Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-3770

Generalize LDAP group processing / LDAP group expansion

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5.1
    • Fix Version/s: 5.7.0
    • Component/s: Broker
    • Labels:
      None
    • Patch Info:
      Patch Available

      Description

      One of the issues with the way that LDAP integration is implemented in ActiveMQ is that it is making some serious assumptions based on how the examples are for Apache Directory. These assumptions prevent other LDAP implementations from functioning correctly (e.g., Active Directory). I've gone in and replaced all of the String.split stuff with LdapName. LdapName is Java's implementation of RFC 2253 for names in LDAP. All current test cases still work, while allowing other LDAP implementations to work.

      I've also implemented group expansion for the LDAPLoginModule. For example, group A is a member of groups B and C. User X is a member of group A, which should mean user X is also a member of groups B and C by virtue of being in group A. This allows for a hierarchy of roles making role management much easier in my opinion.

        Attachments

        1. LDAPUpdatesAndTest1.patch
          36 kB
          Chris Robison
        2. LDAPAuthorizationMap.java
          18 kB
          Chris Robison

          Issue Links

            Activity

              People

              • Assignee:
                dejanb Dejan Bosanac
                Reporter:
                chrisdrobison Chris Robison
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: