activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Robison <chrisdrobi...@gmail.com>
Subject Re: Using LDAP login module
Date Wed, 01 Feb 2012 19:52:43 GMT
No good. I should note that I'm combining LDAP authenticate with simple
authorization. Is that possible?

Chris

On Wed, Feb 1, 2012 at 12:42 PM, Matt Pavlovich <mattrpav@gmail.com> wrote:

> My bad.. the default is "s" in the ActiveMQ src.  This is where you would
> specify "ssl" or not.  I think the problem is that you have it empty, so
> its parsing as NULL, and you are getting the error.  Try not setting it,
> and see if the default works for you.
>
>
> On 2/1/12 12:22 PM, Chris Robison wrote:
>
>> I'm trying to use the LDAP login module to tie into Active Directory.
>> Here's what my AMQ conf looks like:
>>
>> <plugins>
>> <jaasAuthenticationPlugin configuration="ldap-login" />
>> <authorizationPlugin>
>> <map>
>> <authorizationMap>
>> <authorizationEntries>
>> <authorizationEntry queue=">" read="MQCoreAdmin" write="MQCoreAdmin"
>> admin="MQCoreAdmin" />
>> <authorizationEntry topic=">" read="MQCoreAdmin" write="MQCoreAdmin"
>> admin="MQCoreAdmin" />
>> </authorizationEntries>
>> </authorizationMap>
>> </map>
>> </authorizationPlugin>
>> </plugins>
>>
>> Here is what the login.config looks like:
>>
>> ldap-login {
>>   org.apache.activemq.jaas.**LDAPLoginModule required
>>     debug=true
>>     initialContextFactory=com.sun.**jndi.ldap.LdapCtxFactory
>>     connectionURL="ldap://dc101.**cdr.corp"
>>     connectionUsername="CN=AMQ Service User,CN=Users,DC=cdr,DC=corp"
>>     connectionPassword=Password!
>>     connectionProtocol=""
>>     authentication=simple
>>     userBase="OU=Users,OU=**ActiveMQ,DC=cdr,DC=corp"
>>     userSearchMatching="(**samaccountname={0})"
>>     userSearchSubtree=false
>>     roleBase="OU=Groups,OU=**ActiveMQ,DC=cdr,DC=corp"
>>     roleName=cn
>>     roleSearchMatching="(member={**0})"
>>     roleSearchSubtree=false
>>     ;
>> };
>>
>> I'm trying to simply connect another broker to this broker. Here is the
>> network connector config that I'm using on the second broker:
>>
>>         <networkConnectors>
>>             <networkConnector uri="static:(tcp://localhost:**61616)"
>> duplex="true" userName="mqsiteuser1" password="Password!"/>
>>         </networkConnectors>
>>
>> Here's the exception I'm getting in the logs:
>>
>> 2012-02-01 11:14:07,064 | WARN  | Failed to add Connection
>> ID:ubuntu1-54051-**1328120046405-2:1, reason:
>> java.lang.SecurityException:
>> User name or password is invalid. |
>> org.apache.activemq.broker.**TransportConnection | ActiveMQ Transport:
>> tcp:///
>> 127.0.0.1:45176
>> 2012-02-01 11:14:07,070 | DEBUG | Exception detail: |
>> org.apache.activemq.broker.**TransportConnection | ActiveMQ Transport:
>> tcp:///
>> 127.0.0.1:45176
>> java.lang.SecurityException: User name or password is invalid.
>> at
>> org.apache.activemq.security.**JaasAuthenticationBroker.**addConnection(*
>> *JaasAuthenticationBroker.java:**83)
>> at
>> org.apache.activemq.broker.**BrokerFilter.addConnection(**
>> BrokerFilter.java:85)
>> at
>> org.apache.activemq.broker.**MutableBrokerFilter.**addConnection(**
>> MutableBrokerFilter.java:91)
>> at
>> org.apache.activemq.broker.**TransportConnection.**processAddConnection(*
>> *TransportConnection.java:692)
>> at org.apache.activemq.command.**ConnectionInfo.visit(**
>> ConnectionInfo.java:137)
>> at
>> org.apache.activemq.broker.**TransportConnection.service(**
>> TransportConnection.java:306)
>> at
>> org.apache.activemq.broker.**TransportConnection$1.**
>> onCommand(TransportConnection.**java:179)
>> at
>> org.apache.activemq.transport.**ResponseCorrelator.onCommand(**
>> ResponseCorrelator.java:116)
>> at
>> org.apache.activemq.transport.**TransportFilter.onCommand(**
>> TransportFilter.java:69)
>> at
>> org.apache.activemq.transport.**vm.VMTransport.dispatch(**
>> VMTransport.java:121)
>> at org.apache.activemq.transport.**vm.VMTransport.oneway(**
>> VMTransport.java:112)
>> at
>> org.apache.activemq.transport.**MutexTransport.oneway(**
>> MutexTransport.java:40)
>> at
>> org.apache.activemq.transport.**ResponseCorrelator.oneway(**
>> ResponseCorrelator.java:60)
>> at
>> org.apache.activemq.network.**DemandForwardingBridgeSupport.**
>> serviceRemoteCommand(**DemandForwardingBridgeSupport.**java:516)
>> at
>> org.apache.activemq.network.**DemandForwardingBridgeSupport$**
>> 2.onCommand(**DemandForwardingBridgeSupport.**java:165)
>> at
>> org.apache.activemq.transport.**ResponseCorrelator.onCommand(**
>> ResponseCorrelator.java:116)
>> at
>> org.apache.activemq.transport.**TransportFilter.onCommand(**
>> TransportFilter.java:69)
>> at
>> org.apache.activemq.transport.**WireFormatNegotiator.**onCommand(**
>> WireFormatNegotiator.java:113)
>> at
>> org.apache.activemq.transport.**InactivityMonitor.onCommand(**
>> InactivityMonitor.java:227)
>> at
>> org.apache.activemq.transport.**TransportSupport.doConsume(**
>> TransportSupport.java:83)
>> at
>> org.apache.activemq.transport.**tcp.TcpTransport.doRun(**
>> TcpTransport.java:220)
>> at org.apache.activemq.transport.**tcp.TcpTransport.run(**
>> TcpTransport.java:202)
>> at java.lang.Thread.run(Thread.**java:679)
>> Caused by: java.lang.SecurityException: Configuration Error:
>> Line 6: expected [option key], found [null]
>> at com.sun.security.auth.login.**ConfigFile.<init>(ConfigFile.**java:110)
>> at sun.reflect.**NativeConstructorAccessorImpl.**newInstance0(Native
>> Method)
>> at
>> sun.reflect.**NativeConstructorAccessorImpl.**newInstance(**
>> NativeConstructorAccessorImpl.**java:57)
>> at
>> sun.reflect.**DelegatingConstructorAccessorI**mpl.newInstance(**
>> DelegatingConstructorAccessorI**mpl.java:45)
>> at java.lang.reflect.Constructor.**newInstance(Constructor.java:**532)
>> at java.lang.Class.newInstance0(**Class.java:372)
>> at java.lang.Class.newInstance(**Class.java:325)
>> at javax.security.auth.login.**Configuration$3.run(**
>> Configuration.java:264)
>> at javax.security.auth.login.**Configuration$3.run(**
>> Configuration.java:260)
>> at java.security.**AccessController.doPrivileged(**Native Method)
>> at
>> javax.security.auth.login.**Configuration.**getConfiguration(**
>> Configuration.java:259)
>> at javax.security.auth.login.**LoginContext$1.run(**
>> LoginContext.java:254)
>> at javax.security.auth.login.**LoginContext$1.run(**
>> LoginContext.java:252)
>> at java.security.**AccessController.doPrivileged(**Native Method)
>> at javax.security.auth.login.**LoginContext.init(**LoginContext.java:251)
>> at javax.security.auth.login.**LoginContext.<init>(**
>> LoginContext.java:418)
>> at
>> org.apache.activemq.security.**JaasAuthenticationBroker.**addConnection(*
>> *JaasAuthenticationBroker.java:**75)
>> ... 22 more
>> Caused by: java.io.IOException: Configuration Error:
>> Line 6: expected [option key], found [null]
>> at com.sun.security.auth.login.**ConfigFile.match(ConfigFile.**java:577)
>> at
>> com.sun.security.auth.login.**ConfigFile.parseLoginEntry(**
>> ConfigFile.java:440)
>> at com.sun.security.auth.login.**ConfigFile.readConfig(**
>> ConfigFile.java:383)
>> at com.sun.security.auth.login.**ConfigFile.init(ConfigFile.**java:283)
>> at com.sun.security.auth.login.**ConfigFile.init(ConfigFile.**java:219)
>> at com.sun.security.auth.login.**ConfigFile.<init>(ConfigFile.**java:108)
>> ... 38 more
>>
>> I'm not understanding the Configuration Error. What is it expecting that
>> I'm not giving it? Any help would be appreciated.
>>
>> Thanks,
>> Chris
>>
>>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message