activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amit Kumar (JIRA)" <j...@apache.org>
Subject [jira] Created: (AMQ-3063) Security: LDAPLoginModule: User role search does not work if connectionUsername and connectionPassword are not specified
Date Wed, 01 Dec 2010 15:28:12 GMT
Security: LDAPLoginModule: User role search does not work if connectionUsername and connectionPassword
are not specified
------------------------------------------------------------------------------------------------------------------------

                 Key: AMQ-3063
                 URL: https://issues.apache.org/jira/browse/AMQ-3063
             Project: ActiveMQ
          Issue Type: Improvement
    Affects Versions: 5.3.0
         Environment: LDAP/AD
            Reporter: Amit Kumar
            Priority: Minor


LDAPLoginModule authenticate() method calls bindUser() for authentication and then immediately
after that, it calls getRoles() to fetch the roles for the user based on the specified role
search criteria. Note that the bindUser() removes the "java.security.principal" environment
if no connectionUsername/password is provided. Calling getRoles() after that does not work
because it needs the security principal in the environment to perform the role search.

A sample JAAS Login configuration is provided below -

TestLogin {
    org.apache.activemq.jaas.LDAPLoginModule required
        debug=false
        initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
        connectionURL="ldap://somehost:389"
        connectionProtocol=""
        authentication=simple
        userBase="OU=users,O=domain"
        userSearchMatching="(uid={0})"
        userSearchSubtree=true
        userRoleName="memberOf"
        roleName="CN"
        roleBase="OU=Groups,O=domain"
        roleSearchMatching="member={0}"
        roleSearchSubtree=true
        ;
};

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message