activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hiram Chirino <hi...@hiramchirino.com>
Subject Re: Apache Apollo Broker Connection to LDAP OVER SSL
Date Sun, 25 Nov 2012 14:28:06 GMT
Hi,

Try using a login module configuration similar to:

 org.apache.activemq.jaas.LDAPLoginModule required
       debug=true
       initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
       connectionURL="ldap://ldap.acme.com:389"
connectionUsername="cn=mqbroker,ou=Services,dc=acme,dc=com"
       connectionPassword=password
       connectionProtocol=ssl
       authentication=simple
       userBase="ou=User,ou=ActiveMQ,ou=systems,dc=acme,dc=com"
       userRoleName=dummyUserRoleName
       userSearchMatching="(uid={0})"
       userSearchSubtree=false
       roleBase="ou=Group,ou=ActiveMQ,ou=systems,dc=acme,dc=com"
       roleName=cn
       roleSearchMatching="(member:=uid={1})"
       roleSearchSubtree=true
       ;

Please note that the LDAPLoginModule
adds org.apache.activemq.jaas.UserPrincipal and
org.apache.activemq.jaas.GroupPrincipal objects to the subject.  You will
need to configure the authorization rules in apollo.xml appropriately.


On Fri, Nov 23, 2012 at 2:59 PM, bhavesh.patel <bhavesh.patel@mzero.com>wrote:

> Hi
> I want to know if Apache Apollo Broker Connection to LDAP OVER SSL exists .
> From the documents it seems it doesnt exist .
> connectionProtocol is accepting blank string for now .Can you please let me
> know if there is a way to connect Apollo broker to Authenticate user over
> LDAP with SSL.
> Please reply
> Thanks
>
>
>
> --
> View this message in context:
> http://activemq.2283324.n4.nabble.com/Apache-Apollo-Broker-Connection-to-LDAP-OVER-SSL-tp4659701.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>



-- 

**

*Hiram Chirino*

*Engineering | Red Hat, Inc.*

*hchirino@redhat.com <hchirino@redhat.com> | fusesource.com | redhat.com*

*skype: hiramchirino | twitter: @hiramchirino<http://twitter.com/hiramchirino>
*

*blog: Hiram Chirino's Bit Mojo <http://hiramchirino.com/blog/>*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message