[ https://issues.apache.org/jira/browse/AMQ-7058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16907363#comment-16907363 ]
Alexander commented on AMQ-7058: -------------------------------- We have the same issue with ActiveMQ 5.15.9 {code:java} Policy not applied!. Error processing policy under '[OU=Queue,OU=Destinations,OU=XXX,OU=YYY,OU=YADDA,DC=YADDA,DC=FOO,DC=BAR, (cn=Write)]' with filter '{}' java.lang.NullPointerException at org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.applyACL(SimpleCachedLDAPAuthorizationMap.java:392)[activemq-broker-5.15.9.jar:5.15.9] at org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.processQueryResults(SimpleCachedLDAPAuthorizationMap.java:300)[activemq-broker-5.15.9.jar:5.15.9] at org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.query(SimpleCachedLDAPAuthorizationMap.java:236)[activemq-broker-5.15.9.jar:5.15.9] at org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.afterPropertiesSet(SimpleCachedLDAPAuthorizationMap.java:939)[activemq-broker-5.15.9.jar:5.15.9] at org.apache.activemq.security.CachedLDAPAuthorizationMap.afterPropertiesSet(CachedLDAPAuthorizationMap.java:34)[activemq-spring-5.15.9.jar:5.15.9] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1692)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE] {code} *The result is this:* The SimpleCachedLDAPAuthorizationMap tries to load all the permissions from LDAP. Encountering the first entry without a {{member}} attribute a NullPointerException is thrown and no further permissions are loaded. This means that only a subset of permissions are actually being applied. This happens every couple of minutes when the cache is refreshed. *The solution* would be quite simple: Just do a null-check before calling {{memberAttribute.getAll()}} and return. {code:java} if (memberAttribute != null) { NamingEnumeration<?> memberAttributeEnum = memberAttribute.getAll(); while (memberAttributeEnum.hasMoreElements()) { ...{code} > Write permissions blocked on all queues when one does not have member in LDAP > ------------------------------------------------------------------------------ > > Key: AMQ-7058 > URL: https://issues.apache.org/jira/browse/AMQ-7058 > Project: ActiveMQ > Issue Type: Bug > Components: Broker > Affects Versions: 5.15.3, 5.15.4 > Reporter: Natisha Stiles > Priority: Major > Attachments: log.txt, writeError.txt > > > I've only tested with 5.13 and 5.14.4 > Received this exception after broker start. (full start log attached) > 2018-09-20 16:19:47,575 | ERROR | Policy not applied!. Error processing > policy under '[ou=ActiveMQ,ou=CTL,ou=Apps,o=up, (cn=Write)]' with filter '{}' > | org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap | main > java.lang.NullPointerException > Could not write to any queue that had valid write permissions (attached > example of error on queue that has valid write permissions). User deeb005 is > not authorized to write to: queue://TEST.QUEUE Ended up finding one queue > that had blank write permissions. One queue not having write permissions > should not block all queues from utilizing valid permissions. -- This message was sent by Atlassian JIRA (v7.6.14#76016)