You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by Chris Robison <ch...@gmail.com> on 2012/02/01 19:22:53 UTC
Using LDAP login module
I'm trying to use the LDAP login module to tie into Active Directory.
Here's what my AMQ conf looks like:
<plugins>
<jaasAuthenticationPlugin configuration="ldap-login" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="MQCoreAdmin" write="MQCoreAdmin"
admin="MQCoreAdmin" />
<authorizationEntry topic=">" read="MQCoreAdmin" write="MQCoreAdmin"
admin="MQCoreAdmin" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
Here is what the login.config looks like:
ldap-login {
org.apache.activemq.jaas.LDAPLoginModule required
debug=true
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://dc101.cdr.corp"
connectionUsername="CN=AMQ Service User,CN=Users,DC=cdr,DC=corp"
connectionPassword=Password!
connectionProtocol=""
authentication=simple
userBase="OU=Users,OU=ActiveMQ,DC=cdr,DC=corp"
userSearchMatching="(samaccountname={0})"
userSearchSubtree=false
roleBase="OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp"
roleName=cn
roleSearchMatching="(member={0})"
roleSearchSubtree=false
;
};
I'm trying to simply connect another broker to this broker. Here is the
network connector config that I'm using on the second broker:
<networkConnectors>
<networkConnector uri="static:(tcp://localhost:61616)"
duplex="true" userName="mqsiteuser1" password="Password!"/>
</networkConnectors>
Here's the exception I'm getting in the logs:
2012-02-01 11:14:07,064 | WARN | Failed to add Connection
ID:ubuntu1-54051-1328120046405-2:1, reason: java.lang.SecurityException:
User name or password is invalid. |
org.apache.activemq.broker.TransportConnection | ActiveMQ Transport: tcp:///
127.0.0.1:45176
2012-02-01 11:14:07,070 | DEBUG | Exception detail: |
org.apache.activemq.broker.TransportConnection | ActiveMQ Transport: tcp:///
127.0.0.1:45176
java.lang.SecurityException: User name or password is invalid.
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
at
org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:91)
at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:692)
at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:137)
at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:306)
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:179)
at
org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116)
at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
at
org.apache.activemq.transport.vm.VMTransport.dispatch(VMTransport.java:121)
at org.apache.activemq.transport.vm.VMTransport.oneway(VMTransport.java:112)
at
org.apache.activemq.transport.MutexTransport.oneway(MutexTransport.java:40)
at
org.apache.activemq.transport.ResponseCorrelator.oneway(ResponseCorrelator.java:60)
at
org.apache.activemq.network.DemandForwardingBridgeSupport.serviceRemoteCommand(DemandForwardingBridgeSupport.java:516)
at
org.apache.activemq.network.DemandForwardingBridgeSupport$2.onCommand(DemandForwardingBridgeSupport.java:165)
at
org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116)
at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
at
org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:227)
at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:220)
at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:202)
at java.lang.Thread.run(Thread.java:679)
Caused by: java.lang.SecurityException: Configuration Error:
Line 6: expected [option key], found [null]
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:110)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
at java.lang.Class.newInstance0(Class.java:372)
at java.lang.Class.newInstance(Class.java:325)
at javax.security.auth.login.Configuration$3.run(Configuration.java:264)
at javax.security.auth.login.Configuration$3.run(Configuration.java:260)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.Configuration.getConfiguration(Configuration.java:259)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:254)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:252)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:251)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:418)
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:75)
... 22 more
Caused by: java.io.IOException: Configuration Error:
Line 6: expected [option key], found [null]
at com.sun.security.auth.login.ConfigFile.match(ConfigFile.java:577)
at
com.sun.security.auth.login.ConfigFile.parseLoginEntry(ConfigFile.java:440)
at com.sun.security.auth.login.ConfigFile.readConfig(ConfigFile.java:383)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:283)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:219)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:108)
... 38 more
I'm not understanding the Configuration Error. What is it expecting that
I'm not giving it? Any help would be appreciated.
Thanks,
Chris
Re: Using LDAP login module
Posted by Torsten Mielke <to...@fusesource.com>.
Hi,
There is an tutorial for configuring ActiveMQ to authenticate against an LDAP server in the ActiveMQ Security Guide from FuseSource.
http://fusesource.com/docs/broker/5.5/security/front.html
See chapter 6 "LDAP tutorial" for a step-by-step guide.
Further, my blog contains two posts that extend this tutorial with the following topics
- Securing the broker using LDAP based authentication but also allowing anonymous connections
with restricted permissions
http://tmielke.blogspot.com/2011/12/activemq-ldap-based-authentication-and.html
- Securing the ActiveMQ web console to do LDAP based authentication
http://tmielke.blogspot.com/2011/12/securing-activemq-web-console-using.html
Hope this will be helpful.
Torsten Mielke
torsten@fusesource.com
tmielke@blogspot.com
On Feb 1, 2012, at 10:03 PM, Matt Pavlovich wrote:
> Glad to hear :-)
>
> On 2/1/12 3:00 PM, Chris Robison wrote:
>> Sweet! Now I'm getting an LDAP error, which is progress.
>>
>> On Wed, Feb 1, 2012 at 1:56 PM, Matt Pavlovich<ma...@gmail.com> wrote:
>>
>>> Ah, start w/ line 0.. that puts it at connectionPassword. Try adding " "
>>> around "Password!". The exclamation point may be throwing it off.
>>>
>>>
>>> On 2/1/12 2:47 PM, Chris Robison wrote:
>>>
>>>> The error says line 6 which in my login.config is connectionUsername.
>>>>
>>>> Chris
>>>>
>>>> On Wed, Feb 1, 2012 at 1:42 PM, Chris Robison<ch...@gmail.com>
>>>>> wrote:
>>>> When I run it, I still get the error.
>>>>>
>>>>> On Wed, Feb 1, 2012 at 1:32 PM, Matt Pavlovich<ma...@gmail.com>
>>>>> wrote:
>>>>>
>>>>> Chris-
>>>>>> I whipped up a quick unit test, and this passed. I set the
>>>>>> connectionProtocol=s, w/o quotes.
>>>>>>
>>>>>>
>>>>>> ldap-login {
>>>>>> org.apache.activemq.jaas.****LDAPLoginModule required
>>>>>> debug=true
>>>>>> initialContextFactory=com.sun.****jndi.ldap.LdapCtxFactory
>>>>>> connectionURL="ldap://dc101.****cdr.corp"
>>>>>>
>>>>>> connectionUsername="CN=AMQ Service User,CN=Users,DC=cdr,DC=corp"
>>>>>> connectionPassword=Password!
>>>>>> connectionProtocol=s
>>>>>>
>>>>>> authentication=simple
>>>>>> userBase="OU=Users,OU=****ActiveMQ,DC=cdr,DC=corp"
>>>>>> userSearchMatching="(****samaccountname={0})"
>>>>>> userSearchSubtree=false
>>>>>> roleBase="OU=Groups,OU=****ActiveMQ,DC=cdr,DC=corp"
>>>>>> roleName=cn
>>>>>> roleSearchMatching="(member={****0})"
>>>>>>
>>>>>> roleSearchSubtree=false
>>>>>> ;
>>>>>> };
>>>>>>
>>>>>>
>>>>>> On 2/1/12 2:24 PM, Chris Robison wrote:
>>>>>>
>>>>>> I can do that. I'll let you know.
>>>>>>> On Wed, Feb 1, 2012 at 1:19 PM, Matt Pavlovich<ma...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> How comfortable are you with Java? The next step to try would be to
>>>>>>>
>>>>>>>> write
>>>>>>>> up a quick Java unit test that has the ConfigFile class try to
>>>>>>>> intialize
>>>>>>>> against your login.config file.
>>>>>>>>
>>>>>>>> See:
>>>>>>>>
>>>>>>>> com.sun.security.auth.login.******ConfigFile
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 2/1/12 1:59 PM, Chris Robison wrote:
>>>>>>>>
>>>>>>>> Yeah, it's the exact same exception.
>>>>>>>>
>>>>>>>>> On Wed, Feb 1, 2012 at 12:55 PM, Matt Pavlovich<ma...@gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Are you getting the exact same exception? Your original exception
>>>>>>>>> cause
>>>>>>>>>
>>>>>>>>> shows a null value for a key in that config:
>>>>>>>>>>
>>>>>>>>>> Caused by: java.io.IOException: Configuration Error:
>>>>>>>>>> Line 6: expected [option key], found [null]
>>>>>>>>>> at com.sun.security.auth.login.**********ConfigFile.match(**
>>>>>>>>>> ConfigFile.******
>>>>>>>>>> java:577)
>>>>>>>>>> at
>>>>>>>>>> com.sun.security.auth.login.**********ConfigFile.**
>>>>>>>>>> parseLoginEntry(******ry(**
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
Re: Using LDAP login module
Posted by Matt Pavlovich <ma...@gmail.com>.
Glad to hear :-)
On 2/1/12 3:00 PM, Chris Robison wrote:
> Sweet! Now I'm getting an LDAP error, which is progress.
>
> On Wed, Feb 1, 2012 at 1:56 PM, Matt Pavlovich<ma...@gmail.com> wrote:
>
>> Ah, start w/ line 0.. that puts it at connectionPassword. Try adding " "
>> around "Password!". The exclamation point may be throwing it off.
>>
>>
>> On 2/1/12 2:47 PM, Chris Robison wrote:
>>
>>> The error says line 6 which in my login.config is connectionUsername.
>>>
>>> Chris
>>>
>>> On Wed, Feb 1, 2012 at 1:42 PM, Chris Robison<ch...@gmail.com>
>>>> wrote:
>>> When I run it, I still get the error.
>>>>
>>>> On Wed, Feb 1, 2012 at 1:32 PM, Matt Pavlovich<ma...@gmail.com>
>>>> wrote:
>>>>
>>>> Chris-
>>>>> I whipped up a quick unit test, and this passed. I set the
>>>>> connectionProtocol=s, w/o quotes.
>>>>>
>>>>>
>>>>> ldap-login {
>>>>> org.apache.activemq.jaas.****LDAPLoginModule required
>>>>> debug=true
>>>>> initialContextFactory=com.sun.****jndi.ldap.LdapCtxFactory
>>>>> connectionURL="ldap://dc101.****cdr.corp"
>>>>>
>>>>> connectionUsername="CN=AMQ Service User,CN=Users,DC=cdr,DC=corp"
>>>>> connectionPassword=Password!
>>>>> connectionProtocol=s
>>>>>
>>>>> authentication=simple
>>>>> userBase="OU=Users,OU=****ActiveMQ,DC=cdr,DC=corp"
>>>>> userSearchMatching="(****samaccountname={0})"
>>>>> userSearchSubtree=false
>>>>> roleBase="OU=Groups,OU=****ActiveMQ,DC=cdr,DC=corp"
>>>>> roleName=cn
>>>>> roleSearchMatching="(member={****0})"
>>>>>
>>>>> roleSearchSubtree=false
>>>>> ;
>>>>> };
>>>>>
>>>>>
>>>>> On 2/1/12 2:24 PM, Chris Robison wrote:
>>>>>
>>>>> I can do that. I'll let you know.
>>>>>> On Wed, Feb 1, 2012 at 1:19 PM, Matt Pavlovich<ma...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>> How comfortable are you with Java? The next step to try would be to
>>>>>>
>>>>>>> write
>>>>>>> up a quick Java unit test that has the ConfigFile class try to
>>>>>>> intialize
>>>>>>> against your login.config file.
>>>>>>>
>>>>>>> See:
>>>>>>>
>>>>>>> com.sun.security.auth.login.******ConfigFile
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 2/1/12 1:59 PM, Chris Robison wrote:
>>>>>>>
>>>>>>> Yeah, it's the exact same exception.
>>>>>>>
>>>>>>>> On Wed, Feb 1, 2012 at 12:55 PM, Matt Pavlovich<ma...@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Are you getting the exact same exception? Your original exception
>>>>>>>> cause
>>>>>>>>
>>>>>>>> shows a null value for a key in that config:
>>>>>>>>>
>>>>>>>>> Caused by: java.io.IOException: Configuration Error:
>>>>>>>>> Line 6: expected [option key], found [null]
>>>>>>>>> at com.sun.security.auth.login.**********ConfigFile.match(**
>>>>>>>>> ConfigFile.******
>>>>>>>>> java:577)
>>>>>>>>> at
>>>>>>>>> com.sun.security.auth.login.**********ConfigFile.**
>>>>>>>>> parseLoginEntry(******ry(**
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
Re: Using LDAP login module
Posted by Chris Robison <ch...@gmail.com>.
Sweet! Now I'm getting an LDAP error, which is progress.
On Wed, Feb 1, 2012 at 1:56 PM, Matt Pavlovich <ma...@gmail.com> wrote:
> Ah, start w/ line 0.. that puts it at connectionPassword. Try adding " "
> around "Password!". The exclamation point may be throwing it off.
>
>
> On 2/1/12 2:47 PM, Chris Robison wrote:
>
>> The error says line 6 which in my login.config is connectionUsername.
>>
>> Chris
>>
>> On Wed, Feb 1, 2012 at 1:42 PM, Chris Robison<ch...@gmail.com>
>> >wrote:
>>
>> When I run it, I still get the error.
>>>
>>>
>>> On Wed, Feb 1, 2012 at 1:32 PM, Matt Pavlovich<ma...@gmail.com>
>>> wrote:
>>>
>>> Chris-
>>>>
>>>> I whipped up a quick unit test, and this passed. I set the
>>>> connectionProtocol=s, w/o quotes.
>>>>
>>>>
>>>> ldap-login {
>>>> org.apache.activemq.jaas.****LDAPLoginModule required
>>>> debug=true
>>>> initialContextFactory=com.sun.****jndi.ldap.LdapCtxFactory
>>>> connectionURL="ldap://dc101.****cdr.corp"
>>>>
>>>> connectionUsername="CN=AMQ Service User,CN=Users,DC=cdr,DC=corp"
>>>> connectionPassword=Password!
>>>> connectionProtocol=s
>>>>
>>>> authentication=simple
>>>> userBase="OU=Users,OU=****ActiveMQ,DC=cdr,DC=corp"
>>>> userSearchMatching="(****samaccountname={0})"
>>>> userSearchSubtree=false
>>>> roleBase="OU=Groups,OU=****ActiveMQ,DC=cdr,DC=corp"
>>>> roleName=cn
>>>> roleSearchMatching="(member={****0})"
>>>>
>>>> roleSearchSubtree=false
>>>> ;
>>>> };
>>>>
>>>>
>>>> On 2/1/12 2:24 PM, Chris Robison wrote:
>>>>
>>>> I can do that. I'll let you know.
>>>>>
>>>>> On Wed, Feb 1, 2012 at 1:19 PM, Matt Pavlovich<ma...@gmail.com>
>>>>> wrote:
>>>>>
>>>>> How comfortable are you with Java? The next step to try would be to
>>>>>
>>>>>> write
>>>>>> up a quick Java unit test that has the ConfigFile class try to
>>>>>> intialize
>>>>>> against your login.config file.
>>>>>>
>>>>>> See:
>>>>>>
>>>>>> com.sun.security.auth.login.******ConfigFile
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 2/1/12 1:59 PM, Chris Robison wrote:
>>>>>>
>>>>>> Yeah, it's the exact same exception.
>>>>>>
>>>>>>> On Wed, Feb 1, 2012 at 12:55 PM, Matt Pavlovich<ma...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Are you getting the exact same exception? Your original exception
>>>>>>> cause
>>>>>>>
>>>>>>> shows a null value for a key in that config:
>>>>>>>>
>>>>>>>>
>>>>>>>> Caused by: java.io.IOException: Configuration Error:
>>>>>>>> Line 6: expected [option key], found [null]
>>>>>>>> at com.sun.security.auth.login.**********ConfigFile.match(**
>>>>>>>> ConfigFile.******
>>>>>>>> java:577)
>>>>>>>> at
>>>>>>>> com.sun.security.auth.login.**********ConfigFile.**
>>>>>>>> parseLoginEntry(******ry(**
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
Re: Using LDAP login module
Posted by Matt Pavlovich <ma...@gmail.com>.
Ah, start w/ line 0.. that puts it at connectionPassword. Try adding "
" around "Password!". The exclamation point may be throwing it off.
On 2/1/12 2:47 PM, Chris Robison wrote:
> The error says line 6 which in my login.config is connectionUsername.
>
> Chris
>
> On Wed, Feb 1, 2012 at 1:42 PM, Chris Robison<ch...@gmail.com>wrote:
>
>> When I run it, I still get the error.
>>
>>
>> On Wed, Feb 1, 2012 at 1:32 PM, Matt Pavlovich<ma...@gmail.com> wrote:
>>
>>> Chris-
>>>
>>> I whipped up a quick unit test, and this passed. I set the
>>> connectionProtocol=s, w/o quotes.
>>>
>>>
>>> ldap-login {
>>> org.apache.activemq.jaas.**LDAPLoginModule required
>>> debug=true
>>> initialContextFactory=com.sun.**jndi.ldap.LdapCtxFactory
>>> connectionURL="ldap://dc101.**cdr.corp"
>>> connectionUsername="CN=AMQ Service User,CN=Users,DC=cdr,DC=corp"
>>> connectionPassword=Password!
>>> connectionProtocol=s
>>>
>>> authentication=simple
>>> userBase="OU=Users,OU=**ActiveMQ,DC=cdr,DC=corp"
>>> userSearchMatching="(**samaccountname={0})"
>>> userSearchSubtree=false
>>> roleBase="OU=Groups,OU=**ActiveMQ,DC=cdr,DC=corp"
>>> roleName=cn
>>> roleSearchMatching="(member={**0})"
>>> roleSearchSubtree=false
>>> ;
>>> };
>>>
>>>
>>> On 2/1/12 2:24 PM, Chris Robison wrote:
>>>
>>>> I can do that. I'll let you know.
>>>>
>>>> On Wed, Feb 1, 2012 at 1:19 PM, Matt Pavlovich<ma...@gmail.com>
>>>> wrote:
>>>>
>>>> How comfortable are you with Java? The next step to try would be to
>>>>> write
>>>>> up a quick Java unit test that has the ConfigFile class try to intialize
>>>>> against your login.config file.
>>>>>
>>>>> See:
>>>>>
>>>>> com.sun.security.auth.login.****ConfigFile
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 2/1/12 1:59 PM, Chris Robison wrote:
>>>>>
>>>>> Yeah, it's the exact same exception.
>>>>>> On Wed, Feb 1, 2012 at 12:55 PM, Matt Pavlovich<ma...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>> Are you getting the exact same exception? Your original exception
>>>>>> cause
>>>>>>
>>>>>>> shows a null value for a key in that config:
>>>>>>>
>>>>>>>
>>>>>>> Caused by: java.io.IOException: Configuration Error:
>>>>>>> Line 6: expected [option key], found [null]
>>>>>>> at com.sun.security.auth.login.********ConfigFile.match(**
>>>>>>> ConfigFile.******
>>>>>>> java:577)
>>>>>>> at
>>>>>>> com.sun.security.auth.login.********ConfigFile.**
>>>>>>> parseLoginEntry(******ry(**
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
Re: Using LDAP login module
Posted by Chris Robison <ch...@gmail.com>.
The error says line 6 which in my login.config is connectionUsername.
Chris
On Wed, Feb 1, 2012 at 1:42 PM, Chris Robison <ch...@gmail.com>wrote:
> When I run it, I still get the error.
>
>
> On Wed, Feb 1, 2012 at 1:32 PM, Matt Pavlovich <ma...@gmail.com> wrote:
>
>> Chris-
>>
>> I whipped up a quick unit test, and this passed. I set the
>> connectionProtocol=s, w/o quotes.
>>
>>
>> ldap-login {
>> org.apache.activemq.jaas.**LDAPLoginModule required
>> debug=true
>> initialContextFactory=com.sun.**jndi.ldap.LdapCtxFactory
>> connectionURL="ldap://dc101.**cdr.corp"
>> connectionUsername="CN=AMQ Service User,CN=Users,DC=cdr,DC=corp"
>> connectionPassword=Password!
>> connectionProtocol=s
>>
>> authentication=simple
>> userBase="OU=Users,OU=**ActiveMQ,DC=cdr,DC=corp"
>> userSearchMatching="(**samaccountname={0})"
>> userSearchSubtree=false
>> roleBase="OU=Groups,OU=**ActiveMQ,DC=cdr,DC=corp"
>> roleName=cn
>> roleSearchMatching="(member={**0})"
>> roleSearchSubtree=false
>> ;
>> };
>>
>>
>> On 2/1/12 2:24 PM, Chris Robison wrote:
>>
>>> I can do that. I'll let you know.
>>>
>>> On Wed, Feb 1, 2012 at 1:19 PM, Matt Pavlovich<ma...@gmail.com>
>>> wrote:
>>>
>>> How comfortable are you with Java? The next step to try would be to
>>>> write
>>>> up a quick Java unit test that has the ConfigFile class try to intialize
>>>> against your login.config file.
>>>>
>>>> See:
>>>>
>>>> com.sun.security.auth.login.****ConfigFile
>>>>
>>>>
>>>>
>>>>
>>>> On 2/1/12 1:59 PM, Chris Robison wrote:
>>>>
>>>> Yeah, it's the exact same exception.
>>>>>
>>>>> On Wed, Feb 1, 2012 at 12:55 PM, Matt Pavlovich<ma...@gmail.com>
>>>>> wrote:
>>>>>
>>>>> Are you getting the exact same exception? Your original exception
>>>>> cause
>>>>>
>>>>>> shows a null value for a key in that config:
>>>>>>
>>>>>>
>>>>>> Caused by: java.io.IOException: Configuration Error:
>>>>>> Line 6: expected [option key], found [null]
>>>>>> at com.sun.security.auth.login.********ConfigFile.match(**
>>>>>> ConfigFile.******
>>>>>> java:577)
>>>>>> at
>>>>>> com.sun.security.auth.login.********ConfigFile.**
>>>>>> parseLoginEntry(******ry(**
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>
Re: Using LDAP login module
Posted by Chris Robison <ch...@gmail.com>.
When I run it, I still get the error.
On Wed, Feb 1, 2012 at 1:32 PM, Matt Pavlovich <ma...@gmail.com> wrote:
> Chris-
>
> I whipped up a quick unit test, and this passed. I set the
> connectionProtocol=s, w/o quotes.
>
>
> ldap-login {
> org.apache.activemq.jaas.**LDAPLoginModule required
> debug=true
> initialContextFactory=com.sun.**jndi.ldap.LdapCtxFactory
> connectionURL="ldap://dc101.**cdr.corp"
> connectionUsername="CN=AMQ Service User,CN=Users,DC=cdr,DC=corp"
> connectionPassword=Password!
> connectionProtocol=s
>
> authentication=simple
> userBase="OU=Users,OU=**ActiveMQ,DC=cdr,DC=corp"
> userSearchMatching="(**samaccountname={0})"
> userSearchSubtree=false
> roleBase="OU=Groups,OU=**ActiveMQ,DC=cdr,DC=corp"
> roleName=cn
> roleSearchMatching="(member={**0})"
> roleSearchSubtree=false
> ;
> };
>
>
> On 2/1/12 2:24 PM, Chris Robison wrote:
>
>> I can do that. I'll let you know.
>>
>> On Wed, Feb 1, 2012 at 1:19 PM, Matt Pavlovich<ma...@gmail.com>
>> wrote:
>>
>> How comfortable are you with Java? The next step to try would be to
>>> write
>>> up a quick Java unit test that has the ConfigFile class try to intialize
>>> against your login.config file.
>>>
>>> See:
>>>
>>> com.sun.security.auth.login.****ConfigFile
>>>
>>>
>>>
>>>
>>> On 2/1/12 1:59 PM, Chris Robison wrote:
>>>
>>> Yeah, it's the exact same exception.
>>>>
>>>> On Wed, Feb 1, 2012 at 12:55 PM, Matt Pavlovich<ma...@gmail.com>
>>>> wrote:
>>>>
>>>> Are you getting the exact same exception? Your original exception
>>>> cause
>>>>
>>>>> shows a null value for a key in that config:
>>>>>
>>>>>
>>>>> Caused by: java.io.IOException: Configuration Error:
>>>>> Line 6: expected [option key], found [null]
>>>>> at com.sun.security.auth.login.********ConfigFile.match(**
>>>>> ConfigFile.******
>>>>> java:577)
>>>>> at
>>>>> com.sun.security.auth.login.********ConfigFile.**
>>>>> parseLoginEntry(******ry(**
>>>>>
>>>>>
>>>>>
>>>>>
Re: Using LDAP login module
Posted by Matt Pavlovich <ma...@gmail.com>.
Chris-
I whipped up a quick unit test, and this passed. I set the
connectionProtocol=s, w/o quotes.
ldap-login {
org.apache.activemq.jaas.LDAPLoginModule required
debug=true
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://dc101.cdr.corp"
connectionUsername="CN=AMQ Service User,CN=Users,DC=cdr,DC=corp"
connectionPassword=Password!
connectionProtocol=s
authentication=simple
userBase="OU=Users,OU=ActiveMQ,DC=cdr,DC=corp"
userSearchMatching="(samaccountname={0})"
userSearchSubtree=false
roleBase="OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp"
roleName=cn
roleSearchMatching="(member={0})"
roleSearchSubtree=false
;
};
On 2/1/12 2:24 PM, Chris Robison wrote:
> I can do that. I'll let you know.
>
> On Wed, Feb 1, 2012 at 1:19 PM, Matt Pavlovich<ma...@gmail.com> wrote:
>
>> How comfortable are you with Java? The next step to try would be to write
>> up a quick Java unit test that has the ConfigFile class try to intialize
>> against your login.config file.
>>
>> See:
>>
>> com.sun.security.auth.login.**ConfigFile
>>
>>
>>
>> On 2/1/12 1:59 PM, Chris Robison wrote:
>>
>>> Yeah, it's the exact same exception.
>>>
>>> On Wed, Feb 1, 2012 at 12:55 PM, Matt Pavlovich<ma...@gmail.com>
>>> wrote:
>>>
>>> Are you getting the exact same exception? Your original exception cause
>>>> shows a null value for a key in that config:
>>>>
>>>>
>>>> Caused by: java.io.IOException: Configuration Error:
>>>> Line 6: expected [option key], found [null]
>>>> at com.sun.security.auth.login.******ConfigFile.match(ConfigFile.******
>>>> java:577)
>>>> at
>>>> com.sun.security.auth.login.******ConfigFile.parseLoginEntry(******ry(**
>>>>
>>>>
>>>>
Re: Using LDAP login module
Posted by Chris Robison <ch...@gmail.com>.
I can do that. I'll let you know.
On Wed, Feb 1, 2012 at 1:19 PM, Matt Pavlovich <ma...@gmail.com> wrote:
> How comfortable are you with Java? The next step to try would be to write
> up a quick Java unit test that has the ConfigFile class try to intialize
> against your login.config file.
>
> See:
>
> com.sun.security.auth.login.**ConfigFile
>
>
>
> On 2/1/12 1:59 PM, Chris Robison wrote:
>
>> Yeah, it's the exact same exception.
>>
>> On Wed, Feb 1, 2012 at 12:55 PM, Matt Pavlovich<ma...@gmail.com>
>> wrote:
>>
>> Are you getting the exact same exception? Your original exception cause
>>> shows a null value for a key in that config:
>>>
>>>
>>> Caused by: java.io.IOException: Configuration Error:
>>> Line 6: expected [option key], found [null]
>>> at com.sun.security.auth.login.******ConfigFile.match(ConfigFile.******
>>> java:577)
>>> at
>>> com.sun.security.auth.login.******ConfigFile.parseLoginEntry(******ry(**
>>>
>>>
>>>
Re: Using LDAP login module
Posted by Matt Pavlovich <ma...@gmail.com>.
How comfortable are you with Java? The next step to try would be to
write up a quick Java unit test that has the ConfigFile class try to
intialize against your login.config file.
See:
com.sun.security.auth.login.ConfigFile
On 2/1/12 1:59 PM, Chris Robison wrote:
> Yeah, it's the exact same exception.
>
> On Wed, Feb 1, 2012 at 12:55 PM, Matt Pavlovich<ma...@gmail.com> wrote:
>
>> Are you getting the exact same exception? Your original exception cause
>> shows a null value for a key in that config:
>>
>>
>> Caused by: java.io.IOException: Configuration Error:
>> Line 6: expected [option key], found [null]
>> at com.sun.security.auth.login.****ConfigFile.match(ConfigFile.****
>> java:577)
>> at
>> com.sun.security.auth.login.****ConfigFile.parseLoginEntry(****ry(**
>>
>>
Re: Using LDAP login module
Posted by Chris Robison <ch...@gmail.com>.
Yeah, it's the exact same exception.
On Wed, Feb 1, 2012 at 12:55 PM, Matt Pavlovich <ma...@gmail.com> wrote:
> Are you getting the exact same exception? Your original exception cause
> shows a null value for a key in that config:
>
>
> Caused by: java.io.IOException: Configuration Error:
> Line 6: expected [option key], found [null]
> at com.sun.security.auth.login.****ConfigFile.match(ConfigFile.****
> java:577)
> at
> com.sun.security.auth.login.****ConfigFile.parseLoginEntry(****ry(**
>
>
Re: Using LDAP login module
Posted by Matt Pavlovich <ma...@gmail.com>.
Are you getting the exact same exception? Your original exception cause
shows a null value for a key in that config:
Caused by: java.io.IOException: Configuration Error:
Line 6: expected [option key], found [null]
at com.sun.security.auth.login.**ConfigFile.match(ConfigFile.**java:577)
at
com.sun.security.auth.login.**ConfigFile.parseLoginEntry(**ry(**
Re: Using LDAP login module
Posted by Chris Robison <ch...@gmail.com>.
No good. I should note that I'm combining LDAP authenticate with simple
authorization. Is that possible?
Chris
On Wed, Feb 1, 2012 at 12:42 PM, Matt Pavlovich <ma...@gmail.com> wrote:
> My bad.. the default is "s" in the ActiveMQ src. This is where you would
> specify "ssl" or not. I think the problem is that you have it empty, so
> its parsing as NULL, and you are getting the error. Try not setting it,
> and see if the default works for you.
>
>
> On 2/1/12 12:22 PM, Chris Robison wrote:
>
>> I'm trying to use the LDAP login module to tie into Active Directory.
>> Here's what my AMQ conf looks like:
>>
>> <plugins>
>> <jaasAuthenticationPlugin configuration="ldap-login" />
>> <authorizationPlugin>
>> <map>
>> <authorizationMap>
>> <authorizationEntries>
>> <authorizationEntry queue=">" read="MQCoreAdmin" write="MQCoreAdmin"
>> admin="MQCoreAdmin" />
>> <authorizationEntry topic=">" read="MQCoreAdmin" write="MQCoreAdmin"
>> admin="MQCoreAdmin" />
>> </authorizationEntries>
>> </authorizationMap>
>> </map>
>> </authorizationPlugin>
>> </plugins>
>>
>> Here is what the login.config looks like:
>>
>> ldap-login {
>> org.apache.activemq.jaas.**LDAPLoginModule required
>> debug=true
>> initialContextFactory=com.sun.**jndi.ldap.LdapCtxFactory
>> connectionURL="ldap://dc101.**cdr.corp"
>> connectionUsername="CN=AMQ Service User,CN=Users,DC=cdr,DC=corp"
>> connectionPassword=Password!
>> connectionProtocol=""
>> authentication=simple
>> userBase="OU=Users,OU=**ActiveMQ,DC=cdr,DC=corp"
>> userSearchMatching="(**samaccountname={0})"
>> userSearchSubtree=false
>> roleBase="OU=Groups,OU=**ActiveMQ,DC=cdr,DC=corp"
>> roleName=cn
>> roleSearchMatching="(member={**0})"
>> roleSearchSubtree=false
>> ;
>> };
>>
>> I'm trying to simply connect another broker to this broker. Here is the
>> network connector config that I'm using on the second broker:
>>
>> <networkConnectors>
>> <networkConnector uri="static:(tcp://localhost:**61616)"
>> duplex="true" userName="mqsiteuser1" password="Password!"/>
>> </networkConnectors>
>>
>> Here's the exception I'm getting in the logs:
>>
>> 2012-02-01 11:14:07,064 | WARN | Failed to add Connection
>> ID:ubuntu1-54051-**1328120046405-2:1, reason:
>> java.lang.SecurityException:
>> User name or password is invalid. |
>> org.apache.activemq.broker.**TransportConnection | ActiveMQ Transport:
>> tcp:///
>> 127.0.0.1:45176
>> 2012-02-01 11:14:07,070 | DEBUG | Exception detail: |
>> org.apache.activemq.broker.**TransportConnection | ActiveMQ Transport:
>> tcp:///
>> 127.0.0.1:45176
>> java.lang.SecurityException: User name or password is invalid.
>> at
>> org.apache.activemq.security.**JaasAuthenticationBroker.**addConnection(*
>> *JaasAuthenticationBroker.java:**83)
>> at
>> org.apache.activemq.broker.**BrokerFilter.addConnection(**
>> BrokerFilter.java:85)
>> at
>> org.apache.activemq.broker.**MutableBrokerFilter.**addConnection(**
>> MutableBrokerFilter.java:91)
>> at
>> org.apache.activemq.broker.**TransportConnection.**processAddConnection(*
>> *TransportConnection.java:692)
>> at org.apache.activemq.command.**ConnectionInfo.visit(**
>> ConnectionInfo.java:137)
>> at
>> org.apache.activemq.broker.**TransportConnection.service(**
>> TransportConnection.java:306)
>> at
>> org.apache.activemq.broker.**TransportConnection$1.**
>> onCommand(TransportConnection.**java:179)
>> at
>> org.apache.activemq.transport.**ResponseCorrelator.onCommand(**
>> ResponseCorrelator.java:116)
>> at
>> org.apache.activemq.transport.**TransportFilter.onCommand(**
>> TransportFilter.java:69)
>> at
>> org.apache.activemq.transport.**vm.VMTransport.dispatch(**
>> VMTransport.java:121)
>> at org.apache.activemq.transport.**vm.VMTransport.oneway(**
>> VMTransport.java:112)
>> at
>> org.apache.activemq.transport.**MutexTransport.oneway(**
>> MutexTransport.java:40)
>> at
>> org.apache.activemq.transport.**ResponseCorrelator.oneway(**
>> ResponseCorrelator.java:60)
>> at
>> org.apache.activemq.network.**DemandForwardingBridgeSupport.**
>> serviceRemoteCommand(**DemandForwardingBridgeSupport.**java:516)
>> at
>> org.apache.activemq.network.**DemandForwardingBridgeSupport$**
>> 2.onCommand(**DemandForwardingBridgeSupport.**java:165)
>> at
>> org.apache.activemq.transport.**ResponseCorrelator.onCommand(**
>> ResponseCorrelator.java:116)
>> at
>> org.apache.activemq.transport.**TransportFilter.onCommand(**
>> TransportFilter.java:69)
>> at
>> org.apache.activemq.transport.**WireFormatNegotiator.**onCommand(**
>> WireFormatNegotiator.java:113)
>> at
>> org.apache.activemq.transport.**InactivityMonitor.onCommand(**
>> InactivityMonitor.java:227)
>> at
>> org.apache.activemq.transport.**TransportSupport.doConsume(**
>> TransportSupport.java:83)
>> at
>> org.apache.activemq.transport.**tcp.TcpTransport.doRun(**
>> TcpTransport.java:220)
>> at org.apache.activemq.transport.**tcp.TcpTransport.run(**
>> TcpTransport.java:202)
>> at java.lang.Thread.run(Thread.**java:679)
>> Caused by: java.lang.SecurityException: Configuration Error:
>> Line 6: expected [option key], found [null]
>> at com.sun.security.auth.login.**ConfigFile.<init>(ConfigFile.**java:110)
>> at sun.reflect.**NativeConstructorAccessorImpl.**newInstance0(Native
>> Method)
>> at
>> sun.reflect.**NativeConstructorAccessorImpl.**newInstance(**
>> NativeConstructorAccessorImpl.**java:57)
>> at
>> sun.reflect.**DelegatingConstructorAccessorI**mpl.newInstance(**
>> DelegatingConstructorAccessorI**mpl.java:45)
>> at java.lang.reflect.Constructor.**newInstance(Constructor.java:**532)
>> at java.lang.Class.newInstance0(**Class.java:372)
>> at java.lang.Class.newInstance(**Class.java:325)
>> at javax.security.auth.login.**Configuration$3.run(**
>> Configuration.java:264)
>> at javax.security.auth.login.**Configuration$3.run(**
>> Configuration.java:260)
>> at java.security.**AccessController.doPrivileged(**Native Method)
>> at
>> javax.security.auth.login.**Configuration.**getConfiguration(**
>> Configuration.java:259)
>> at javax.security.auth.login.**LoginContext$1.run(**
>> LoginContext.java:254)
>> at javax.security.auth.login.**LoginContext$1.run(**
>> LoginContext.java:252)
>> at java.security.**AccessController.doPrivileged(**Native Method)
>> at javax.security.auth.login.**LoginContext.init(**LoginContext.java:251)
>> at javax.security.auth.login.**LoginContext.<init>(**
>> LoginContext.java:418)
>> at
>> org.apache.activemq.security.**JaasAuthenticationBroker.**addConnection(*
>> *JaasAuthenticationBroker.java:**75)
>> ... 22 more
>> Caused by: java.io.IOException: Configuration Error:
>> Line 6: expected [option key], found [null]
>> at com.sun.security.auth.login.**ConfigFile.match(ConfigFile.**java:577)
>> at
>> com.sun.security.auth.login.**ConfigFile.parseLoginEntry(**
>> ConfigFile.java:440)
>> at com.sun.security.auth.login.**ConfigFile.readConfig(**
>> ConfigFile.java:383)
>> at com.sun.security.auth.login.**ConfigFile.init(ConfigFile.**java:283)
>> at com.sun.security.auth.login.**ConfigFile.init(ConfigFile.**java:219)
>> at com.sun.security.auth.login.**ConfigFile.<init>(ConfigFile.**java:108)
>> ... 38 more
>>
>> I'm not understanding the Configuration Error. What is it expecting that
>> I'm not giving it? Any help would be appreciated.
>>
>> Thanks,
>> Chris
>>
>>
Re: Using LDAP login module
Posted by Matt Pavlovich <ma...@gmail.com>.
My bad.. the default is "s" in the ActiveMQ src. This is where you
would specify "ssl" or not. I think the problem is that you have it
empty, so its parsing as NULL, and you are getting the error. Try not
setting it, and see if the default works for you.
On 2/1/12 12:22 PM, Chris Robison wrote:
> I'm trying to use the LDAP login module to tie into Active Directory.
> Here's what my AMQ conf looks like:
>
> <plugins>
> <jaasAuthenticationPlugin configuration="ldap-login" />
> <authorizationPlugin>
> <map>
> <authorizationMap>
> <authorizationEntries>
> <authorizationEntry queue=">" read="MQCoreAdmin" write="MQCoreAdmin"
> admin="MQCoreAdmin" />
> <authorizationEntry topic=">" read="MQCoreAdmin" write="MQCoreAdmin"
> admin="MQCoreAdmin" />
> </authorizationEntries>
> </authorizationMap>
> </map>
> </authorizationPlugin>
> </plugins>
>
> Here is what the login.config looks like:
>
> ldap-login {
> org.apache.activemq.jaas.LDAPLoginModule required
> debug=true
> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
> connectionURL="ldap://dc101.cdr.corp"
> connectionUsername="CN=AMQ Service User,CN=Users,DC=cdr,DC=corp"
> connectionPassword=Password!
> connectionProtocol=""
> authentication=simple
> userBase="OU=Users,OU=ActiveMQ,DC=cdr,DC=corp"
> userSearchMatching="(samaccountname={0})"
> userSearchSubtree=false
> roleBase="OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp"
> roleName=cn
> roleSearchMatching="(member={0})"
> roleSearchSubtree=false
> ;
> };
>
> I'm trying to simply connect another broker to this broker. Here is the
> network connector config that I'm using on the second broker:
>
> <networkConnectors>
> <networkConnector uri="static:(tcp://localhost:61616)"
> duplex="true" userName="mqsiteuser1" password="Password!"/>
> </networkConnectors>
>
> Here's the exception I'm getting in the logs:
>
> 2012-02-01 11:14:07,064 | WARN | Failed to add Connection
> ID:ubuntu1-54051-1328120046405-2:1, reason: java.lang.SecurityException:
> User name or password is invalid. |
> org.apache.activemq.broker.TransportConnection | ActiveMQ Transport: tcp:///
> 127.0.0.1:45176
> 2012-02-01 11:14:07,070 | DEBUG | Exception detail: |
> org.apache.activemq.broker.TransportConnection | ActiveMQ Transport: tcp:///
> 127.0.0.1:45176
> java.lang.SecurityException: User name or password is invalid.
> at
> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
> at
> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
> at
> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:91)
> at
> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:692)
> at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:137)
> at
> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:306)
> at
> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:179)
> at
> org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116)
> at
> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
> at
> org.apache.activemq.transport.vm.VMTransport.dispatch(VMTransport.java:121)
> at org.apache.activemq.transport.vm.VMTransport.oneway(VMTransport.java:112)
> at
> org.apache.activemq.transport.MutexTransport.oneway(MutexTransport.java:40)
> at
> org.apache.activemq.transport.ResponseCorrelator.oneway(ResponseCorrelator.java:60)
> at
> org.apache.activemq.network.DemandForwardingBridgeSupport.serviceRemoteCommand(DemandForwardingBridgeSupport.java:516)
> at
> org.apache.activemq.network.DemandForwardingBridgeSupport$2.onCommand(DemandForwardingBridgeSupport.java:165)
> at
> org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116)
> at
> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
> at
> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
> at
> org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:227)
> at
> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
> at
> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:220)
> at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:202)
> at java.lang.Thread.run(Thread.java:679)
> Caused by: java.lang.SecurityException: Configuration Error:
> Line 6: expected [option key], found [null]
> at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:110)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
> at java.lang.Class.newInstance0(Class.java:372)
> at java.lang.Class.newInstance(Class.java:325)
> at javax.security.auth.login.Configuration$3.run(Configuration.java:264)
> at javax.security.auth.login.Configuration$3.run(Configuration.java:260)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> javax.security.auth.login.Configuration.getConfiguration(Configuration.java:259)
> at javax.security.auth.login.LoginContext$1.run(LoginContext.java:254)
> at javax.security.auth.login.LoginContext$1.run(LoginContext.java:252)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.login.LoginContext.init(LoginContext.java:251)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:418)
> at
> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:75)
> ... 22 more
> Caused by: java.io.IOException: Configuration Error:
> Line 6: expected [option key], found [null]
> at com.sun.security.auth.login.ConfigFile.match(ConfigFile.java:577)
> at
> com.sun.security.auth.login.ConfigFile.parseLoginEntry(ConfigFile.java:440)
> at com.sun.security.auth.login.ConfigFile.readConfig(ConfigFile.java:383)
> at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:283)
> at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:219)
> at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:108)
> ... 38 more
>
> I'm not understanding the Configuration Error. What is it expecting that
> I'm not giving it? Any help would be appreciated.
>
> Thanks,
> Chris
>
Re: Using LDAP login module
Posted by Matt Pavlovich <ma...@gmail.com>.
Chris-
Try adding "s" to the connectionProtocol value, so it'd read
connectionProtocol="s". I think that's for "simple", as in clear text
password to auth against LDAP.
Matt
On 2/1/12 12:22 PM, Chris Robison wrote:
> I'm trying to use the LDAP login module to tie into Active Directory.
> Here's what my AMQ conf looks like:
>
> <plugins>
> <jaasAuthenticationPlugin configuration="ldap-login" />
> <authorizationPlugin>
> <map>
> <authorizationMap>
> <authorizationEntries>
> <authorizationEntry queue=">" read="MQCoreAdmin" write="MQCoreAdmin"
> admin="MQCoreAdmin" />
> <authorizationEntry topic=">" read="MQCoreAdmin" write="MQCoreAdmin"
> admin="MQCoreAdmin" />
> </authorizationEntries>
> </authorizationMap>
> </map>
> </authorizationPlugin>
> </plugins>
>
> Here is what the login.config looks like:
>
> ldap-login {
> org.apache.activemq.jaas.LDAPLoginModule required
> debug=true
> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
> connectionURL="ldap://dc101.cdr.corp"
> connectionUsername="CN=AMQ Service User,CN=Users,DC=cdr,DC=corp"
> connectionPassword=Password!
> connectionProtocol=""
> authentication=simple
> userBase="OU=Users,OU=ActiveMQ,DC=cdr,DC=corp"
> userSearchMatching="(samaccountname={0})"
> userSearchSubtree=false
> roleBase="OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp"
> roleName=cn
> roleSearchMatching="(member={0})"
> roleSearchSubtree=false
> ;
> };
>
> I'm trying to simply connect another broker to this broker. Here is the
> network connector config that I'm using on the second broker:
>
> <networkConnectors>
> <networkConnector uri="static:(tcp://localhost:61616)"
> duplex="true" userName="mqsiteuser1" password="Password!"/>
> </networkConnectors>
>
> Here's the exception I'm getting in the logs:
>
> 2012-02-01 11:14:07,064 | WARN | Failed to add Connection
> ID:ubuntu1-54051-1328120046405-2:1, reason: java.lang.SecurityException:
> User name or password is invalid. |
> org.apache.activemq.broker.TransportConnection | ActiveMQ Transport: tcp:///
> 127.0.0.1:45176
> 2012-02-01 11:14:07,070 | DEBUG | Exception detail: |
> org.apache.activemq.broker.TransportConnection | ActiveMQ Transport: tcp:///
> 127.0.0.1:45176
> java.lang.SecurityException: User name or password is invalid.
> at
> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
> at
> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
> at
> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:91)
> at
> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:692)
> at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:137)
> at
> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:306)
> at
> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:179)
> at
> org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116)
> at
> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
> at
> org.apache.activemq.transport.vm.VMTransport.dispatch(VMTransport.java:121)
> at org.apache.activemq.transport.vm.VMTransport.oneway(VMTransport.java:112)
> at
> org.apache.activemq.transport.MutexTransport.oneway(MutexTransport.java:40)
> at
> org.apache.activemq.transport.ResponseCorrelator.oneway(ResponseCorrelator.java:60)
> at
> org.apache.activemq.network.DemandForwardingBridgeSupport.serviceRemoteCommand(DemandForwardingBridgeSupport.java:516)
> at
> org.apache.activemq.network.DemandForwardingBridgeSupport$2.onCommand(DemandForwardingBridgeSupport.java:165)
> at
> org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116)
> at
> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
> at
> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
> at
> org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:227)
> at
> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
> at
> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:220)
> at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:202)
> at java.lang.Thread.run(Thread.java:679)
> Caused by: java.lang.SecurityException: Configuration Error:
> Line 6: expected [option key], found [null]
> at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:110)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
> at java.lang.Class.newInstance0(Class.java:372)
> at java.lang.Class.newInstance(Class.java:325)
> at javax.security.auth.login.Configuration$3.run(Configuration.java:264)
> at javax.security.auth.login.Configuration$3.run(Configuration.java:260)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> javax.security.auth.login.Configuration.getConfiguration(Configuration.java:259)
> at javax.security.auth.login.LoginContext$1.run(LoginContext.java:254)
> at javax.security.auth.login.LoginContext$1.run(LoginContext.java:252)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.login.LoginContext.init(LoginContext.java:251)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:418)
> at
> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:75)
> ... 22 more
> Caused by: java.io.IOException: Configuration Error:
> Line 6: expected [option key], found [null]
> at com.sun.security.auth.login.ConfigFile.match(ConfigFile.java:577)
> at
> com.sun.security.auth.login.ConfigFile.parseLoginEntry(ConfigFile.java:440)
> at com.sun.security.auth.login.ConfigFile.readConfig(ConfigFile.java:383)
> at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:283)
> at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:219)
> at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:108)
> ... 38 more
>
> I'm not understanding the Configuration Error. What is it expecting that
> I'm not giving it? Any help would be appreciated.
>
> Thanks,
> Chris
>