Hi Fabrice, Here's the steps to use LDAP for the ActiveMQ WebConsole (on ActiveMQ 5.x):
1. You have to add jetty-jaas jar in the lib/web folder, using the same version as the Jetty artifacts already there (for instance https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-jaas/9.4.19.v20190610/jetty-jaas-9.4.19.v20190610.jar ) 2. You update conf/login.config to set "jetty" with LDAP login module: jetty { org.eclipse.jetty.jaas.spi.LdapLoginModule required debug="true" contextFactory="com.sun.jndi.ldap.LdapCtxFactory" hostname="localhost" port="10389" bindDn="uid=admin,ou=system" bindPassword="secret" authenticationMethod="simple" forceBindingLogin="true" userBaseDn="ou=users,dc=example,dc=com" userRdnAttribute="uid" userIdAttribute="uid" userPasswordAttribute="userPassword" userObjectClass="inetOrgPerson" roleBaseDn="ou=groups,dc=example,dc=com" roleNameAttribute="cn" roleMemberAttribute="member" roleObjectClass="groupOfNames"; }; This example is a simple test I did using Apache DS locally on my machine. 3. In the conf/jetty.xml, I did a couple of minor updates in the security handler: .... <bean id="securityLoginService" class="org.eclipse.jetty.jaas.JAASLoginService"> <property name="name" value="LDAP" /> <property name="loginModuleName" value="jetty" /> </bean> .... <bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler"> <property name="loginService" ref="securityLoginService" /> <property name="realmName" value="jetty" /> <property name="authenticator"> <bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator" /> </property> <property name="constraintMappings"> <list> <ref bean="adminSecurityConstraintMapping" /> <ref bean="securityConstraintMapping" /> </list> </property> <property name="handler" ref="secHandlerCollection" /> </bean> ... 4. (Optional) You can add some logger in conf/log4j.properties: log4j.logger.org.eclipse.jetty=INFO log4j.logger.org.eclipse.jetty.jaas=DEBUG With that, you should see something like that in the activemq.log: INFO | Attempting authentication: uid=jbonofre,ou=users,dc=example,dc=com Please let me know if you need more help with this. Regards JB On Tue, Nov 14, 2023 at 7:25 PM HOUNGBE, Fabrice (MTL) <fabrice.houn...@bdc.ca.invalid> wrote: > Hi folks, > > Does anyone implement web console access integration with Ldap for > ActiveMQ classic edition ? > > I know that the web console configuration is offered using jetty but Im > having hard time updating jetty.xml to be able to integrate the web console > access with Ldap. > > Any help will be really appreciated. > > Thks > > > > *Fabrice Houngbe* > Spécialiste, Technologies | Technology Specialist > *T *514-807-6916 *C *438-686-4037 > > > <http://www.bdc.ca/FR/Pages/accueil.aspx?utm_campaign=signature&utm_medium=email&utm_source=signature> > > *bdc.ca > <http://www.bdc.ca/FR/Pages/accueil.aspx?utm_campaign=signature&utm_medium=email&utm_source=signature>* > > > > <http://www.bdc.ca/facebook> <http://www.bdc.ca/twitter> > <http://www.bdc.ca/linkedin> <http://www.bdc.ca/youtube> > <https://www.instagram.com/bdc_ca/> > > > > *Information confidentielle :* Le présent message, ainsi que tout fichier > qui y est joint, est (sont) envoyé(s) à l'intention exclusive de son ou > (ses) destinataire(s); il est de nature confidentielle et peut faire > l'objet d'une information privilégiée. Nous avisons toute personne autre > que le destinataire prévu que tout examen, réacheminement, impression, > copie, distribution ou toute autre utilisation de ce message et tout > document joint est (sont) strictement interdit(s). Si vous n'êtes pas le > destinataire prévu, veuillez en aviser immédiatement l'expéditeur par > retour de courriel et supprimer ce message et tout document joint de votre > système. Merci! > Gérez vos abonnements aux communications de BDC. > <https://www.bdc.ca/fr/articles-outils/boite-outils-entrepreneur/publications/formulaire-abonnement?utm_medium=email&utm_source=signature&utm_campaign=email-footer-disclaimer_fr> > (Veuillez noter que vous continuerez de recevoir les messages > électroniques non commerciaux nécessaires à votre relation d’affaires avec > BDC.) > > *Confidentiality Warning:* This message and any attachments are intended > only for the use of the intended recipient(s), are confidential, and may be > privileged. If you are not the intended recipient, you are hereby notified > that any review, retransmission, conversion to hard copy, copying, > circulation or other use of this message and any attachments is strictly > prohibited. If you are not the intended recipient, please notify the sender > immediately by return email, and delete this message and any attachments > from your system. Thank you! > Manage your subscriptions to BDC messages. > <https://www.bdc.ca/en/articles-tools/entrepreneur-toolkit/publications/subscribe?utm_medium=email&utm_source=signature&utm_campaign=email-footer-disclaimer_en> > (Please note that you will continue to receive non-commercial electronic > messages necessary for your business relationship with BDC.) > >
