activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Wood <christopher_w...@pobox.com>
Subject Re: ldap, system user can't create a topic
Date Tue, 19 Jun 2012 18:36:43 GMT
Unfortunately the blog post didn't help (my system user/pass is accurate in ldap and in the
activemq configs, and I name the topic in OpenLDAP). The FuseSource ActiveMQ configuration
options appear slightly different from the Apache ActiveMQ options.

I will give the 5.6.0 cached ldap auth a go.

On Tue, Jun 19, 2012 at 04:05:27PM +0200, Dejan Bosanac wrote:
> Hi,
> 
> this might help
> 
> http://tmielke.blogspot.com/2011/12/activemq-ldap-based-authentication-and.html
> 
> also you can consider using new CachedLDAPAuthorizationModule
> 
> http://activemq.apache.org/cached-ldap-authorization-module.html
> 
> Regards
> --
> Dejan Bosanac
> Senior Software Engineer | FuseSource Corp.
> dejanb@fusesource.com | fusesource.com
> skype: dejan.bosanac | twitter: @dejanb
> blog: http://www.nighttale.net
> ActiveMQ in Action: http://www.manning.com/snyder/
> 
> 
> On Mon, Jun 18, 2012 at 11:55 PM, Christopher Wood
> <christopher_wood@pobox.com> wrote:
> > What gives the "system" user permission to create topic://ActiveMQ.Advisory.Connection?
Without this ActiveMQ will not start. (Working with 5.5.1 since 5.6.0 is a jump requiring
further testing.)
> >
> > I'm getting this error (all pasted text munged slightly to obfuscate things):
> >
> > 2012-06-18 17:35:46,941 | DEBUG | Error occured while processing sync command: ConnectionInfo
{commandId = 1, responseRequired = true, connectionId = ID:upuppet-01.lab.me.ca-56804-1340055346339-2:1,
clientId = ID:upuppet.me-56804-1340055346339-3:1, userName = system, password = *****, brokerPath
= null, brokerMasterConnector = false, manageable = true, clientMaster = true, faultTolerant
= false}, exception: java.lang.SecurityException: User system is not authorized to create:
topic://ActiveMQ.Advisory.Connection | org.apache.activemq.broker.TransportConnection.Service
| ActiveMQ Transport: tcp:///127.0.0.1:50328
> >
> > The system user is in the admin and users groups.
> >
> > This is my plugin config:
> >
> >
> > <authorizationPlugin>
> >  <map>
> >    <bean xmlns="http://www.springframework.org/schema/beans" id="lDAPAuthorizationMap"
> >          class="org.apache.activemq.security.LDAPAuthorizationMap">
> >      <property name="initialContextFactory" value="com.sun.jndi.ldap.LdapCtxFactory"/>
> >      <property name="connectionURL" value="ldap://ldap.me:389"/>
> >      <property name="authentication" value="simple"/>
> >      <property name="connectionUsername" value="cn=mqbroker,ou=services,o=me"/>
> >      <property name="connectionPassword" value="me"/>
> >      <property name="connectionProtocol" value="s"/>
> >      <property name="topicSearchMatchingFormat" value="cn={0},ou=Topic,ou=Destination,ou=ActiveMQ,ou=systems,o=me"/>
> >      <property name="topicSearchSubtreeBool" value="true"/>
> >      <property name="queueSearchMatchingFormat" value="cn={0},ou=Queue,ou=Destination,ou=ActiveMQ,ou=systems,o=me"/>
> >      <property name="queueSearchSubtreeBool" value="true"/>
> >      <property name="adminBase" value="(cn=admin)"/>
> >      <property name="adminAttribute" value="member"/>
> >      <!-- <property name="adminAttributePrefix" value="cn="/> -->
> >      <property name="readBase" value="(cn=read)"/>
> >      <property name="readAttribute" value="member"/>
> >      <!-- <property name="readAttributePrefix" value="cn="/>  -->
> >      <property name="writeBase" value="(cn=write)"/>
> >      <property name="writeAttribute" value="member"/>
> >      <!-- <property name="writeAttributePrefix" value="cn="/>  -->
> >    </bean>
> >  </map>
> > </authorizationPlugin>
> >
> >
> > These are the advisory topic configs I have right now (I thought .> meant access
to the namespace?):
> >
> >
> > # ActiveMQ.Advisory.>, topic, destination, activemq, systems, me
> > dn: cn=ActiveMQ.Advisory.>,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
> > cn: ActiveMQ.Advisory.>
> > description: user access to advisory topics
> > objectClass: applicationProcess
> >
> > # read, ActiveMQ.Advisory.>, topic, destination, activemq, systems, me
> > dn: cn=read,cn=ActiveMQ.Advisory.>,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
> > cn: read
> > member: cn=users
> > objectClass: groupOfNames
> >
> > # write, ActiveMQ.Advisory.>, topic, destination, activemq, systems, me
> > dn: cn=write,cn=ActiveMQ.Advisory.>,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
> > cn: write
> > member: cn=users
> > objectClass: groupOfNames
> >
> > # admin, ActiveMQ.Advisory.>, topic, destination, activemq, systems, me
> > dn: cn=admin,cn=ActiveMQ.Advisory.>,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
> > cn: admin
> > member: cn=users
> > objectClass: groupOfNames
> >
> > # ActiveMQ.Advisory.Connection, topic, destination, activemq, systems, me
> > dn: cn=ActiveMQ.Advisory.Connection,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
> > cn: ActiveMQ.Advisory.Connection
> > description: user access to advisory topics
> > objectClass: applicationProcess
> >
> > # read, ActiveMQ.Advisory.Connection, topic, destination, activemq, systems, me
> > dn: cn=read,cn=ActiveMQ.Advisory.Connection,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
> > cn: read
> > member: cn=admin
> > objectClass: groupOfNames
> >
> > # write, ActiveMQ.Advisory.Connection, topic, destination, activemq, systems, me
> > dn: cn=write,cn=ActiveMQ.Advisory.Connection,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
> > cn: write
> > member: cn=admin
> > objectClass: groupOfNames
> >
> > # admin, ActiveMQ.Advisory.Connection, topic, destination, activemq, systems, me
> > dn: cn=admin,cn=ActiveMQ.Advisory.Connection,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
> > cn: admin
> > member: cn=admin
> > objectClass: groupOfNames
> >
> >
> 

Mime
View raw message