[
https://issues.apache.org/jira/browse/QPID-2541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12866562#action_12866562
]
Andrew Kennedy commented on QPID-2541:
--------------------------------------
Understood, and this is what I would like - If we are going to use LDAP, it
would be for both authentication and group membership. Having groups defined
and included in only the ACL file parser was what I was wanting to change. This
could easily fit in with the existing authentication mechanisms, and that is
probably the best place for it, yes. The notion of separate user and group
mechanisms was meant to describe the current situation, and obviously it makes
no sense to have a group file delivering the groups when authentication is done
via active directory, say.
I believe there is a need for this when external authentication mechanisms are
used for precisely the reason above - it is a possible security issue!
The external group file mechanism is meant to work in combination with the
current external password file, decoupling groups from ACLs.
Hope that explains things better,
Andrew.
> Separate Group an ACL configuration and make group sources pluggable
> --------------------------------------------------------------------
>
> Key: QPID-2541
> URL: https://issues.apache.org/jira/browse/QPID-2541
> Project: Qpid
> Issue Type: Sub-task
> Components: Java Broker
> Reporter: Andrew Kennedy
> Fix For: 0.7
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
