Unfortunately the blog post didn't help (my system user/pass is accurate in ldap and in the activemq configs, and I name the topic in OpenLDAP). The FuseSource ActiveMQ configuration options appear slightly different from the Apache ActiveMQ options.
I will give the 5.6.0 cached ldap auth a go. On Tue, Jun 19, 2012 at 04:05:27PM +0200, Dejan Bosanac wrote: > Hi, > > this might help > > http://tmielke.blogspot.com/2011/12/activemq-ldap-based-authentication-and.html > > also you can consider using new CachedLDAPAuthorizationModule > > http://activemq.apache.org/cached-ldap-authorization-module.html > > Regards > -- > Dejan Bosanac > Senior Software Engineer | FuseSource Corp. > dej...@fusesource.com | fusesource.com > skype: dejan.bosanac | twitter: @dejanb > blog: http://www.nighttale.net > ActiveMQ in Action: http://www.manning.com/snyder/ > > > On Mon, Jun 18, 2012 at 11:55 PM, Christopher Wood > <christopher_w...@pobox.com> wrote: > > What gives the "system" user permission to create > > topic://ActiveMQ.Advisory.Connection? Without this ActiveMQ will not start. > > (Working with 5.5.1 since 5.6.0 is a jump requiring further testing.) > > > > I'm getting this error (all pasted text munged slightly to obfuscate > > things): > > > > 2012-06-18 17:35:46,941 | DEBUG | Error occured while processing sync > > command: ConnectionInfo {commandId = 1, responseRequired = true, > > connectionId = ID:upuppet-01.lab.me.ca-56804-1340055346339-2:1, clientId = > > ID:upuppet.me-56804-1340055346339-3:1, userName = system, password = *****, > > brokerPath = null, brokerMasterConnector = false, manageable = true, > > clientMaster = true, faultTolerant = false}, exception: > > java.lang.SecurityException: User system is not authorized to create: > > topic://ActiveMQ.Advisory.Connection | > > org.apache.activemq.broker.TransportConnection.Service | ActiveMQ > > Transport: tcp:///127.0.0.1:50328 > > > > The system user is in the admin and users groups. > > > > This is my plugin config: > > > > > > <authorizationPlugin> > > <map> > > <bean xmlns="http://www.springframework.org/schema/beans"; > > id="lDAPAuthorizationMap" > > class="org.apache.activemq.security.LDAPAuthorizationMap"> > > <property name="initialContextFactory" > > value="com.sun.jndi.ldap.LdapCtxFactory"/> > > <property name="connectionURL" value="ldap://ldap.me:389"/> > > <property name="authentication" value="simple"/> > > <property name="connectionUsername" > > value="cn=mqbroker,ou=services,o=me"/> > > <property name="connectionPassword" value="me"/> > > <property name="connectionProtocol" value="s"/> > > <property name="topicSearchMatchingFormat" > > value="cn={0},ou=Topic,ou=Destination,ou=ActiveMQ,ou=systems,o=me"/> > > <property name="topicSearchSubtreeBool" value="true"/> > > <property name="queueSearchMatchingFormat" > > value="cn={0},ou=Queue,ou=Destination,ou=ActiveMQ,ou=systems,o=me"/> > > <property name="queueSearchSubtreeBool" value="true"/> > > <property name="adminBase" value="(cn=admin)"/> > > <property name="adminAttribute" value="member"/> > > <!-- <property name="adminAttributePrefix" value="cn="/> --> > > <property name="readBase" value="(cn=read)"/> > > <property name="readAttribute" value="member"/> > > <!-- <property name="readAttributePrefix" value="cn="/> --> > > <property name="writeBase" value="(cn=write)"/> > > <property name="writeAttribute" value="member"/> > > <!-- <property name="writeAttributePrefix" value="cn="/> --> > > </bean> > > </map> > > </authorizationPlugin> > > > > > > These are the advisory topic configs I have right now (I thought .> meant > > access to the namespace?): > > > > > > # ActiveMQ.Advisory.>, topic, destination, activemq, systems, me > > dn: > > cn=ActiveMQ.Advisory.>,ou=topic,ou=destination,ou=activemq,ou=systems,o=me > > cn: ActiveMQ.Advisory.> > > description: user access to advisory topics > > objectClass: applicationProcess > > > > # read, ActiveMQ.Advisory.>, topic, destination, activemq, systems, me > > dn: > > cn=read,cn=ActiveMQ.Advisory.>,ou=topic,ou=destination,ou=activemq,ou=systems,o=me > > cn: read > > member: cn=users > > objectClass: groupOfNames > > > > # write, ActiveMQ.Advisory.>, topic, destination, activemq, systems, me > > dn: > > cn=write,cn=ActiveMQ.Advisory.>,ou=topic,ou=destination,ou=activemq,ou=systems,o=me > > cn: write > > member: cn=users > > objectClass: groupOfNames > > > > # admin, ActiveMQ.Advisory.>, topic, destination, activemq, systems, me > > dn: > > cn=admin,cn=ActiveMQ.Advisory.>,ou=topic,ou=destination,ou=activemq,ou=systems,o=me > > cn: admin > > member: cn=users > > objectClass: groupOfNames > > > > # ActiveMQ.Advisory.Connection, topic, destination, activemq, systems, me > > dn: > > cn=ActiveMQ.Advisory.Connection,ou=topic,ou=destination,ou=activemq,ou=systems,o=me > > cn: ActiveMQ.Advisory.Connection > > description: user access to advisory topics > > objectClass: applicationProcess > > > > # read, ActiveMQ.Advisory.Connection, topic, destination, activemq, > > systems, me > > dn: > > cn=read,cn=ActiveMQ.Advisory.Connection,ou=topic,ou=destination,ou=activemq,ou=systems,o=me > > cn: read > > member: cn=admin > > objectClass: groupOfNames > > > > # write, ActiveMQ.Advisory.Connection, topic, destination, activemq, > > systems, me > > dn: > > cn=write,cn=ActiveMQ.Advisory.Connection,ou=topic,ou=destination,ou=activemq,ou=systems,o=me > > cn: write > > member: cn=admin > > objectClass: groupOfNames > > > > # admin, ActiveMQ.Advisory.Connection, topic, destination, activemq, > > systems, me > > dn: > > cn=admin,cn=ActiveMQ.Advisory.Connection,ou=topic,ou=destination,ou=activemq,ou=systems,o=me > > cn: admin > > member: cn=admin > > objectClass: groupOfNames > > > > >
