I'd be happy to do that. What package do you want me to put the class in? Chris
On Mon, Feb 6, 2012 at 7:51 AM, Gary Tully <gary.tu...@gmail.com> wrote: > Is that something you can/want to contribute back. Would be great if > we got a solution that worked for both. > > If you want to get that onto trunk, attach a patch to a new jira and > tick the license grant check box on file upload. > http://activemq.apache.org/contributing.html > > On 3 February 2012 21:13, Chris Robison <chrisdrobi...@gmail.com> wrote: > > I looked at that tutorial already. And you're right, works fine with > Apache > > Directory, but I have to use Active Directory. I just created a plugin > that > > inherited LDAPAuthorizationMap and changed the one method preventing what > > was currently there from working. > > > > Chris > > > > On Fri, Feb 3, 2012 at 2:48 AM, Torsten Mielke <tors...@fusesource.com > >wrote: > > > >> > Has anyone been able to use the LDAPAuthorizationMap successfully with > >> > Active Directory? > >> > >> Not with ActiveDirectory but when following the LDAP tutorial of the > >> ActiveMQ Security Guide from FuseSource, the LDAPAuthorizationMap works > >> fine against Apache Directory Server. > >> http://fusesource.com/docs/broker/5.5/security/LDAP.html > >> > >> Perhaps this tutorial can help? > >> > >> > >> Torsten Mielke > >> tors...@fusesource.com > >> tmie...@blogspot.com > >> > >> On Feb 2, 2012, at 10:13 PM, Chris Robison wrote: > >> > >> > Has anyone been able to use the LDAPAuthorizationMap successfully with > >> > Active Directory? In my investigation, I don't think it will ever > work in > >> > its current state. When looking at the code, it is making the > assumption > >> > that the value of the member attribute (or what ever attribute you are > >> > using) is always going to be in the form "{0}={1}" (a RDN). But, > >> according > >> > to the OpenLDAP spec, the member attribute value is a distinguished > name. > >> > That means values are a comma delimited list of RDNs. So, for example > I > >> > have AD groups that represent MQ roles. Here's one I use: > >> > "CN=MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". The > >> LDAPAuthorizationMap > >> > considers the name of the > >> > role "MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". Is this by > design? I > >> > would be happy to submit a patch to change this behavior. Thoughts? > >> > > >> > Chris Robison > >> > >> > >> > >> > >> > > > > -- > http://fusesource.com > http://blog.garytully.com >
