I read through the link and several other Apache ideas and none of these appear to address the issue.
I am using JAAS LDAP Authentication and that works, once the user is authenticated using the JAAS Plug in their authorizations are then set/provided via the following: <plugins> <jaasAuthenticationPlugin configuration="ldap"/> <runtimeConfigurationPlugin checkPeriod="10000"/> <statisticsBrokerPlugin/> <authorizationPlugin> <map> <authorizationMap> <authorizationEntries> <authorizationEntry queue="queue_1" read="ldap_user" write="ldap_user" admin="ActiveMQ_Admins"/> </authorizationEntries> </authorizationMap> </map </authorizationPlugin> </plugins> I do not want to use LDAP for my authorizations, just my authentication. I am not able to find anything in the links that discussed JAAS Authentication LDAP caching or adjusting objectClass=* option. Jason ________________________________ From: Matt Pavlovich <mattr...@gmail.com> Sent: Wednesday, September 25, 2024 6:06 PM To: users@activemq.apache.org <users@activemq.apache.org> Subject: Re: ActiveMQ LDAP Query objectClass Issue CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Also— this document shows how to limit the queries and get rid of objectClass=* style queries: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Factivemq.apache.org%2Fcomponents%2Fclassic%2Fdocumentation%2Fsecurity&data=05%7C02%7Cjason.jackson%40itechag.com%7C855c9eb82fd946a0ad3808dcddae6114%7C07e5f1b9902a4d9f974c04601319bfec%7C0%7C0%7C638628988620551604%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=mWOLflny8MfMxssqqmszmP8tyco458dlrAWdjmXDypM%3D&reserved=0<https://activemq.apache.org/components/classic/documentation/security> Thanks, Matt Pavlovich > On Sep 25, 2024, at 5:01 PM, Matt Pavlovich <mattr...@gmail.com> wrote: > > Hi Jason- > > Sounds like you have some misconfiguration — either clients are connecting > and sending one-message-per-connection, and/or you should add LDAP Connection > Pooling settings. > > Thanks, > Matt Pavlovich > >> On Sep 25, 2024, at 3:45 PM, Jason Jackson >> <jason.jack...@itechag.com.INVALID> wrote: >> >> I have ActiveMQ classic configured to use LDAP for permissions and >> authorizations. >> >> Our LDAP server is being flooded with numerous LDAP queries and it is >> consuming all of the resources. >> >> I have added the following entries to my login.config file and none of these >> appear to have helped >> >> storePass="true" >> tryFirstPass="true" >> cachDurationMillis="1000000" >> >> userObjectClass="inetOrgPerson" >> roleObjectClass="groupOfUniqueNames" >> >> With all of the entries/settings our LDAP logs are showing a ton of entries >> with the following search string >> >> objectClass=* >> >> Does anyone have any suggestions of a setting that should be implemented to >> prevent the numerous calls being made to LDAP? >> >> >> Jason >> >> >> >
