Emmanuel, Given that it's a bug, are you going to fill a jira although there is a workaround?
Le lun. 15 nov. 2021 à 21:30, Meissa Sakho <[email protected]> a écrit : > I've tried your hint and it works. > The question is: Why do we have such regression? > In the older version, it worked as defined in my first post and as > described in this article > https://developers.redhat.com/blog/2018/09/21/setup-ldap-auth-amq-console# > > Le lun. 15 nov. 2021 à 17:52, Emmanuel Lécharny <[email protected]> a > écrit : > >> Hi Meissa, >> >> I can confirm this is a buig the the Apache Directory server. the >> comparison of the RDN does not work properly when providing a RDN like >> "cn=Meissa Sakho+uid=msakho". >> >> The added entry has this normalized DN: >> >> 0.9.2342.19200300.100.1.1= msakho +2.5.4.3= meissa sakho >> ,0.9.2342.19200300.100.1.25= example ,0.9.2342.19200300.100.1.25= com >> >> while the Bind dn is normalized this way : >> >> 2.5.4.3= meissa sakho +0.9.2342.19200300.100.1.1= msakho >> ,0.9.2342.19200300.100.1.25= example ,0.9.2342.19200300.100.1.25= com >> >> As you can see, the two values are inverted (cn+uid in one case, and >> uid+cn in the other case). That should not be the case. >> >> This is the rreason why it fails. >> >> Funny enough, would you try to login using "uid=msakho+cn=Meissa >> SAKHO,ou=users,dc=example,dc=com", it would work... >> >> On 15/11/2021 05:16, Emmanuel Lécharny wrote: >> > Hi, >> > >> > Still, the first LDAP entry (with cn: meissa sakho) should work, as CN >> > is case insensitive. >> > >> > I'll investigate. >> > >> > Thanks for the inffo ! >> > >> > On 14/11/2021 18:57, Meissa Sakho wrote: >> >> I'm using the latest version: >> >> >> >> Version: 2.0.0.v20210717-M17 >> >> >> >> I was able to make it work by changing this section: >> >> >> >> *dn: cn=Meissa SAKHO+uid=msakho,ou=Users,dc=example,dc=com >> >> objectClass: organizationalPerson >> >> objectClass: person >> >> objectClass: inetOrgPerson >> >> objectClass: top >> >> cn: meissa sakho >> >> sn: sakho >> >> title: cn=Administrator,ou=Groups,dc=example,dc=com >> >> uid: msakho >> >> userpassword: meissa* >> >> >> >> * >> >> * >> >> >> >> *with this section:* >> >> >> >> dn: cn=Meissa SAKHO,ou=Users,dc=example,dc=com >> >> objectclass: person >> >> objectclass: organizationalPerson >> >> objectclass: inetOrgPerson >> >> objectclass: top >> >> cn: Meissa SAKHO >> >> description: Capt. Meissa SAKHO, R.N >> >> givenname: Meissa >> >> sn: Sakho >> >> uid: msakho >> >> mail: [email protected] <mailto:[email protected]> >> >> userpassword: meissa* >> >> * >> >> >> >> >> >> The difference between the two is in the cn. >> >> >> >> The first version worked once. I've borrowed it from this article[1] >> >> written by one of my colleagues. >> >> >> >> It seems like there are some differences. >> >> >> >> >> >> [1]= >> https://developers.redhat.com/blog/2018/09/21/setup-ldap-auth-amq-console# >> >> < >> https://developers.redhat.com/blog/2018/09/21/setup-ldap-auth-amq-console#> >> >> >> >> >> >> >> >> >> >> >> >> >> Le sam. 13 nov. 2021 à 19:51, Emmanuel Lécharny <[email protected] >> >> <mailto:[email protected]>> a écrit : >> >> >> >> Thanks. >> >> >> >> Will do a test with the data you've provided. >> >> >> >> Which is the LDAP DS version you are using ? >> >> >> >> On 12/11/2021 08:55, Meissa Sakho wrote: >> >> > Hi Emmanuel, >> >> > below is the complete ldif and in bold the corresponding user >> >> whose >> >> > password (uid=msakho, password=meissa) is in clear: >> >> > version: 1 >> >> > >> >> > dn: dc=example,dc=com >> >> > objectclass: top >> >> > objectclass: domain >> >> > dc: example >> >> > >> >> > dn: ou=Groups,dc=example,dc=com >> >> > objectClass: organizationalUnit >> >> > objectClass: top >> >> > ou: Groups >> >> > >> >> > >> >> > dn: ou=Users,dc=example,dc=com >> >> > objectClass: organizationalUnit >> >> > objectClass: top >> >> > ou: Users >> >> > >> >> > >> >> > dn: cn=Administrator,ou=Groups,dc=example,dc=com >> >> > objectClass: groupOfNames >> >> > objectClass: top >> >> > cn: Administrator >> >> > member: cn=John+sn=Doe+uid=jdoe,ou=Users,dc=example,dc=com >> >> > member: cn=Elvadas NONO,ou=Users,dc=example,dc=com >> >> > >> >> > dn: cn=AMQGroup,ou=Groups,dc=example,dc=com >> >> > objectClass: groupOfNames >> >> > objectClass: top >> >> > cn: AMQGroup >> >> > member: cn=Elvadas >> >> Nono+sn=WOGUIA+uid=nelvadas,ou=Users,dc=example,dc=com >> >> > member: cn=John+sn=Doe+uid=jdoe,ou=Users,dc=example,dc=com >> >> > member: cn=Meissa+sn=Sakho+uid=msakho,ou=Users,dc=example,dc=com >> >> > >> >> > dn: cn=John+sn=Doe+uid=jdoe,ou=Users,dc=example,dc=com >> >> > objectClass: organizationalPerson >> >> > objectClass: person >> >> > objectClass: inetOrgPerson >> >> > objectClass: top >> >> > cn: John >> >> > sn: Doe >> >> > title: cn=Administrator,ou=Groups,dc=example,dc=com >> >> > uid: jdoe >> >> > userPassword: redhat >> >> > >> >> > >> >> > dn: cn=Elvadas NONO+uid=enonowoguia,ou=Users,dc=example,dc=com >> >> > objectClass: organizationalPerson >> >> > objectClass: person >> >> > objectClass: inetOrgPerson >> >> > objectClass: top >> >> > cn: elvadas nono >> >> > sn: Woguia >> >> > title: cn=Administrator,ou=Groups,dc=example,dc=com >> >> > uid: enonowoguia >> >> > userpassword:: >> >> e1NTSEF9dlMzVU95V1Bnek9JMUhreG5IV290My9jS0NxZWlGNmlDSlh1SEE9P >> >> > Q== >> >> > >> >> > *dn: cn=Meissa SAKHO+uid=msakho,ou=Users,dc=example,dc=com >> >> > objectClass: organizationalPerson >> >> > objectClass: person >> >> > objectClass: inetOrgPerson >> >> > objectClass: top >> >> > cn: meissa sakho >> >> > sn: sakho >> >> > title: cn=Administrator,ou=Groups,dc=example,dc=com >> >> > uid: msakho >> >> > userpassword: meissa >> >> > * >> >> > * >> >> > * >> >> > Thanks >> >> > >> >> > Le ven. 12 nov. 2021 à 04:03, Emmanuel Lécharny >> >> <[email protected] <mailto:[email protected]> >> >> > <mailto:[email protected] <mailto:[email protected]>>> a >> >> écrit : >> >> > >> >> > Hi, >> >> > >> >> > can you provide the entry associated to this user (with >> >> password >> >> > redacted, of course)? >> >> > >> >> > Thanks ! >> >> > >> >> > On 11/11/2021 18:53, Meissa Sakho wrote: >> >> > > Hello everyone, >> >> > > I'm trying to connect to my Ldap DS server from ActiveMq >> . >> >> > > The connection setting is configured via a login.config >> >> file like >> >> > below: >> >> > > activemq { >> >> > > >> >> > > >> >> org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule >> >> > > required >> >> > > debug=true >> >> > > >> >> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory >> >> > > connectionURL="ldap://localhost:10389"; >> >> > > connectionUsername="uid=admin,ou=system" >> >> > > connectionPassword=secret >> >> > > connectionProtocol=s >> >> > > authentication=simple >> >> > > userBase="ou=Users,dc=example,dc=com" >> >> > > userSearchMatching="(uid={0})" >> >> > > userSearchSubtree=true >> >> > > roleBase="ou=Groups,dc=example,dc=com" >> >> > > roleName=cn >> >> > > roleSearchMatching="(member={0})" >> >> > > roleSearchSubtree=false >> >> > > reload=true >> >> > > ; >> >> > > >> >> > > }; >> >> > > I've imported a sample ldiff file and double checked that >> >> every user >> >> > > connection is correct. >> >> > > When I try to get connected via the ActiveMq admin >> >> console, I'm >> >> > getting a >> >> > > login failed error message because of a password that >> does >> >> not match. >> >> > > >> >> > > 2021-11-11 18:38:29,436 DEBUG >> >> > > >> >> > >> >> [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] >> >> > LDAP >> >> > > returned a relative name: cn=Meissa >> >> SAKHO+uid=msakho,ou=Users >> >> > > >> >> > > 2021-11-11 18:38:29,436 DEBUG >> >> > > >> >> > >> >> [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] >> >> > Using >> >> > > DN [cn=Meissa >> >> SAKHO+uid=msakho,ou=Users,dc=example,dc=com] for >> >> > binding. >> >> > > >> >> > > 2021-11-11 18:38:29,436 DEBUG >> >> > > >> >> >> [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] >> >> > > Binding the user. >> >> > > >> >> > > 2021-11-11 18:38:29,438 DEBUG >> >> > > >> >> >> [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] >> >> > > Authentication failed for dn=cn=Meissa >> >> > > SAKHO+uid=msakho,ou=Users,dc=example,dc=com >> >> > > >> >> > > WARN | qtp2029780820-35 | Login failed due to: Password >> >> does not >> >> > match for >> >> > > user: msakh >> >> > > When I check the password test connection via the DS >> >> Studio, it >> >> > works fine. >> >> > > I don't know what's wrong and where. >> >> > > Any idea? >> >> > > >> >> > >> >> > -- >> >> > *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 >> >> NICE >> >> > T. +33 (0)4 89 97 36 50 >> >> > P. +33 (0)6 08 33 32 61 >> >> > [email protected] <mailto:[email protected] >> > >> >> <mailto:[email protected] >> >> <mailto:[email protected]>> >> >> > https://www.busit.com/ <https://www.busit.com/> >> >> <https://www.busit.com/ <https://www.busit.com/>> >> >> > >> >> > >> >> --------------------------------------------------------------------- >> >> > To unsubscribe, e-mail: >> >> [email protected] >> >> <mailto:[email protected]> >> >> > <mailto:[email protected] >> >> <mailto:[email protected]>> >> >> > For additional commands, e-mail: >> >> [email protected] >> >> <mailto:[email protected]> >> >> > <mailto:[email protected] >> >> <mailto:[email protected]>> >> >> > >> >> >> >> -- *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 >> >> NICE >> >> T. +33 (0)4 89 97 36 50 >> >> P. +33 (0)6 08 33 32 61 >> >> [email protected] <mailto:[email protected]> >> >> https://www.busit.com/ <https://www.busit.com/> >> >> >> > >> >> -- >> *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE >> T. +33 (0)4 89 97 36 50 >> P. +33 (0)6 08 33 32 61 >> [email protected] https://www.busit.com/ >> >
