Return-Path: Delivered-To: apmail-activemq-users-archive@www.apache.org Received: (qmail 50740 invoked from network); 6 Jun 2008 20:24:37 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Jun 2008 20:24:37 -0000 Received: (qmail 9358 invoked by uid 500); 6 Jun 2008 20:24:39 -0000 Delivered-To: apmail-activemq-users-archive@activemq.apache.org Received: (qmail 9339 invoked by uid 500); 6 Jun 2008 20:24:39 -0000 Mailing-List: contact users-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@activemq.apache.org Delivered-To: mailing list users@activemq.apache.org Received: (qmail 9327 invoked by uid 99); 6 Jun 2008 20:24:39 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Jun 2008 13:24:39 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of minfrin@sharp.fm designates 72.32.122.47 as permitted sender) Received: from [72.32.122.47] (HELO chandler.sharp.fm) (72.32.122.47) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Jun 2008 20:23:40 +0000 Received: from chandler.sharp.fm (localhost [127.0.0.1]) by chandler.sharp.fm (Postfix) with ESMTP id 729B613000B for ; Fri, 6 Jun 2008 15:24:02 -0500 (CDT) Received: from 87-194-125-14.bethere.co.uk (87-194-125-14.bethere.co.uk [87.194.125.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: minfrin@sharp.fm) by chandler.sharp.fm (Postfix) with ESMTP id 8380CDC011 for ; Fri, 6 Jun 2008 15:24:01 -0500 (CDT) Message-ID: <48499CDE.3010400@sharp.fm> Date: Fri, 06 Jun 2008 22:23:58 +0200 From: Graham Leggett User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421) MIME-Version: 1.0 To: users@activemq.apache.org Subject: LDAP JAAS minefield Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms060103000305060906060303" X-Virus-Scanned: ClamAV using ClamSMTP X-Virus-Checked: Checked by ClamAV on apache.org --------------ms060103000305060906060303 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi all, A quick Google search to find a straightforward explanation on how to authenticate activemq against an LDAP server uncovered the following message: http://osdir.com/ml/java.activemq.user/2006-05/msg00556.html Following the message resulted in no luck, the server refused to start, with the following exception below. Looking in source code for http://svn.apache.org/repos/asf/activemq/trunk/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java for some clues in the source code comments was pointless: there are none at all. Neither is there any kind of meaningful error checking. Has anyone successfully authenticated activemq against LDAP? Does documentation exist anywhere for this code? Caused by: javax.security.auth.login.LoginException: java.lang.NullPointerException at java.lang.String.(String.java:176) at org.apache.activemq.jaas.LDAPLoginModule.login(LDAPLoginModule.java:134) at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:76) at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:88) at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:662) at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86) at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125) at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:292) at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:180) at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68) at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:143) at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:206) at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84) at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:196) at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:183) at java.lang.Thread.run(Thread.java:619) Regards, Graham -- --------------ms060103000305060906060303 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJNTCC AvUwggJeoAMCAQICEAxljuBYvPVR3WhH6nkbTPowDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MTAxNDEyMzQyMVoX DTA4MTAxMzEyMzQyMVowXTEQMA4GA1UEBBMHTGVnZ2V0dDEPMA0GA1UEKhMGR3JhaGFtMRcw FQYDVQQDEw5HcmFoYW0gTGVnZ2V0dDEfMB0GCSqGSIb3DQEJARYQbWluZnJpbkBzaGFycC5m bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLUMqDEkhgiT7ePdkErBVE2tND+ 6C8ElWEOaCSdbAlvwUXgKFzIR7zaD6c1CS2czmBslMwEb3LJHPWjgPN497wSERghkeAa+Fyw WqydJr+6WE1G67wHsg67tmGPAxG0Lf6eKpsiyh+u0ojKk4n0mRZ6HQxu6PqZYzJ2vOrT4gYz uVlz4O8TRhHOXGKqclCTxVOfEQMS3AmKDkdkNKJxgkrXSCDZ3mWs1K7yuZ6f0/30Z6AvseTF N7CWPD7uuf5TvaVd5luOYiprUTl+u+0+CHjG4uiug54FZAyID5N7cMJy6iBRHPfLk4cU+Ksi R99WkanPHb9wVQ2F34S+7yGdwqECAwEAAaMtMCswGwYDVR0RBBQwEoEQbWluZnJpbkBzaGFy cC5mbTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBAB76lZ2i2DDcVPlrcDWPrGIk mcZSoWm/7HLRvws4+jbZ++bczzUruhm1t410Z8oj95sU5pQ83SoGS3RXAn/+TX0cpgNtx4Sw J+Nfhvey2w1TE/NLlN3n7q0m7Bm4j4+zNKXLjFj6B30Ifce8qHw7l69MSVcKoJiyd8EMM4q8 Dm+wMIIC9TCCAl6gAwIBAgIQDGWO4Fi89VHdaEfqeRtM+jANBgkqhkiG9w0BAQUFADBiMQsw CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoG A1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDcxMDE0MTIz NDIxWhcNMDgxMDEzMTIzNDIxWjBdMRAwDgYDVQQEEwdMZWdnZXR0MQ8wDQYDVQQqEwZHcmFo YW0xFzAVBgNVBAMTDkdyYWhhbSBMZWdnZXR0MR8wHQYJKoZIhvcNAQkBFhBtaW5mcmluQHNo YXJwLmZtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstQyoMSSGCJPt492QSsF UTa00P7oLwSVYQ5oJJ1sCW/BReAoXMhHvNoPpzUJLZzOYGyUzARvcskc9aOA83j3vBIRGCGR 4Br4XLBarJ0mv7pYTUbrvAeyDru2YY8DEbQt/p4qmyLKH67SiMqTifSZFnodDG7o+pljMna8 6tPiBjO5WXPg7xNGEc5cYqpyUJPFU58RAxLcCYoOR2Q0onGCStdIINneZazUrvK5np/T/fRn oC+x5MU3sJY8Pu65/lO9pV3mW45iKmtROX677T4IeMbi6K6DngVkDIgPk3twwnLqIFEc98uT hxT4qyJH31aRqc8dv3BVDYXfhL7vIZ3CoQIDAQABoy0wKzAbBgNVHREEFDASgRBtaW5mcmlu QHNoYXJwLmZtMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAHvqVnaLYMNxU+Wtw NY+sYiSZxlKhab/sctG/Czj6Ntn75tzPNSu6GbW3jXRnyiP3mxTmlDzdKgZLdFcCf/5NfRym A23HhLAn41+G97LbDVMT80uU3efurSbsGbiPj7M0pcuMWPoHfQh9x7yofDuXr0xJVwqgmLJ3 wQwzirwOb7AwggM/MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJa QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoT EVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERp dmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG 9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcN MTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRp bmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vp bmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f 6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/Ef kTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7 AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRw Oi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8E BAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqG SIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQc UCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bG CE6u9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIDZDCCA2ACAQEwdjBiMQswCQYD VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEAxljuBYvPVR3WhH6nkb TPowCQYFKw4DAhoFAKCCAcMwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMDgwNjA2MjAyMzU4WjAjBgkqhkiG9w0BCQQxFgQUYovFcCStOGsVb+LHHAsY17f/ ldQwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZI hvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgYUGCSsGAQQBgjcQBDF4MHYwYjEL MAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAq BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhAMZY7gWLz1Ud1o R+p5G0z6MIGHBgsqhkiG9w0BCRACCzF4oHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBAhAMZY7gWLz1Ud1oR+p5G0z6MA0GCSqGSIb3DQEBAQUABIIB AK+ay7Dtc/IlmqN+y12uHIIkMqRAntZeo4BU+mUxfr7XTovPajFxj12M/SBNu1FnOWAJowtC ZfjbxYDTY2/f8isE6C3zWVyYUE9+1tVmjp2Ca47u5IEEKyiEOmnTbHwov6Lbggxx0N1AEQBd Pn83QNIDbKoGHdZCg4D5bwlv6VDHFP8+LnHq0oOKpIg40hd6+3NvWCmDmNXlRezrF1+5ounm djqeo32IXtyyeitG9tomCHk51ZIl+1PVySzvxS1NvWq6XPaq+t5jiKc9TkDJamwUC3woK3WP Flv/zkRm/HszQEBJ5O9SwUBoqp+WybpYfgf/M1AJXGU8nvZmlKso9gUAAAAAAAA= --------------ms060103000305060906060303--