Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-3064

Security: LDAPLoginModule: Specifying userRoleName as 'memberOf' fetches the full DN of the group, and initializes a GroupPrincipal with full DN

    XMLWordPrintableJSON

Details

    • Wish
    • Status: Closed
    • Minor
    • Resolution: Abandoned
    • 5.3.0
    • None
    • None
    • None

    Description

      In the sample below, when I specify the userRoleName as 'memberOf', it initializes a GroupPrincipal with the name as full DN. e.g. 'CN=somegroupIAMMemberOf,OU=Groups,O=domain'...
      This may not work if the expected role is 'somegroupIAMMemberOf'.

      TestLogin {
      org.apache.activemq.jaas.LDAPLoginModule required
      debug=false
      initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
      connectionURL="ldap://something:389"
      connectionUsername="uid=generic.gen,OU=Generics,O=something"
      connectionPassword="generic123"
      connectionProtocol=""
      authentication=simple
      userBase="OU=Users,O=something"
      userSearchMatching="(uid=

      {0})"
      userSearchSubtree=true
      userRoleName="memberOf"
      roleName="CN"
      roleBase="OU=Groups,O=something"
      roleSearchMatching="member={0}

      "
      roleSearchSubtree=true
      ;
      };

      Attachments

        Activity

          People

            Unassigned Unassigned
            allahamit Amit Kumar
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: