activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Wood <christopher_w...@pobox.com>
Subject periodic 5.6.0 ldap permission issues, solved by restart?
Date Thu, 21 Jun 2012 16:56:23 GMT
I upgraded our lab ActiveMQ to 5.6.0 and am using the cached ldap auth module. I appear to
be having a problem where at times ActiveMQ loses its authorization data cache and does not
refresh this from ldap. Is there any way of forcing a retry if it has a connection issue,
or otherwise further diagnosing what is happening?

Details:

Three times now (solved by an ActiveMQ restart) I have started seeing these errors in the
log (but for all queues that they are trying to access):

2012-06-21 11:57:31,538 | DEBUG | Error occured while processing sync command: ConsumerInfo
{commandId = 28936, responseRequired = true, consumerId = ID:myhost-53793-1340295272790-0:6:-1:1,
destination = ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic, prefetchSize = 0, maximumPendingMessageLimit
= 0, browser = false, dispatchAsync = false, selector = null, subscriptionName = null, noLocal
= true, exclusive = false, retroactive = false, priority = 0, brokerPath = null, optimizedAcknowledge
= false, noRangeAcks = false, additionalPredicate = null}, exception: java.lang.SecurityException:
User vm5a is not authorized to read from: ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic
| org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport: tcp:///10.201.147.250:51236

java.lang.SecurityException: User vm5a is not authorized to read from: ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic

Per our developers, they are seeing:

12:16:53,926  WARN DefaultMessageListenerContainer:822 - Setup of JMS message listener invoker
failed for destination 'queue://vm5.queuename' - trying to recover. Cause: User vm5a is not
authorized to read from: ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic

I ran some tcpdumps. While this is in the logs, I do not see any ldap searches attempting
to update the authorization info. Just after a restart, I do see intermittent searches for
the entries under ou=destination,ou=activemq,ou=systems,o=me.

My plugin info:

<authorizationPlugin>
  <map>
    <cachedLDAPAuthorizationMap
         connectionURL="ldap://ldap-lab.me:389"
         connectionUsername="cn=mqbroker,ou=services,o=me"
         connectionPassword="password"
         baseDn="ou=systems,o=me"
         refreshInterval="5000"
     />
  </map>
</authorizationPlugin>

Mime
View raw message