periodic 5.6.0 ldap permission issues, solved by restart?

Thu, 21 Jun 2012 09:56:58 -0700 

I upgraded our lab ActiveMQ to 5.6.0 and am using the cached ldap auth module. 
I appear to be having a problem where at times ActiveMQ loses its authorization 
data cache and does not refresh this from ldap. Is there any way of forcing a 
retry if it has a connection issue, or otherwise further diagnosing what is 
happening?

Details:

Three times now (solved by an ActiveMQ restart) I have started seeing these 
errors in the log (but for all queues that they are trying to access):

2012-06-21 11:57:31,538 | DEBUG | Error occured while processing sync command: 
ConsumerInfo {commandId = 28936, responseRequired = true, consumerId = 
ID:myhost-53793-1340295272790-0:6:-1:1, destination = 
ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic, prefetchSize = 0, 
maximumPendingMessageLimit = 0, browser = false, dispatchAsync = false, 
selector = null, subscriptionName = null, noLocal = true, exclusive = false, 
retroactive = false, priority = 0, brokerPath = null, optimizedAcknowledge = 
false, noRangeAcks = false, additionalPredicate = null}, exception: 
java.lang.SecurityException: User vm5a is not authorized to read from: 
ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic | 
org.apache.activemq.broker.TransportConnection.Service | ActiveMQ Transport: 
tcp:///10.201.147.250:51236 
java.lang.SecurityException: User vm5a is not authorized to read from: 
ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic

Per our developers, they are seeing:

12:16:53,926  WARN DefaultMessageListenerContainer:822 - Setup of JMS message 
listener invoker failed for destination 'queue://vm5.queuename' - trying to 
recover. Cause: User vm5a is not authorized to read from: 
ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic

I ran some tcpdumps. While this is in the logs, I do not see any ldap searches 
attempting to update the authorization info. Just after a restart, I do see 
intermittent searches for the entries under 
ou=destination,ou=activemq,ou=systems,o=me.

My plugin info:

<authorizationPlugin>
  <map>
    <cachedLDAPAuthorizationMap
         connectionURL="ldap://ldap-lab.me:389";
         connectionUsername="cn=mqbroker,ou=services,o=me"
         connectionPassword="password"
         baseDn="ou=systems,o=me"
         refreshInterval="5000"
     />
  </map>
</authorizationPlugin>

Reply via email to