Hello Artemis Devs, I originally opened a ticket with the users mailing list to discuss the following issue: https://lists.apache.org/thread/6ptmpln9wfysv07v3ncdxkd2c99glh9t
TL:DR: a user is attempting to mask their password in login.config and when they attempt to authenticate against LDAP, they get an authentication error. We’ve reviewed the idea that they could be using a password with unsupported characters and spaces, but we’re attempting to explore other options as well. Artemis is logging the following error: 2022-07-19 11:26:08,144 ERROR [org.apache.activemq.artemis.core.server] AMQ224084: Failed to open context: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563�] Aside from the special characters and spaces theory, is there any other known restriction to masking passwords that might not be obvious or well documented? They have tested the password in plaintext so it does work that way, it’s just the masking of it that does not work. If it matters at all, the user is using pre-built container images for artemis that run on Debian 10 and Java 11. We’re attempting to get debug logs for org.apache.activemq.artemis.spi.core.security.jaas from the user, and we’ve also sent them our own working example main.java file to demonstrate to them how password masking “should” work. The purpose of this was to make sure the password is hardcoded in the main.java file and matches the output of a java code snippet. We are also attempting to verify if they’re implementing TLS over LDAP as well to see if that’s adding any overhead complications. Any additional insight is greatly appreciated. Thanks! This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.
