Hi Ravindu- The ActiveMQ web console uses a separate JAAS realm in 5.x — you will need to modify the conf/jetty.xml and related realm files used by Jetty. (Jetty is the sub-component that provides the http:// services in ActiveMQ)
Thanks, Matt > On Dec 4, 2024, at 4:13 AM, Ravindu Wanasinghe > <ravindu.wanasin...@chakray.com> wrote: > > HI Matt, > > We need to use this sldap authentication when logging to the activemq > console(GUI) from a browser. Could you please guide us which > files/configurations are used for the authentication in activemq console. > > Regards, > Ravindu. > > On Wed, 4 Dec 2024 at 04:14, Matt Pavlovich <mattr...@gmail.com > <mailto:mattr...@gmail.com>> wrote: >> Hi Ravindu- >> >> What is the exception message in the log? >> >> Note: LDAP/LDAPS support is provided by the Java JDK and not any additional >> 3rd party dependencies. >> >> Thanks, >> Matt >> >>> On Dec 3, 2024, at 8:50 AM, Ravindu Wanasinghe >>> <ravindu.wanasin...@chakray.com <mailto:ravindu.wanasin...@chakray.com>> >>> wrote: >>> >>> +MIT.MS <mailto:mit...@chakray.com> >>> >>> Hi justin, >>> >>> Thank you for your response. I have already updated the configuration in >>> conf/login.config as per your suggestion. I changed the connectionURL >>> parameter from: >>> >>> ldap://host:389 >>> >>> to: >>> >>> ldaps://host:636 >>> >>> However, this modification did not resolve the issue. Could there be other >>> configurations or dependencies I might need to check to ensure successful >>> communication over LDAPS? Any further guidance or troubleshooting steps >>> would be greatly appreciated. >>> >>> Thanks, >>> Ravindu. >>> >>> >>> >>> On Mon, 2 Dec 2024 at 23:53, Justin Bertram <jbert...@apache.org >>> <mailto:jbert...@apache.org>> wrote: >>>> > We are using LDAP for login to Active MQ. >>>> >>>> I assume that you're talking about authentication. In that case, the >>>> configuration for the LDAPLoginModule will be located in conf/login.config. >>>> It uses com.sun.jndi.ldap.LdapCtxFactory from the JDK to communicate with >>>> LDAP. I believe you simply need to change the value of the "connectionURL" >>>> parameter. Currently you're likely using something like: >>>> >>>> ldap://host:389 >>>> >>>> You can change that to something like this: >>>> >>>> ldaps://host:636 >>>> >>>> Further reading is here [1]. >>>> >>>> >>>> Justin >>>> >>>> [1] https://docs.oracle.com/javase/jndi/tutorial/ldap/misc/url.html >>>> >>>> On Mon, Dec 2, 2024 at 9:37 AM Ravindu Wanasinghe < >>>> ravindu.wanasin...@chakray.com <mailto:ravindu.wanasin...@chakray.com>> >>>> wrote: >>>> >>>> > +MIT.MS <http://mit.ms/> <mit...@chakray.com <mailto:mit...@chakray.com>> >>>> > >>>> > We are using LDAP for login to Active MQ. >>>> > >>>> > We have removed the existing LDAP configuration, and now we need to set >>>> > up >>>> > secure LDAP. >>>> > >>>> > Thanks, >>>> > Ravindu. >>>> > >>>> > >>>> > >>>> > On Mon, 2 Dec 2024 at 19:58, Justin Bertram <jbert...@apache.org >>>> > <mailto:jbert...@apache.org>> wrote: >>>> > >>>> > > By "Secure LDAP" do you mean LDAP over SSL? >>>> > > >>>> > > In what specific way do you want to "configure Secure LDAP for >>>> > > ActiveMQ"? >>>> > > LDAP typically holds name & role information for users who are >>>> > > connecting >>>> > > to the broker. The broker can integrate with LDAP to either >>>> > > authenticate >>>> > or >>>> > > authorize these users (or both). Do you want to configure either one of >>>> > > these functions? If so, which one? Please clarify. >>>> > > >>>> > > >>>> > > Justin >>>> > > >>>> > > On Mon, Dec 2, 2024 at 8:18 AM Ravindu Wanasinghe < >>>> > > ravindu.wanasin...@chakray.com >>>> > > <mailto:ravindu.wanasin...@chakray.com>> wrote: >>>> > > >>>> > > > Hi Justin, >>>> > > > >>>> > > > No, I want to configure Secure LDAP for ActiveMQ . >>>> > > > >>>> > > > Thanks, >>>> > > > Ravindu. >>>> > > > >>>> > > > On Mon, 2 Dec 2024 at 19:44, Justin Bertram <jbert...@apache.org >>>> > > > <mailto:jbert...@apache.org>> >>>> > wrote: >>>> > > > >>>> > > > > By "SLDAP" are you referring to LDAP over SSL? >>>> > > > > >>>> > > > > Are you wanting to configure authentication or authorization or >>>> > > > > both? >>>> > > > > >>>> > > > > >>>> > > > > Justin >>>> > > > > >>>> > > > > On Mon, Dec 2, 2024 at 2:42 AM Ravindu Wanasinghe < >>>> > > > > ravindu.wanasin...@chakray.com >>>> > > > > <mailto:ravindu.wanasin...@chakray.com>> wrote: >>>> > > > > >>>> > > > > > Hi Justin, >>>> > > > > > >>>> > > > > > We are using Classic ActiveMQ. >>>> > > > > > >>>> > > > > > Regards, >>>> > > > > > Ravindu Wanasinghe. >>>> > > > > > >>>> > > > > > On Wed, 27 Nov 2024 at 21:15, Justin Bertram >>>> > > > > > <jbert...@apache.org <mailto:jbert...@apache.org>> >>>> > > > > wrote: >>>> > > > > > >>>> > > > > > > Which ActiveMQ broker are you asking about? Classic or Artemis? >>>> > > > > > > >>>> > > > > > > >>>> > > > > > > Justin >>>> > > > > > > >>>> > > > > > > >>>> > > > > > > On Wed, Nov 27, 2024 at 5:12 AM Ravindu Wanasinghe < >>>> > > > > > > ravindu.wanasin...@chakray.com >>>> > > > > > > <mailto:ravindu.wanasin...@chakray.com>> wrote: >>>> > > > > > > >>>> > > > > > > > Hi Team, >>>> > > > > > > > >>>> > > > > > > > Requesting s support for config SLDAP for the ActiveMQ, >>>> > > > > > > > >>>> > > > > > > > 1.Is there a possibility to config SLDAP for the Activemq ? >>>> > > > > > > > 2.If yes, please send us a document or resources for >>>> > > > > > > > reference. >>>> > > > > > > > >>>> > > > > > > > Highly appreciate your support for this. >>>> > > > > > > > >>>> > > > > > > > Thanks, >>>> > > > > > > > Ravindu >>>> > > > > > > > >>>> > > > > > > > On Wed, 27 Nov 2024 at 16:28, Ravindu Wanasinghe < >>>> > > > > > > > ravindu.wanasin...@chakray.com >>>> > > > > > > > <mailto:ravindu.wanasin...@chakray.com>> wrote: >>>> > > > > > > > >>>> > > > > > > > > Hi Team, >>>> > > > > > > > > >>>> > > > > > > > > Requesting s support for config SLDAP for the ActiveMQ, >>>> > > > > > > > > >>>> > > > > > > > > 1.Is there a possibility to config SLDAP for the Activemq ? >>>> > > > > > > > > 2.If yes, please send us a document or resources for >>>> > reference. >>>> > > > > > > > > >>>> > > > > > > > > Highly appreciate your support for this. >>>> > > > > > > > > >>>> > > > > > > > > Thanks, >>>> > > > > > > > > Ravindu >>>> > > > > > > > > >>>> > > > > > > > >>>> > > > > > > >>>> > > > > > >>>> > > > > >>>> > > > >>>> > > >>>> > >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@activemq.apache.org >>> <mailto:users-unsubscr...@activemq.apache.org> >>> For additional commands, e-mail: users-h...@activemq.apache.org >>> <mailto:users-h...@activemq.apache.org> >>> For further information, visit: https://activemq.apache.org/contact >>
