://radio.weblogs.com/0112098/