Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-3845

CachedLDAPAuthorizationMap doesn't handle the ldap connectino dying

    XMLWordPrintableJSON

Details

    Description

      If the ldap connection dies for some reason (ldap server restarting etc.), the broker will continue to attempt to use the old connection for authorization, resulting in all attempts to use the broker being denied.

      In CachedLDAPAuthorizationMap.java, the open() function just returns the context if one exists. Instead, it should check to see if the context is still valid, and if not create one.

      Alternatively, the caching of the ldap connection can be removed entirely, and then in the refreshInterval>0 case, a new ldap connection will be made each refresh interval (default setting: every 5 minutes).
      i.e. delete these lines:
      if (context != null)

      { return context; }

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. AMQ-3791 Flexibility, concurrency, security, and compatibility issues in CachedLDAPAuthorizationMap

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              dejanb Dejan Bosanac
              leachim Mike Bryant
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 10m
                  10m
                  Remaining:
                  Remaining Estimate - 10m
                  10m
                  Logged:
                  Time Spent - Not Specified
                  Not Specified