activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Tully <gary.tu...@gmail.com>
Subject Re: LDAPAuthorizationMap and Active Directory
Date Mon, 06 Feb 2012 14:51:46 GMT
Is that something you can/want to contribute back. Would be great if
we got a solution that worked for both.

If you want to get that onto trunk, attach a patch to a new jira and
tick the license grant check box on file upload.
http://activemq.apache.org/contributing.html

On 3 February 2012 21:13, Chris Robison <chrisdrobison@gmail.com> wrote:
> I looked at that tutorial already. And you're right, works fine with Apache
> Directory, but I have to use Active Directory. I just created a plugin that
> inherited LDAPAuthorizationMap and changed the one method preventing what
> was currently there from working.
>
> Chris
>
> On Fri, Feb 3, 2012 at 2:48 AM, Torsten Mielke <torsten@fusesource.com>wrote:
>
>> > Has anyone been able to use the LDAPAuthorizationMap successfully with
>> > Active Directory?
>>
>> Not with ActiveDirectory but when following the LDAP tutorial of the
>> ActiveMQ Security Guide from FuseSource, the LDAPAuthorizationMap works
>> fine against Apache Directory Server.
>> http://fusesource.com/docs/broker/5.5/security/LDAP.html
>>
>> Perhaps this tutorial can help?
>>
>>
>> Torsten Mielke
>> torsten@fusesource.com
>> tmielke@blogspot.com
>>
>> On Feb 2, 2012, at 10:13 PM, Chris Robison wrote:
>>
>> > Has anyone been able to use the LDAPAuthorizationMap successfully with
>> > Active Directory? In my investigation, I don't think it will ever work in
>> > its current state. When looking at the code, it is making the assumption
>> > that the value of the member attribute (or what ever attribute you are
>> > using) is always going to be in the form "{0}={1}" (a RDN). But,
>> according
>> > to the OpenLDAP spec, the member attribute value is a distinguished name.
>> > That means values are a comma delimited list of RDNs. So, for example I
>> > have AD groups that represent MQ roles. Here's one I use:
>> > "CN=MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". The
>> LDAPAuthorizationMap
>> > considers the name of the
>> > role "MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". Is this by design? I
>> > would be happy to submit a patch to change this behavior. Thoughts?
>> >
>> > Chris Robison
>>
>>
>>
>>
>>



-- 
http://fusesource.com
http://blog.garytully.com

Mime
View raw message