activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Mielke <tors...@fusesource.com>
Subject Re: LDAPAuthorizationMap and Active Directory
Date Fri, 03 Feb 2012 09:48:46 GMT
> Has anyone been able to use the LDAPAuthorizationMap successfully with
> Active Directory? 

Not with ActiveDirectory but when following the LDAP tutorial of the ActiveMQ Security Guide
from FuseSource, the LDAPAuthorizationMap works fine against Apache Directory Server.
http://fusesource.com/docs/broker/5.5/security/LDAP.html

Perhaps this tutorial can help?


Torsten Mielke
torsten@fusesource.com
tmielke@blogspot.com

On Feb 2, 2012, at 10:13 PM, Chris Robison wrote:

> Has anyone been able to use the LDAPAuthorizationMap successfully with
> Active Directory? In my investigation, I don't think it will ever work in
> its current state. When looking at the code, it is making the assumption
> that the value of the member attribute (or what ever attribute you are
> using) is always going to be in the form "{0}={1}" (a RDN). But, according
> to the OpenLDAP spec, the member attribute value is a distinguished name.
> That means values are a comma delimited list of RDNs. So, for example I
> have AD groups that represent MQ roles. Here's one I use:
> "CN=MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". The LDAPAuthorizationMap
> considers the name of the
> role "MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". Is this by design? I
> would be happy to submit a patch to change this behavior. Thoughts?
> 
> Chris Robison





Mime
View raw message