activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Robison <chrisdrobi...@gmail.com>
Subject Re: LDAPAuthorizationMap and Active Directory
Date Fri, 03 Feb 2012 21:13:00 GMT
I looked at that tutorial already. And you're right, works fine with Apache
Directory, but I have to use Active Directory. I just created a plugin that
inherited LDAPAuthorizationMap and changed the one method preventing what
was currently there from working.

Chris

On Fri, Feb 3, 2012 at 2:48 AM, Torsten Mielke <torsten@fusesource.com>wrote:

> > Has anyone been able to use the LDAPAuthorizationMap successfully with
> > Active Directory?
>
> Not with ActiveDirectory but when following the LDAP tutorial of the
> ActiveMQ Security Guide from FuseSource, the LDAPAuthorizationMap works
> fine against Apache Directory Server.
> http://fusesource.com/docs/broker/5.5/security/LDAP.html
>
> Perhaps this tutorial can help?
>
>
> Torsten Mielke
> torsten@fusesource.com
> tmielke@blogspot.com
>
> On Feb 2, 2012, at 10:13 PM, Chris Robison wrote:
>
> > Has anyone been able to use the LDAPAuthorizationMap successfully with
> > Active Directory? In my investigation, I don't think it will ever work in
> > its current state. When looking at the code, it is making the assumption
> > that the value of the member attribute (or what ever attribute you are
> > using) is always going to be in the form "{0}={1}" (a RDN). But,
> according
> > to the OpenLDAP spec, the member attribute value is a distinguished name.
> > That means values are a comma delimited list of RDNs. So, for example I
> > have AD groups that represent MQ roles. Here's one I use:
> > "CN=MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". The
> LDAPAuthorizationMap
> > considers the name of the
> > role "MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". Is this by design? I
> > would be happy to submit a patch to change this behavior. Thoughts?
> >
> > Chris Robison
>
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message