Author: robbie
Date: Wed Nov 28 17:11:52 2012
New Revision: 1414821
URL: http://svn.apache.org/viewvc?rev=1414821&view=rev
Log:
QPID-4462: add some documentation regarding the security provider workaround,
until the issue can be fixed
Modified:
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml
Modified:
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml?rev=1414821&r1=1414820&r2=1414821&view=diff
==============================================================================
---
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml
(original)
+++
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml
Wed Nov 28 17:11:52 2012
@@ -38,18 +38,44 @@
</section>
- <section>
+ <section id="LDAPAuthManager">
<title>LDAP</title>
+
+ <para>
+ LDAP authentication can be configured using the
<simple-ldap-auth-manager> element
+ within the <security> section. An example of how to configure this
is shown below.
+ Please note this example also configures an unused <pd-auth-manager>
to use an empty
+ password file, this is a workaround for an issue relating to registration
of security providers.
+ </para>
+
+ <para>
+ <emphasis>NOTE: When using LDAP authentication, you must also use SSL on
the brokers AMQP messaging and
+ JMX/HTTP management ports in order to protect passwords during
transmission to the broker.</emphasis>
+ </para>
<example>
<title>Configuring LDAP authentication</title>
<programlisting><![CDATA[
<security>
- <simple-ldap-auth-manager>
- <provider-url>ldaps://example.com:636/</provider-url>
- <search-context>dc=example\,dc=com</search-context>
- <search-filter>(uid={0})</search-filter>
- </simple-ldap-auth-manager>
- ...
+ <default-auth-manager>SimpleLDAPAuthenticationManager</default-auth-manager>
+ <simple-ldap-auth-manager>
+ <provider-url>ldaps://example.com:636/</provider-url>
+ <search-context>dc=example\,dc=com</search-context>
+ <search-filter>(uid={0})</search-filter>
+ </simple-ldap-auth-manager>
+
+ <!-- Unused pd-auth-manager, a workaround to register the necessary security
providers -->
+ <pd-auth-manager>
+ <principal-database>
+
<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
+ <attributes>
+ <attribute>
+ <name>passwordFile</name>
+ <value>${conf}/emptyPasswdFile</value>
+ </attribute>
+ </attributes>
+ </principal-database>
+ <pd-auth-manager>
+ ...
</security>]]></programlisting>
</example>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
