Hi, there are some improvements in that area on the trunk (and will be available in the next fuse release). Please take a look at
https://issues.apache.org/jira/browse/AMQ-3845 Regards -- Dejan Bosanac Senior Software Engineer | FuseSource Corp. dej...@fusesource.com | fusesource.com skype: dejan.bosanac | twitter: @dejanb blog: http://www.nighttale.net ActiveMQ in Action: http://www.manning.com/snyder/ On Thu, Jun 21, 2012 at 6:56 PM, Christopher Wood <christopher_w...@pobox.com> wrote: > I upgraded our lab ActiveMQ to 5.6.0 and am using the cached ldap auth > module. I appear to be having a problem where at times ActiveMQ loses its > authorization data cache and does not refresh this from ldap. Is there any > way of forcing a retry if it has a connection issue, or otherwise further > diagnosing what is happening? > > Details: > > Three times now (solved by an ActiveMQ restart) I have started seeing these > errors in the log (but for all queues that they are trying to access): > > 2012-06-21 11:57:31,538 | DEBUG | Error occured while processing sync > command: ConsumerInfo {commandId = 28936, responseRequired = true, consumerId > = ID:myhost-53793-1340295272790-0:6:-1:1, destination = > ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic, prefetchSize = 0, > maximumPendingMessageLimit = 0, browser = false, dispatchAsync = false, > selector = null, subscriptionName = null, noLocal = true, exclusive = false, > retroactive = false, priority = 0, brokerPath = null, optimizedAcknowledge = > false, noRangeAcks = false, additionalPredicate = null}, exception: > java.lang.SecurityException: User vm5a is not authorized to read from: > ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic | > org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport: > tcp:///10.201.147.250:51236 > java.lang.SecurityException: User vm5a is not authorized to read from: > ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic > > Per our developers, they are seeing: > > 12:16:53,926 WARN DefaultMessageListenerContainer:822 - Setup of JMS message > listener invoker failed for destination 'queue://vm5.queuename' - trying to > recover. Cause: User vm5a is not authorized to read from: > ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic > > I ran some tcpdumps. While this is in the logs, I do not see any ldap > searches attempting to update the authorization info. Just after a restart, I > do see intermittent searches for the entries under > ou=destination,ou=activemq,ou=systems,o=me. > > My plugin info: > > <authorizationPlugin> > <map> > <cachedLDAPAuthorizationMap > connectionURL="ldap://ldap-lab.me:389"; > connectionUsername="cn=mqbroker,ou=services,o=me" > connectionPassword="password" > baseDn="ou=systems,o=me" > refreshInterval="5000" > /> > </map> > </authorizationPlugin>
