Judging from exceptions I'm no longer receiving the plugin is able to authenticate the user and find the topic and queue objects. However it does not see the admin attribute and refuses to let my user create the ActiveMQ.Advisory.Connections topic. I don't see anywhere in the configuration what the plugin looks for in the permission attributes. I've tried putting both the DN (member=cn=users,ou=Group,ou=ActiveMQ,ou=systems,dc=example,dc=com) and just cn=users. I've also tried this for the group objects (member = uid=user,ou=User,ou=ActiveMQ,ou=systems,dc=example,dc=com).
Anyone know what exactly the plugin is looking for in the specified permission attribute? I've based my configuration on these two articles: http://www.nabble.com/Adding-users-on-the-fly-ACTIVEMQ-to16825211s2354.html#a16984528 http://www.nabble.com/Help-with-SimpleAuthenticationPlugin-td4607329.html#a4609098 Any ideas? LoginLdapConfiguration { org.apache.activemq.jaas.LDAPLoginModule required debug=true initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory connectionURL="ldap://127.0.0.1:10389"; connectionUsername="cn=mqbroker,ou=Services,dc=example,dc=com" connectionPassword=password connectionProtocol=s authentication=simple userBase="ou=User,ou=ActiveMQ,ou=systems,dc=example,dc=com" userRoleName=dummyUserRoleName userSearchMatching="(uid={0})" userSearchSubtree=true roleBase="ou=Group,ou=ActiveMQ,ou=systems,dc=example,dc=com" roleName=cn roleSearchMatching="(member=uid={0})" roleSearchSubtree=true ; }; <authorizationPlugin> <map> <bean xmlns="http://www.springframework.org/schema/beans"; id="lDAPAuthorizationMap" class="org.apache.activemq.security.LDAPAuthorizationMap" > <property name="initialContextFactory" value="com.sun.jndi.ldap.LdapCtxFactory"/> <property name="connectionURL" value="ldap://127.0.0.1:10389"/> <property name="authentication" value="simple"/> <property name="connectionUsername" value="cn=mqbroker,ou=Services,dc=example,dc=com"/> <property name="connectionPassword" value="password"/> <property name="connectionProtocol" value="s"/> <property name="topicSearchSubtreeBool" value="true"/> <property name="queueSearchMatchingFormat" ref="myQSearchMatchingFormat"/> <property name="topicSearchMatchingFormat" ref="myTSearchMatchingFormat"/> <property name="queueSearchSubtreeBool" value="true"/> <property name="adminBase" value="(cn=admin)"/> <property name="adminAttribute" value="member"/> <property name="readBase" value="(cn=read)"/> <property name="readAttribute" value="member"/> <property name="writeBase" value="(cn=write)"/> <property name="writeAttribute" value="member"/> </bean> </map> </authorizationPlugin> </plugins> </broker> <bean xmlns="http://www.springframework.org/schema/beans"; id="myQSearchMatchingFormat" class="java.text.MessageFormat"> <constructor-arg value="cn={0},ou=Queue,ou=Destination,ou=ActiveMQ,ou=systems,dc=example,dc=com"/> </bean> <bean xmlns="http://www.springframework.org/schema/beans"; id="myTSearchMatchingFormat" class="java.text.MessageFormat"> <constructor-arg value="cn={0},ou=Topic,ou=Destination,ou=ActiveMQ,ou=systems,dc=example,dc=com"/> </bean> -- View this message in context: http://www.nabble.com/LDAPAuthoizationMap-permissions-tp18659415p18659415.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
