Hi Christopher,
I added your post to the list of articles
http://cwiki.apache.org/confluence/display/ACTIVEMQ/Articles
I'll try to incorporate your work into amq when time permits.
Thanks
--
Dejan Bosanac
Open Source Integration - http://fusesource.com/
ActiveMQ in Action - http://www.manning.c
The promised blog entry:
http://christopherhunt-software.blogspot.com/2009/03/mutual-ssl-authentication-and-ldap.html
--
View this message in context:
http://www.nabble.com/SSL-authorisation-using-a-client%27s-subject-DN-for-JNDI-tp22470806p22558453.html
Sent from the ActiveMQ - User mailing li
djencks wrote:
>
>
> This looks to me like it will work but I don't understand why it would
> be more secure than having an activemq ldap user password on disk
> somewhere.
>
>
I thought that I should just mention that the login module I developed
(http://code.google.com/p/jaasloginmodul
I have now written a login module that extends AMQ's CertificateLoginModule
(which I found along the way!). The login module fulfills my goal of using a
directory service to authorise an authenticated SSL client.
The project is under the Apache 2.0 licence and its project page and
download can be
djencks wrote:
>
>
> This looks to me like it will work but I don't understand why it would
> be more secure than having an activemq ldap user password on disk
> somewhere.
>
I think that there is key difference between attempting to lock down ldap
access and permitting anonymous access t
On Mar 12, 2009, at 5:49 AM, huntc wrote:
huntc wrote:
You're right in that activemq still has to bind itself to perform a
search
to see which groups an endpoint's dn belongs to. I did forget about
that.
Perhaps this bind could be achieved using a mechanism such as SASL/
GSSAPI?
huntc wrote:
>
> You're right in that activemq still has to bind itself to perform a search
> to see which groups an endpoint's dn belongs to. I did forget about that.
>
>
Perhaps this bind could be achieved using a mechanism such as SASL/GSSAPI?
>
After lots of reading, and experimenting, p
Hi David,
My responses:
djencks wrote:
>
> ??? I'm not familiar with the activemq stuff but the ldap login
> modules I've seen work by binding to ldap using the client's supplied
> user name and password. If it works, then the user name/password is
> valid and you can go on to look for
On Mar 11, 2009, at 11:56 PM, huntc wrote:
Hi there,
I have a situation where I need to support authentication and
authorisation
for endpoints connecting to my broker. I have successfully
configured an
LDAP server for this purpose and have everything working.
My concern though is that e
