qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ganesh Murthy <gmur...@redhat.com>
Subject Re: Qpid Dispatch authenticate through ldap, is this possible
Date Fri, 06 Apr 2018 14:41:33 GMT
On Fri, Apr 6, 2018 at 10:21 AM, Michiel Lange <mlange@anwb.nl> wrote:

> Im sorry, I edited that one via the Nabble forums, but it seems <raw> tags
> don't get processed that well.
>
> So here it is again:
>
> thanks; that helps alot already... Once I get this running, I'll try and
> see how I can contribute to the documentation, which I find a bit lacking
> in this respect.
>
> I have it running with saslMechanism ANONYMOUS, however, I'd like the
> dispatch router to "pass through" the credentials to the broker, rather
> than having a connection of its own with it's own credentials; Currently I
> have tried to setup the broker to allow anonymous connections, and that
> worked. When I set the username and password in the router-container
> connector that also worked.
>
> On my first host I have a configuration like this:
>
> router {
>         mode: interior
>         id: router.clients.A
> }
>
> listener {
>         host: 0.0.0.0
>         port: 5670
>         role: inter-router
>         saslMechanisms: ANONYMOUS
> }
>
> listener {
>         name: ontvangst
>         host: 0.0.0.0
>         port: 5672
>         role: normal
>         authenticatePeer: no
>         saslMechanisms: ANONYMOUS
> }
>
> listener {
>         name: mgmt
>         host: 0.0.0.0
>         port: 5673
>         role: normal
>         http: yes
>         authenticatePeer: no
>         saslMechanisms: ANONYMOUS
> }
>
>
> Then I have another router that sits on the same machine that contains the
> brokers:
>
> router {
>         mode: interior
>         id: router.broker.node.A
> }
>
> #
> # connectors to de client-facing qpid
> #
>
> connector {
>         name: router.cli.A
>         role: inter-router
>         host: host_a
>         port: 5670
>         saslMechanisms: ANONYMOUS
> }
>
> connector {
>         name: broker1-conn
>         role: route-container
>         host: broker1.master.host
>         port: 10010
>         failoverList: amqp://broker1.slave.host:10010
>         saslUsername: administrator
>         saslPassword: administrator
> }
>

you have set the saslUsername/saslPassword here. This information will be
sent to the broker during the initial sasl exchange. If you set the
environment variable PN_TRACE_FRM=1 you will see the router (via proton)
put out the frame traces
that are exchanged between the broker and the router. The router will send
the user name and password during the sasl exchange to the broker and you
can see that via the frame trace. Check the frame trace and let me know
what you see.
Your configs look good.


>
>
> # -------- link routes -------
>
> # this one is required for transactional sessions
> linkRoute {
>         prefix: $coordinator
>         dir: in
>         connection: broker
> }
>
> linkRoute {
>         prefix: myqueue
>         connection: broker1-conn
>         dir: in
> }
>
> linkRoute {
>         prefix: myqueue
>         connection: broker1-conn
>         dir: out
> }
>
> linkRoute {
>         prefix: theirqueue
>         connection: broker1-conn
>         dir: in
> }
>
> linkRoute {
>         prefix: theirqueue
>         connection: broker1-conn
>         dir: out
> }
>
>
> I simplified it a bit (reduced the prefixes and sending to only one
> brokerpair, rather than the bunch I had defined, it breaks the purpose here
> :-) )
>
> As you can see, I have set everything, except the connection to the broker
> to ANONYMOUS; This because I have the broker configured to require login.
>
>
> -----Oorspronkelijk bericht-----
> Van: mlange [mailto:mlange@anwb.nl]
> Verzonden: vrijdag 6 april 2018 16:19
> Aan: users@qpid.apache.org
> Onderwerp: Re: Qpid Dispatch authenticate through ldap, is this possible
>
> thanks; that helps alot already... Once I get this running, I'll try and
> see how I can contribute to the documentation, which I find a bit lacking
> in this respect.
>
> I have it running with saslMechanism ANONYMOUS, however, I'd like the
> dispatch router to "pass through" the credentials to the broker, rather
> than having a connection of its own with it's own credentials; Currently I
> have tried to setup the broker to allow anonymous connections, and that
> worked.
> When I set the username and password in the router-container connector
> that also worked.
>
> On my first host I have a configuration like this:
>
>
> Then I have another router that sits on the same machine that contains the
> brokers:
>
>
> I simplified it a bit (reduced the prefixes and sending to only one
> brokerpair, rather than the bunch I had defined, it breaks the purpose here
> :-) )
>
> As you can see, I have set everything, except the connection to the broker
> to ANONYMOUS; This because I have the broker configured to require login.
>
>
>
> --
> Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-
> f2158936.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For additional
> commands, e-mail: users-help@qpid.apache.org
>
> ________________________________
>
>
> Disclaimer
>
> E-mail wordt door ANWB niet gebruikt voor het aangaan van externe
> verplichtingen.
>
> Deze e-mail is uitsluitend bestemd voor geadresseerde(n). Indien deze
> e-mail onverhoopt niet voor u is bestemd dan verzoeken wij u vriendelijk
> contact op te nemen met de afzender en daarna het bericht te vernietigen.
> Deze e-mail mag niet worden doorgestuurd, openbaar gemaakt of
> verveelvoudigd worden zonder de toestemming van de afzender.
>
> ANWB betracht grote zorgvuldigheid bij het verzenden van e-mails. ANWB kan
> echter niet garanderen dat deze e-mail juist, volledig, tijdig en virusvrij
> wordt overgebracht. In een dergelijk geval is ANWB op geen enkele wijze
> aansprakelijk voor enige schade, direct dan wel indirect, in welke vorm dan
> ook.
>
> ANWB B.V.
> ________________________________
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message