[
https://issues.apache.org/jira/browse/ARTEMIS-2433?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
clebert suconic reopened ARTEMIS-2433:
--------------------------------------
> Support LDAP role mapping of SASL EXTERNAL credentials
> ------------------------------------------------------
>
> Key: ARTEMIS-2433
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2433
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: AMQP, Broker
> Affects Versions: 2.9.0
> Reporter: Gary Tully
> Assignee: Gary Tully
> Priority: Major
> Labels: AMQP, LDAP, SASL
> Fix For: 2.10.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> currently the textcertificate login module must be used with SASL EXTERNAL.
> There is no other way to do authorisation and role assignment.
> however a validated TLS certificate subject dn is a valid identity, in the
> same way as a kerberos token identity. If we provide a login module that will
> populate a subject principal with the subject DN, it will be possible to
> chain with the LDAPLoginModule and have LDAP used for role assignment. In
> LDAP, the CERT subjectDN just needs to be added as a member to any existing
> role definition.
> LDAPLoginModule can be configured to not authenticate, not lookup the user
> and *just* do role assignment.
> authenticateUser=false and default/empty userSearchMatching
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
