What gives the "system" user permission to create
topic://ActiveMQ.Advisory.Connection? Without this ActiveMQ will not start.
(Working with 5.5.1 since 5.6.0 is a jump requiring further testing.)
I'm getting this error (all pasted text munged slightly to obfuscate things):
2012-06-18 17:35:46,941 | DEBUG | Error occured while processing sync command:
ConnectionInfo {commandId = 1, responseRequired = true, connectionId =
ID:upuppet-01.lab.me.ca-56804-1340055346339-2:1, clientId =
ID:upuppet.me-56804-1340055346339-3:1, userName = system, password = *****,
brokerPath = null, brokerMasterConnector = false, manageable = true,
clientMaster = true, faultTolerant = false}, exception:
java.lang.SecurityException: User system is not authorized to create:
topic://ActiveMQ.Advisory.Connection |
org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport:
tcp:///127.0.0.1:50328
The system user is in the admin and users groups.
This is my plugin config:
<authorizationPlugin>
<map>
<bean xmlns="http://www.springframework.org/schema/beans";
id="lDAPAuthorizationMap"
class="org.apache.activemq.security.LDAPAuthorizationMap">
<property name="initialContextFactory"
value="com.sun.jndi.ldap.LdapCtxFactory"/>
<property name="connectionURL" value="ldap://ldap.me:389"/>
<property name="authentication" value="simple"/>
<property name="connectionUsername" value="cn=mqbroker,ou=services,o=me"/>
<property name="connectionPassword" value="me"/>
<property name="connectionProtocol" value="s"/>
<property name="topicSearchMatchingFormat"
value="cn={0},ou=Topic,ou=Destination,ou=ActiveMQ,ou=systems,o=me"/>
<property name="topicSearchSubtreeBool" value="true"/>
<property name="queueSearchMatchingFormat"
value="cn={0},ou=Queue,ou=Destination,ou=ActiveMQ,ou=systems,o=me"/>
<property name="queueSearchSubtreeBool" value="true"/>
<property name="adminBase" value="(cn=admin)"/>
<property name="adminAttribute" value="member"/>
<!-- <property name="adminAttributePrefix" value="cn="/> -->
<property name="readBase" value="(cn=read)"/>
<property name="readAttribute" value="member"/>
<!-- <property name="readAttributePrefix" value="cn="/> -->
<property name="writeBase" value="(cn=write)"/>
<property name="writeAttribute" value="member"/>
<!-- <property name="writeAttributePrefix" value="cn="/> -->
</bean>
</map>
</authorizationPlugin>
These are the advisory topic configs I have right now (I thought .> meant
access to the namespace?):
# ActiveMQ.Advisory.>, topic, destination, activemq, systems, me
dn: cn=ActiveMQ.Advisory.>,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
cn: ActiveMQ.Advisory.>
description: user access to advisory topics
objectClass: applicationProcess
# read, ActiveMQ.Advisory.>, topic, destination, activemq, systems, me
dn:
cn=read,cn=ActiveMQ.Advisory.>,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
cn: read
member: cn=users
objectClass: groupOfNames
# write, ActiveMQ.Advisory.>, topic, destination, activemq, systems, me
dn:
cn=write,cn=ActiveMQ.Advisory.>,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
cn: write
member: cn=users
objectClass: groupOfNames
# admin, ActiveMQ.Advisory.>, topic, destination, activemq, systems, me
dn:
cn=admin,cn=ActiveMQ.Advisory.>,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
cn: admin
member: cn=users
objectClass: groupOfNames
# ActiveMQ.Advisory.Connection, topic, destination, activemq, systems, me
dn:
cn=ActiveMQ.Advisory.Connection,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
cn: ActiveMQ.Advisory.Connection
description: user access to advisory topics
objectClass: applicationProcess
# read, ActiveMQ.Advisory.Connection, topic, destination, activemq, systems, me
dn:
cn=read,cn=ActiveMQ.Advisory.Connection,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
cn: read
member: cn=admin
objectClass: groupOfNames
# write, ActiveMQ.Advisory.Connection, topic, destination, activemq, systems, me
dn:
cn=write,cn=ActiveMQ.Advisory.Connection,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
cn: write
member: cn=admin
objectClass: groupOfNames
# admin, ActiveMQ.Advisory.Connection, topic, destination, activemq, systems, me
dn:
cn=admin,cn=ActiveMQ.Advisory.Connection,ou=topic,ou=destination,ou=activemq,ou=systems,o=me
cn: admin
member: cn=admin
objectClass: groupOfNames
