> Has anyone been able to use the LDAPAuthorizationMap successfully with > Active Directory?
Not with ActiveDirectory but when following the LDAP tutorial of the ActiveMQ Security Guide from FuseSource, the LDAPAuthorizationMap works fine against Apache Directory Server. http://fusesource.com/docs/broker/5.5/security/LDAP.html Perhaps this tutorial can help? Torsten Mielke tors...@fusesource.com tmie...@blogspot.com On Feb 2, 2012, at 10:13 PM, Chris Robison wrote: > Has anyone been able to use the LDAPAuthorizationMap successfully with > Active Directory? In my investigation, I don't think it will ever work in > its current state. When looking at the code, it is making the assumption > that the value of the member attribute (or what ever attribute you are > using) is always going to be in the form "{0}={1}" (a RDN). But, according > to the OpenLDAP spec, the member attribute value is a distinguished name. > That means values are a comma delimited list of RDNs. So, for example I > have AD groups that represent MQ roles. Here's one I use: > "CN=MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". The LDAPAuthorizationMap > considers the name of the > role "MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". Is this by design? I > would be happy to submit a patch to change this behavior. Thoughts? > > Chris Robison
