Thank you for this information, I will read the link and see if this helps.
Jason ________________________________ From: Matt Pavlovich <mattr...@gmail.com> Sent: Wednesday, September 25, 2024 6:06 PM To: users@activemq.apache.org <users@activemq.apache.org> Subject: Re: ActiveMQ LDAP Query objectClass Issue CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Also— this document shows how to limit the queries and get rid of objectClass=* style queries: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Factivemq.apache.org%2Fcomponents%2Fclassic%2Fdocumentation%2Fsecurity&data=05%7C02%7Cjason.jackson%40itechag.com%7C855c9eb82fd946a0ad3808dcddae6114%7C07e5f1b9902a4d9f974c04601319bfec%7C0%7C0%7C638628988620551604%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=mWOLflny8MfMxssqqmszmP8tyco458dlrAWdjmXDypM%3D&reserved=0<https://activemq.apache.org/components/classic/documentation/security> Thanks, Matt Pavlovich > On Sep 25, 2024, at 5:01 PM, Matt Pavlovich <mattr...@gmail.com> wrote: > > Hi Jason- > > Sounds like you have some misconfiguration — either clients are connecting > and sending one-message-per-connection, and/or you should add LDAP Connection > Pooling settings. > > Thanks, > Matt Pavlovich > >> On Sep 25, 2024, at 3:45 PM, Jason Jackson >> <jason.jack...@itechag.com.INVALID> wrote: >> >> I have ActiveMQ classic configured to use LDAP for permissions and >> authorizations. >> >> Our LDAP server is being flooded with numerous LDAP queries and it is >> consuming all of the resources. >> >> I have added the following entries to my login.config file and none of these >> appear to have helped >> >> storePass="true" >> tryFirstPass="true" >> cachDurationMillis="1000000" >> >> userObjectClass="inetOrgPerson" >> roleObjectClass="groupOfUniqueNames" >> >> With all of the entries/settings our LDAP logs are showing a ton of entries >> with the following search string >> >> objectClass=* >> >> Does anyone have any suggestions of a setting that should be implemented to >> prevent the numerous calls being made to LDAP? >> >> >> Jason >> >> >> >
