djencks wrote: > > > This looks to me like it will work but I don't understand why it would > be more secure than having an activemq ldap user password on disk > somewhere. >
I think that there is key difference between attempting to lock down ldap access and permitting anonymous access to a branch of the ldap store. With the latter one is recognising that there is a branch of the ldap store that contains non-sensitive information. So then the question becomes: is it going to be a security issue knowing which subject DNs belong to the activemq groups? Looking at it another way: is having public access to activemq group member information any more insecure than browsing your /etc/group file for a list of unix user members? :-) Thanks again for the dialogue. Kind regards, Christopher -- View this message in context: http://www.nabble.com/SSL-authorisation-using-a-client%27s-subject-DN-for-JNDI-tp22470806p22486792.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
