activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Claus Ibsen (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMQ-3063) Security: LDAPLoginModule: User role search does not work if connectionUsername and connectionPassword are not specified
Date Sat, 02 Nov 2013 20:43:17 GMT

     [ https://issues.apache.org/jira/browse/AMQ-3063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Claus Ibsen updated AMQ-3063:
-----------------------------

    Fix Version/s: NEEDS_REVIEWED

> Security: LDAPLoginModule: User role search does not work if connectionUsername and connectionPassword
are not specified
> ------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-3063
>                 URL: https://issues.apache.org/jira/browse/AMQ-3063
>             Project: ActiveMQ
>          Issue Type: Improvement
>    Affects Versions: 5.3.0
>         Environment: LDAP/AD
>            Reporter: Amit Kumar
>            Priority: Minor
>             Fix For: NEEDS_REVIEWED
>
>
> LDAPLoginModule authenticate() method calls bindUser() for authentication and then immediately
after that, it calls getRoles() to fetch the roles for the user based on the specified role
search criteria. Note that the bindUser() removes the "java.security.principal" environment
if no connectionUsername/password is provided. Calling getRoles() after that does not work
because it needs the security principal in the environment to perform the role search.
> A sample JAAS Login configuration is provided below -
> TestLogin {
>     org.apache.activemq.jaas.LDAPLoginModule required
>         debug=false
>         initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
>         connectionURL="ldap://somehost:389"
>         connectionProtocol=""
>         authentication=simple
>         userBase="OU=users,O=domain"
>         userSearchMatching="(uid={0})"
>         userSearchSubtree=true
>         userRoleName="memberOf"
>         roleName="CN"
>         roleBase="OU=Groups,O=domain"
>         roleSearchMatching="member={0}"
>         roleSearchSubtree=true
>         ;
> };



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message