[jira] [Comment Edited] (AMQ-8599) cachedLDAPAuthorizationMap - Security failures following LDAP Connection failures

Fri, 06 May 2022 11:18:06 -0700 


    [ 
https://issues.apache.org/jira/browse/AMQ-8599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17533020#comment-17533020
 ] 

Chris Krusch edited comment on AMQ-8599 at 5/6/22 6:17 PM:
-----------------------------------------------------------

We realized when submitting this that our refreshInterval is actually set to 
900 which is way too short but may explain why the problem only lasted for 15 
seconds.  We'll be updating it to 300,000 (5 min) shortly...


was (Author: JIRAUSER285335):
We realized when submitting this that our refreshInterval=900 is way too short 
but may explain why the problem only lasted for 15 seconds.  We'll be updating 
it to 300,000 (5 min) shortly...

> cachedLDAPAuthorizationMap - Security failures following LDAP Connection 
> failures
> ---------------------------------------------------------------------------------
>
>                 Key: AMQ-8599
>                 URL: https://issues.apache.org/jira/browse/AMQ-8599
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Security/JAAS
>    Affects Versions: 5.16.4
>         Environment: ActiveMQ Classic 5.16.4
> Configured for LDAP authentication via jaas, loading of authorization data 
> via cachedLDAPauthorizationMap module
> We realized when submitting this that our refreshInterval=900 is way too 
> short but may explain why the problem only lasted for 15 seconds.  We'll be 
> updating it to 300,000 (5 min) shortly...
>            Reporter: Chris Krusch
>            Priority: Major
>         Attachments: cachedLDAPauthorization-Config.txt, 
> cachedLDAPauthorization-Logs.txt
>
>
> Authorization errors occurred for a period of time (15 seconds) following a 
> failed LDAP connection in cachedLDAPAuthorizationMap. Query interval is set 
> to 5 minutes.
> Log files showing behaviour and associated configuration will be attached.
> Difficult to produce a test that can simulate the LDAP failure and resulting 
> behaviour.
> My understanding is the module should continue with the previously loaded 
> authorization maps if any errors are encountered loading a new configuration, 
> so opening as a possible bug.
>  



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to