Qpid
  1. Qpid
  2. QPID-4462

[Java Broker] SimpleLDAPAuthenticationManager does not register SASL mechanism PLAIN

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.18, 0.19, 0.20, 0.21
    • Fix Version/s: 0.22
    • Component/s: Java Broker
    • Labels:

      Description

      If the user tries to configure only the simple-ldap-auth-manager, client see the following exception on attempting to connect.

      javax.jms.JMSException: Error creating connection: Error: Unable to create SASL Server:PLAIN
      	at org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:125)
      	at org.apache.qpid.example.Hello.runTest(Hello.java:51)
      	at org.apache.qpid.example.Hello.main(Hello.java:40)
      

      The issue is that SimpleLDAPAuthenticationManager is omitting to register the PLAIN SASL mechanism.

      The user can workaround the issue by configuring a plain pd-auth-manager, (which causes the SASL mechanism to be registered) and specifying a default-auth-manager of SimpleLDAPAuthenticationManager as illustrated below:

      <default-auth-manager>SimpleLDAPAuthenticationManager</default-auth-manager>
      <pd-auth-manager>
        <principal-database>  <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
          <attributes>
             <attribute>
               <name>passwordFile</name>
               <value>${conf}/emptypasswd</value>
             </attribute>
          </attributes>
        </principal-database>
      </pd-auth-manager>
      
      

        Activity

        Hide
        Robbie Gemmell added a comment -

        r1463063 was merged via http://svn.apache.org/r1463185

        Show
        Robbie Gemmell added a comment - r1463063 was merged via http://svn.apache.org/r1463185
        Hide
        Justin Ross added a comment -

        Reviewed by Rob. Approved for 0.22.

        Show
        Justin Ross added a comment - Reviewed by Rob. Approved for 0.22.
        Hide
        Rob Godfrey added a comment -

        Looks good to me.

        At some point we need to properly figure out to what extent we want to use the built in Java Sasl stuff, versus rolling our own... But this fix certainly isn't making the situation any worse, and has the benefit of actually making the code work

        We should look to get this in for 0.22

        Show
        Rob Godfrey added a comment - Looks good to me. At some point we need to properly figure out to what extent we want to use the built in Java Sasl stuff, versus rolling our own... But this fix certainly isn't making the situation any worse, and has the benefit of actually making the code work We should look to get this in for 0.22
        Hide
        Robbie Gemmell added a comment -

        I will request this for 0.22 once it has been reviewed.

        Show
        Robbie Gemmell added a comment - I will request this for 0.22 once it has been reviewed.
        Hide
        Robbie Gemmell added a comment -

        I made a change suggested by Alex at:
        http://svn.apache.org/r1463063

        This doesn't do anything to the config documentation mentioned above; the affected config no longer esists, and the docs will be updated as part of a larger task to update the documentation to reflect the brokers new configuration model/mechanisms.

        Show
        Robbie Gemmell added a comment - I made a change suggested by Alex at: http://svn.apache.org/r1463063 This doesn't do anything to the config documentation mentioned above; the affected config no longer esists, and the docs will be updated as part of a larger task to update the documentation to reflect the brokers new configuration model/mechanisms.
        Hide
        Justin Ross added a comment -

        Doc fix approved for 0.20.

        Show
        Justin Ross added a comment - Doc fix approved for 0.20.
        Hide
        Robbie Gemmell added a comment -

        I have added the workaround to the documentation until this issue is resolved:
        http://svn.apache.org/viewvc?view=revision&revision=1414821

        Show
        Robbie Gemmell added a comment - I have added the workaround to the documentation until this issue is resolved: http://svn.apache.org/viewvc?view=revision&revision=1414821

          People

          • Assignee:
            Robbie Gemmell
            Reporter:
            Keith Wall
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development