You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by qbeardn <bo...@msn.com> on 2010/08/20 17:46:22 UTC

Re: LDAP Authorization

We are also trying to use LDAP for user authentication and message
authorization.  A co-worker of mine found a mismatch between the code and
documentation [1]. 

After assorted code and configuration tweaks, he has arrived at what seems
like a reasonable set of changes and also has a way to authorize message by
queue/topic provided they are predefined.  I am aware that JMS does not
allow wild-carded destinations (though ActiveMQ does), and we are looking
for a way to make use of that in our authorization.  We are considering
creating a new AuthorizationMap that would reuse much of LDAPAuthorization,
but it seems to me that there is likely a solution which we are just not
finding.

Any help out there?

thanks, bob

 [1] For example, on
    http://activemq.apache.org/security.html
in the section
   LDAP Authentication Using the JAAS Plugin 
the configuration parameter
    topicSearchMatching
must have been updated to
    topicSearchMatchingFormat
which is a MessageFormat in ActiveMQ 5.3.2.



lhays wrote:
> 
> I am trying to prototype the use of ActiveMQ and openLDAP, and I am new to
> both applications.
> I see there are issues with the LDAPAuthorizationMap, (AMQ-826).
> I have successfully connected and sent messages/topics through a message
> broker using simpleAuthentication and authorizationEntries, (FUSE
> 5.3.0.5).
> I tried two different authentication/authorization configurations with
> LDAP: 
>    - authentication/authorization with LDAP
>    - authentication with LDAP and authorization with the activemq.xml
> I receive an error on start up when using a LDAPAuthorizationMap, (No
> property "topicSearchFormat" found).
> I receive authorization errors for Advisory Connection topics when I try
> to authorize with the activemq.xml.
> 
> I have 2 questions:
> 1. Is there another way to retrieve topic authorization from an LDAP
> source?
> 2. What configuration allows you to authenticate using JAAS/LDAP but
> authorize using the activemq.xml settings?
> 
> 
> Thanks,
> Lawrence
> 
> lhays03@gmail.com
> 
> 
> ngcutura wrote:
>> 
>> There is an issue associated with this (AMQ-826). Conversation has moved
>> there.
>> 
>> First version is already included in AMQ (SVN and daily snapshots). I
>> have new version that is complete but I need to finish unit tests before
>> I send the patch.
>> 
>> Regards,
>> NGC
>> 
>> 
>> Sagi Mann wrote:
>>> 
>>> Hi, are there any news on this? Could you provide the link to your
>>> thread in the dev forum?
>>> 
>>> 
>>> 
>> 
>> 
> 
> 

-- 
View this message in context: http://old.nabble.com/LDAP-Authorization-tp4861283p29493119.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.