Return-Path: 
 <users-return-13849-apmail-activemq-users-archive=activemq.apache.org@activemq.apache.org>
Delivered-To: apmail-activemq-users-archive@www.apache.org
Received: (qmail 65218 invoked from network); 2 May 2008 02:40:07 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 2 May 2008 02:40:07 -0000
Received: (qmail 43118 invoked by uid 500); 2 May 2008 02:40:07 -0000
Delivered-To: apmail-activemq-users-archive@activemq.apache.org
Received: (qmail 43093 invoked by uid 500); 2 May 2008 02:40:07 -0000
Mailing-List: contact users-help@activemq.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@activemq.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@activemq.apache.org>
List-Post: <mailto:users@activemq.apache.org>
List-Id: <users.activemq.apache.org>
Reply-To: users@activemq.apache.org
Delivered-To: mailing list users@activemq.apache.org
Received: (qmail 43073 invoked by uid 99); 2 May 2008 02:40:07 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 May 2008 19:40:07 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of bkc@murkworks.com designates
 24.213.139.38 as permitted sender)
Received: from [24.213.139.38] (HELO fire.murkworks.com) (24.213.139.38)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 May 2008 02:39:20 +0000
Received: from fire.murkworks.com (localhost [127.0.0.1])
	by fire.murkworks.com (8.14.1/8.14.1/Debian-8ubuntu1) with ESMTP id
 m422dWSY028530
	for <users@activemq.apache.org>; Thu, 1 May 2008 22:39:32 -0400
Message-ID: <481A7EE4.80600@murkworks.com>
Date: Thu, 01 May 2008 22:39:32 -0400
From: Brad Clements <bkc@murkworks.com>
Organization: MurkWorks Inc
User-Agent: Thunderbird 2.0.0.12 (X11/20080227)
MIME-Version: 1.0
To: users@activemq.apache.org
Subject: Where to find example ldap authorization setup?
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

Hi,


I'm just starting with the 5.2 snapshot today. I know very little about 
activemq. The release notes for 5.2 suggest that ldap authorization is 
working.

I want to use the http servlet and REST interface. But processes must 
authenticate before being able to send or receive. I need to 
authenticate with ldap.

There is surprisingly little detail on the website about how to 
configure ldap authentication. Not much in the mailing list archive either.

I really need an explicit example of how to set it up. I don't even know 
where exactly to specify the ldapAuthorizationMap information.

Here's what I did:


1. unpack the 5.2 snapshot

2. edit conf/activemq.xml

3. Add a plugins section in the only broker section I see in the 
provided activemq.xml file (this is probably why its not working)

it looks like:

    <broker xmlns="http://activemq.apache.org/schema/core" 
brokerName="localhost" dataDirectory="${activemq.base}/data">
        <plugins>
                <authorizationPlugin>
                  <map>
                        <ldapAuthorizationMap>
                          <options>
                                <property name="initialContextFactory" 
value="com.sun.jndi.ldap.LdapCtxFactory"/>
                                <property name="connectionURL" 
value="ldap://redacted"/>
                                <property name="authentication" 
value="simple"/>
                                <property name="connectionUsername" 
value="redacted"/>
                                <property name="connectionPassword" 
value="redacted"/>
                                <property name="connectionProtocol" 
value="s"/>
                                <property name="topicSearchMatching" 
value="uid={0},ou=topics,ou=destinations,o=ActiveMQ,redacted"/>
                                <property name="topicSearchSubtree" 
value="true"/>
                                <property name="queueSearchMatching" 
value="uid={0},ou=queues,ou=destinations,o=ActiveMQ,redacted"/>
                                <property name="queueSearchSubtree" 
value="true"/>
                                <property name="adminBase" 
value="(cn=admin)"/>
                                <property name="adminAttribute" 
value="uniqueMember"/>
                                <property name="readBase" 
value="(cn=read)"/>
                                <property name="readAttribute" 
value="uniqueMember"/>
                                <property name="writeBase" 
value="(cn=write)"/>
                                <property name="writeAttribute" 
value="uniqueMember"/>
                          </options>
                        </ldapAuthorizationMap>
                  </map>
                </authorizationPlugin>
        </plugins>


4. on startup I get this stack trace:

        ERROR: java.lang.RuntimeException: Failed to execute start task. 
Reason: org.springframework.beans.factory.BeanDefinitionStoreException: 
Unrecognized xbean element mapping: ldapAuthorizationMap in namespace 
http://activemq.apache.org/schema/core
        java.lang.RuntimeException: Failed to execute start task. 
Reason: org.springframework.beans.factory.BeanDefinitionStoreException: 
Unrecognized xbean element mapping: ldapAuthorizationMap in namespace 
http://activemq.apache.org/schema/core
                at 
org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:99)
                at 
org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
                at 
org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:104)
                at 
org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
                at 
org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:76)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method)
                at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)


Perhaps I need to install another jar?

http://activemq.apache.org/initial-configuration.html

doesn't say anything about additional JAAS jars or ldap..

I'm sorry if this is a faq. I know nothing about spring, and little 
about java.

the example/conf/activemq.xml file is even simpler than the 
conf/activemq.xml file, so there's nothing there that's helpful.

I see mentions of needing a Jaas config, but I just can't seem to tie 
together all the steps needed to make it work.

Does anyone have a complete example of how to get ldap authentication to 
work?

Thanks


-- 
Brad Clements,                bkc@murkworks.com    (315)268-1000
http://www.murkworks.com                          
AOL-IM: BKClements