[AMQ-3770] Generalize LDAP group processing / LDAP group expansion - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5.1
Fix Version/s: 5.7.0
Component/s: Broker
Labels:
None

Patch Info:

Patch Available

Description

One of the issues with the way that LDAP integration is implemented in ActiveMQ is that it is making some serious assumptions based on how the examples are for Apache Directory. These assumptions prevent other LDAP implementations from functioning correctly (e.g., Active Directory). I've gone in and replaced all of the String.split stuff with LdapName. LdapName is Java's implementation of RFC 2253 for names in LDAP. All current test cases still work, while allowing other LDAP implementations to work.

I've also implemented group expansion for the LDAPLoginModule. For example, group A is a member of groups B and C. User X is a member of group A, which should mean user X is also a member of groups B and C by virtue of being in group A. This allows for a hierarchy of roles making role management much easier in my opinion.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

LDAPUpdatesAndTest1.patch
14/Mar/12 22:30
36 kB
Chris Robison
LDAPAuthorizationMap.java
14/Mar/12 22:30
18 kB
Chris Robison

Issue Links

is related to

AMQ-3791 Flexibility, concurrency, security, and compatibility issues in CachedLDAPAuthorizationMap

Resolved

Activity

People

Assignee:: Dejan Bosanac

Reporter:: Chris Robison

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 14/Mar/12 22:24

Updated:: 07/Jun/12 14:50

Resolved:: 07/Jun/12 14:50