Re: ActiveMQ LDAP Authorization Issue

[Torsten Mielke]

Hello,

Not sure about your actual problem but the FuseSource Security Guide for 
ActiveMQ has a good tutorial for configuring LDAP based authentication and 
authorization. Perhaps this can help you? 
http://fusesource.com/docs/broker/5.5/security/LDAP.html


Perhaps this blog post is also of interest to you:
http://tmielke.blogspot.co.uk/2011/12/activemq-ldap-based-authentication-and.html

Regards,

Torsten Mielke
tors...@fusesource.com
tmielke.blogspot.com



On Dec 5, 2012, at 1:22 PM, joesan wrote:

> Guys,
> 
> I have an LDAP configuration where I have 3 users namely admin, publisher,
> consumer and I have 3 groups namely admins, consumers, publishers and I have
> 3 users namely admin, user1, user2.
> 
> I also have my destinations configured. When I try to connect to my ActiveMQ
> server, I get the following error:
> 
> *Caused by: java.lang.SecurityException: User user1 is not authorized to
> create: topic://ActiveMQ.Advisory.Connection
>       at
> org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:76)
>       at
> org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151)
>       at
> org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:481)
>       at
> org.apache.activemq.broker.jmx.ManagedRegionBroker.send(ManagedRegionBroker.java:311)
>       at
> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:551)
>       at
> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:482)
>       at
> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:477)
>       at
> org.apache.activemq.advisory.AdvisoryBroker.addConnection(AdvisoryBroker.java:86)
>       at
> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
>       at
> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
>       at
> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
>       at
> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:90)
>       at
> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
>       at
> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:91)
>       at
> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:712)
>       at
> org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:80)
>       at
> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)
>       at
> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:294)
>       at
> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:152)
>       at
> org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)
>       at
> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
>       at
> org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:256)
>       at
> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
>       at
> org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:91)
>       at
> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:222)
>       at
> org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:204)
>       at java.lang.Thread.run(Unknown Source)*
> 
> I even have the ActiveMQ.Advisory.Connection Topic configured in my LDAP
> tree as below:
> 
> *objectClass: top
> objectClass: groupOfNames
> cn: write
> member: cn=admins
> member: cn=publishers
> member: cn=consumers*
> 
> Could you please help me as to why I get the security exception? Any ideas?
> 
> 
> 
> --
> View this message in context: 
> http://activemq.2283324.n4.nabble.com/ActiveMQ-LDAP-Authorization-Issue-tp4660204.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.