activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Mielke <tors...@fusesource.com>
Subject Re: Using LDAP login module
Date Thu, 02 Feb 2012 10:00:00 GMT
Hi,


There is an tutorial for configuring ActiveMQ to authenticate against an LDAP server in the
ActiveMQ Security Guide from FuseSource.
http://fusesource.com/docs/broker/5.5/security/front.html

See chapter 6 "LDAP tutorial" for a step-by-step guide.


Further, my blog contains two posts that extend this tutorial with the following topics

- Securing the broker using LDAP based authentication but also allowing anonymous connections
  with restricted permissions
  http://tmielke.blogspot.com/2011/12/activemq-ldap-based-authentication-and.html

- Securing the ActiveMQ web console to do LDAP based authentication
  http://tmielke.blogspot.com/2011/12/securing-activemq-web-console-using.html


Hope this will be helpful.



Torsten Mielke
torsten@fusesource.com
tmielke@blogspot.com


On Feb 1, 2012, at 10:03 PM, Matt Pavlovich wrote:

> Glad to hear :-)
> 
> On 2/1/12 3:00 PM, Chris Robison wrote:
>> Sweet! Now I'm getting an LDAP error, which is progress.
>> 
>> On Wed, Feb 1, 2012 at 1:56 PM, Matt Pavlovich<mattrpav@gmail.com>  wrote:
>> 
>>> Ah, start w/ line 0.. that puts it at connectionPassword.  Try adding " "
>>> around "Password!".  The exclamation point may be throwing it off.
>>> 
>>> 
>>> On 2/1/12 2:47 PM, Chris Robison wrote:
>>> 
>>>> The error says line 6 which in my login.config is connectionUsername.
>>>> 
>>>> Chris
>>>> 
>>>> On Wed, Feb 1, 2012 at 1:42 PM, Chris Robison<chrisdrobison@gmail.**com<chrisdrobison@gmail.com>
>>>>> wrote:
>>>>  When I run it, I still get the error.
>>>>> 
>>>>> On Wed, Feb 1, 2012 at 1:32 PM, Matt Pavlovich<mattrpav@gmail.com>
>>>>>  wrote:
>>>>> 
>>>>>  Chris-
>>>>>> I whipped up a quick unit test, and this passed.  I set the
>>>>>> connectionProtocol=s, w/o quotes.
>>>>>> 
>>>>>> 
>>>>>> ldap-login {
>>>>>>  org.apache.activemq.jaas.****LDAPLoginModule required
>>>>>>    debug=true
>>>>>>    initialContextFactory=com.sun.****jndi.ldap.LdapCtxFactory
>>>>>>    connectionURL="ldap://dc101.****cdr.corp"
>>>>>> 
>>>>>>    connectionUsername="CN=AMQ Service User,CN=Users,DC=cdr,DC=corp"
>>>>>>    connectionPassword=Password!
>>>>>>    connectionProtocol=s
>>>>>> 
>>>>>>    authentication=simple
>>>>>>    userBase="OU=Users,OU=****ActiveMQ,DC=cdr,DC=corp"
>>>>>>    userSearchMatching="(****samaccountname={0})"
>>>>>>    userSearchSubtree=false
>>>>>>    roleBase="OU=Groups,OU=****ActiveMQ,DC=cdr,DC=corp"
>>>>>>    roleName=cn
>>>>>>    roleSearchMatching="(member={****0})"
>>>>>> 
>>>>>>    roleSearchSubtree=false
>>>>>>    ;
>>>>>> };
>>>>>> 
>>>>>> 
>>>>>> On 2/1/12 2:24 PM, Chris Robison wrote:
>>>>>> 
>>>>>>  I can do that. I'll let you know.
>>>>>>> On Wed, Feb 1, 2012 at 1:19 PM, Matt Pavlovich<mattrpav@gmail.com>
>>>>>>>  wrote:
>>>>>>> 
>>>>>>>  How comfortable are you with Java?  The next step to try would
be to
>>>>>>> 
>>>>>>>> write
>>>>>>>> up a quick Java unit test that has the ConfigFile class try
to
>>>>>>>> intialize
>>>>>>>> against your login.config file.
>>>>>>>> 
>>>>>>>> See:
>>>>>>>> 
>>>>>>>> com.sun.security.auth.login.******ConfigFile
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On 2/1/12 1:59 PM, Chris Robison wrote:
>>>>>>>> 
>>>>>>>>  Yeah, it's the exact same exception.
>>>>>>>> 
>>>>>>>>> On Wed, Feb 1, 2012 at 12:55 PM, Matt Pavlovich<mattrpav@gmail.com>
>>>>>>>>>  wrote:
>>>>>>>>> 
>>>>>>>>>  Are you getting the exact same exception?  Your original
exception
>>>>>>>>> cause
>>>>>>>>> 
>>>>>>>>>  shows a null value for a key in that config:
>>>>>>>>>> 
>>>>>>>>>> Caused by: java.io.IOException: Configuration Error:
>>>>>>>>>> Line 6: expected [option key], found [null]
>>>>>>>>>> at com.sun.security.auth.login.**********ConfigFile.match(**
>>>>>>>>>> ConfigFile.******
>>>>>>>>>> java:577)
>>>>>>>>>> at
>>>>>>>>>> com.sun.security.auth.login.**********ConfigFile.**
>>>>>>>>>> parseLoginEntry(******ry(**
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> 






Mime
View raw message