git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ActiveMQ 5.15.3 Active Directory (LDAP) integration


Hi,

I'm trying to get ActiveMQ to use Active Directory to authenticate our
client service accounts.

*The issue:*
What I get is it will find that service account but will not authenticate. I
first thought it was a bad password but we validated that is not the case.

*My environment:*
A local Windows 10 desktop running ActiveMQ 5.15.3 I have used this test bed
hundreds of times so I know it's not the issue.
The client is a local test app I have used in the past the AD server is over
VPN.

*Error Message:*
jvm 1    |  WARN | Failed to add Connection
id=ID:1T9M5Q2-50257-1534966215221-25:1, clientId=Client1 due to {}
jvm 1    | java.lang.SecurityException: User name [svc_xxxxx] or password is
invalid.
jvm 1    |      at
org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)[activemq-broker-5.15.3.jar:5.15.3]
jvm 1    |      at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:68)[activemq-broker-5.15.3.jar:5.15.3]
jvm 1    |      at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)[activemq-broker-5.15.3.jar:5.15.3]
jvm 1    |      at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:843)[activemq-broker-5.15.3.jar:5.15.3]
jvm 1    |      at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)[activemq-broker-5.15.3.jar:5.15.3]
jvm 1    |      at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)[activemq-client-5.15.3.jar:5.15.3]
jvm 1    |      at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:330)[activemq-broker-5.15.3.jar:5.15.3]
jvm 1    |      at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:194)[activemq-broker-5.15.3.jar:5.15.3]
jvm 1    |      at
org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)[activemq-client-5.15.3.jar:5.15.3]
jvm 1    |      at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:125)[activemq-client-5.15.3.jar:5.15.3]
jvm 1    |      at
org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:301)[activemq-client-5.15.3.jar:5.15.3]
jvm 1    |      at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[activemq-client-5.15.3.jar:5.15.3]
jvm 1    |      at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)[activemq-client-5.15.3.jar:5.15.3]
jvm 1    |      at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)[activemq-client-5.15.3.jar:5.15.3]
jvm 1    |      at java.lang.Thread.run(Unknown Source)[:1.8.0_181]

*My ActiveMQ Setup:*
    <broker xmlns="http://activemq.apache.org/schema/core";
brokerName="localhost" dataDirectory="${activemq.data}">

		<plugins>
		  <jaasAuthenticationPlugin configuration="LDAPLogin" />
		 </plugins>
…
</broker>

LDAPLogin {
  org.apache.activemq.jaas.LDAPLoginModule required 
     debug=true
     initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
     connectionURL="ldap://abc.local:389"; 
     connectionUsername="CN=ABC Service Account,OU=Service
Accounts,DC=abc,DC=local" 
     connectionPassword="XXXXXXXX"
     connectionProtocol=s
     authentication=simple
     userBase="OU=Service Accounts,DC=abc,DC=local"
     userSearchMatching="(sAMAccountName={0})" 
     userSearchSubtree=true
     ;
};

Note: I have tried :
	userSearchMatching="(sAMAccountName={0})" 
	userSearchMatching="(cn={0})" 
	userSearchMatching="(cn={1})" 

No luck

Thanks for helping.

Mike

 



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html