Submitted the patch to https://issues.apache.org/jira/browse/AMQ-3701
Chris On Mon, Feb 6, 2012 at 8:55 AM, Chris Robison <chrisdrobi...@gmail.com>wrote: > I'd be happy to do that. What package do you want me to put the class in? > > Chris > > > On Mon, Feb 6, 2012 at 7:51 AM, Gary Tully <gary.tu...@gmail.com> wrote: > >> Is that something you can/want to contribute back. Would be great if >> we got a solution that worked for both. >> >> If you want to get that onto trunk, attach a patch to a new jira and >> tick the license grant check box on file upload. >> http://activemq.apache.org/contributing.html >> >> On 3 February 2012 21:13, Chris Robison <chrisdrobi...@gmail.com> wrote: >> > I looked at that tutorial already. And you're right, works fine with >> Apache >> > Directory, but I have to use Active Directory. I just created a plugin >> that >> > inherited LDAPAuthorizationMap and changed the one method preventing >> what >> > was currently there from working. >> > >> > Chris >> > >> > On Fri, Feb 3, 2012 at 2:48 AM, Torsten Mielke <tors...@fusesource.com >> >wrote: >> > >> >> > Has anyone been able to use the LDAPAuthorizationMap successfully >> with >> >> > Active Directory? >> >> >> >> Not with ActiveDirectory but when following the LDAP tutorial of the >> >> ActiveMQ Security Guide from FuseSource, the LDAPAuthorizationMap works >> >> fine against Apache Directory Server. >> >> http://fusesource.com/docs/broker/5.5/security/LDAP.html >> >> >> >> Perhaps this tutorial can help? >> >> >> >> >> >> Torsten Mielke >> >> tors...@fusesource.com >> >> tmie...@blogspot.com >> >> >> >> On Feb 2, 2012, at 10:13 PM, Chris Robison wrote: >> >> >> >> > Has anyone been able to use the LDAPAuthorizationMap successfully >> with >> >> > Active Directory? In my investigation, I don't think it will ever >> work in >> >> > its current state. When looking at the code, it is making the >> assumption >> >> > that the value of the member attribute (or what ever attribute you >> are >> >> > using) is always going to be in the form "{0}={1}" (a RDN). But, >> >> according >> >> > to the OpenLDAP spec, the member attribute value is a distinguished >> name. >> >> > That means values are a comma delimited list of RDNs. So, for >> example I >> >> > have AD groups that represent MQ roles. Here's one I use: >> >> > "CN=MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". The >> >> LDAPAuthorizationMap >> >> > considers the name of the >> >> > role "MQUser,OU=Groups,OU=ActiveMQ,DC=cdr,DC=corp". Is this by >> design? I >> >> > would be happy to submit a patch to change this behavior. Thoughts? >> >> > >> >> > Chris Robison >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> http://fusesource.com >> http://blog.garytully.com >> > >
