Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Abandoned
-
5.3.0
-
None
-
None
-
LDAP/AD
Description
LDAPLoginModule authenticate() method calls bindUser() for authentication and then immediately after that, it calls getRoles() to fetch the roles for the user based on the specified role search criteria. Note that the bindUser() removes the "java.security.principal" environment if no connectionUsername/password is provided. Calling getRoles() after that does not work because it needs the security principal in the environment to perform the role search.
A sample JAAS Login configuration is provided below -
TestLogin {
org.apache.activemq.jaas.LDAPLoginModule required
debug=false
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://somehost:389"
connectionProtocol=""
authentication=simple
userBase="OU=users,O=domain"
userSearchMatching="(uid=
userSearchSubtree=true
userRoleName="memberOf"
roleName="CN"
roleBase="OU=Groups,O=domain"
roleSearchMatching="member={0}
"
roleSearchSubtree=true
;
};