Hi,
I'm trying to get ActiveMQ to use Active Directory to authenticate our
client service accounts.
*The issue:*
What I get is it will find that service account but will not authenticate. I
first thought it was a bad password but we validated that is not the case.
*My environment:*
A local Windows 10 desktop running ActiveMQ 5.15.3 I have used this test bed
hundreds of times so I know it's not the issue.
The client is a local test app I have used in the past the AD server is over
VPN.
*Error Message:*
jvm 1 | WARN | Failed to add Connection
id=ID:1T9M5Q2-50257-1534966215221-25:1, clientId=Client1 due to {}
jvm 1 | java.lang.SecurityException: User name [svc_xxxxx] or password is
invalid.
jvm 1 | at
org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)[activemq-broker-5.15.3.jar:5.15.3]
jvm 1 | at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:68)[activemq-broker-5.15.3.jar:5.15.3]
jvm 1 | at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)[activemq-broker-5.15.3.jar:5.15.3]
jvm 1 | at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:843)[activemq-broker-5.15.3.jar:5.15.3]
jvm 1 | at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)[activemq-broker-5.15.3.jar:5.15.3]
jvm 1 | at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)[activemq-client-5.15.3.jar:5.15.3]
jvm 1 | at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:330)[activemq-broker-5.15.3.jar:5.15.3]
jvm 1 | at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:194)[activemq-broker-5.15.3.jar:5.15.3]
jvm 1 | at
org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)[activemq-client-5.15.3.jar:5.15.3]
jvm 1 | at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:125)[activemq-client-5.15.3.jar:5.15.3]
jvm 1 | at
org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:301)[activemq-client-5.15.3.jar:5.15.3]
jvm 1 | at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[activemq-client-5.15.3.jar:5.15.3]
jvm 1 | at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)[activemq-client-5.15.3.jar:5.15.3]
jvm 1 | at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)[activemq-client-5.15.3.jar:5.15.3]
jvm 1 | at java.lang.Thread.run(Unknown Source)[:1.8.0_181]
*My ActiveMQ Setup:*
<broker xmlns="http://activemq.apache.org/schema/core";
brokerName="localhost" dataDirectory="${activemq.data}">
<plugins>
<jaasAuthenticationPlugin configuration="LDAPLogin" />
</plugins>
…
</broker>
LDAPLogin {
org.apache.activemq.jaas.LDAPLoginModule required
debug=true
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://abc.local:389";
connectionUsername="CN=ABC Service Account,OU=Service
Accounts,DC=abc,DC=local"
connectionPassword="XXXXXXXX"
connectionProtocol=s
authentication=simple
userBase="OU=Service Accounts,DC=abc,DC=local"
userSearchMatching="(sAMAccountName={0})"
userSearchSubtree=true
;
};
Note: I have tried :
userSearchMatching="(sAMAccountName={0})"
userSearchMatching="(cn={0})"
userSearchMatching="(cn={1})"
No luck
Thanks for helping.
Mike
--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
