Security: LDAPLoginModule: Specifying userRoleName as 'memberOf' fetches the
full DN of the group, and initializes a GroupPrincipal with full DN
------------------------------------------------------------------------------------------------------------------------------------------------
Key: AMQ-3064
URL: https://issues.apache.org/jira/browse/AMQ-3064
Project: ActiveMQ
Issue Type: Wish
Affects Versions: 5.3.0
Reporter: Amit Kumar
In the sample below, when I specify the userRoleName as 'memberOf', it
initializes a GroupPrincipal with the name as full DN. e.g.
'CN=somegroupIAMMemberOf,OU=Groups,O=domain'...
This may not work if the expected role is 'somegroupIAMMemberOf'.
TestLogin {
org.apache.activemq.jaas.LDAPLoginModule required
debug=false
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://something:389";
connectionUsername="uid=generic.gen,OU=Generics,O=something"
connectionPassword="generic123"
connectionProtocol=""
authentication=simple
userBase="OU=Users,O=something"
userSearchMatching="(uid={0})"
userSearchSubtree=true
userRoleName="memberOf"
roleName="CN"
roleBase="OU=Groups,O=something"
roleSearchMatching="member={0}"
roleSearchSubtree=true
;
};
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
