Is that something you can/want to contribute back. Would be great if we got a solution that worked for both.
If you want to get that onto trunk, attach a patch to a new jira and tick the license grant check box on file upload. http://activemq.apache.org/contributing.html On 3 February 2012 21:13, Chris Robison <chrisdrobi...@gmail.com> wrote: > I looked at that tutorial already. And you're right, works fine with Apache > Directory, but I have to use Active Directory. I just created a plugin that > inherited LDAPAuthorizationMap and changed the one method preventing what > was currently there from working. > > Chris > > On Fri, Feb 3, 2012 at 2:48 AM, Torsten Mielke <tors...@fusesource.com>wrote: > >> > Has anyone been able to use the LDAPAuthorizationMap successfully with >> > Active Directory? >> >> Not with ActiveDirectory but when following the LDAP tutorial of the >> ActiveMQ Security Guide from FuseSource, the LDAPAuthorizationMap works >> fine against Apache Directory Server. >> http://fusesource.com/docs/broker/5.5/security/LDAP.html >> >> Perhaps this tutorial can help? >> >> >> Torsten Mielke >> tors...@fusesource.com >> tmie...@blogspot.com >> >> On Feb 2, 2012, at 10:13 PM, Chris Robison wrote: >> >> > Has anyone been able to use the LDAPAuthorizationMap successfully with >> > Active Directory? In my investigation, I don't think it will ever work in >> > its current state. When looking at the code, it is making the assumption >> > that the value of the member attribute (or what ever attribute you are >> > using) is always going to be in the form "{0}={1}" (a RDN). But, >> according >> > to the OpenLDAP spec, the member attribute value is a distinguished name. >> > That means values are a comma delimited list of RDNs. So, for example I >> > have AD groups that represent MQ roles. Here's one I use: >> > "CN=MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". The >> LDAPAuthorizationMap >> > considers the name of the >> > role "MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". Is this by design? I >> > would be happy to submit a patch to change this behavior. Thoughts? >> > >> > Chris Robison >> >> >> >> >> -- http://fusesource.com http://blog.garytully.com
