[
https://issues.apache.org/jira/browse/ARTEMIS-3582?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Justin Bertram resolved ARTEMIS-3582.
-------------------------------------
Resolution: Cannot Reproduce
There's not really enough information here to draw any conclusions. The broker
is just passing the user's credentials through to LDAP and then responding to
the user based on the response from LDAP. I would recommend investigating the
issue from the LDAP end of things.
Also, in the future please direct questions like this to the [ActiveMQ users
mailing list|https://activemq.apache.org/contact]. Jira is generally reserved
for confirmed bugs, feature requests, etc.
> random AMQ222216: Security problem while authenticating: AMQ229031: Unable to
> validate user from /172.27.48.12:49550. Username: lot-sfmsri.fenmqprd; SSL
> certificate subject DN: unavailable
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: ARTEMIS-3582
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3582
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: Broker
> Affects Versions: 2.19.0
> Reporter: André Hurschler
> Priority: Major
>
> With different random users we get the following error message:
> {noformat}
> AMQ222216: Security problem while authenticating: AMQ229031: Unable to
> validate user from /172.27.48.12:49550. Username: lot-sfmsri.fenmqprd; SSL
> certificate subject DN: unavailable{noformat}
> {noformat}
> 2021-11-16 23:05:03,150 WARN [org.apache.activemq.artemis.core.client]
> AMQ212037: Connection failure to /172.27.48.12:49478 has been detected: User
> name [lot-sfmsri.fenmqprd] or password is invalid. [code=GENERIC_EXCEPTION]
> component = org.apache.activemq.artemis.core.clienthost =
> fenacosrv43113log_level = WARNsource = /amq_prd/log/artemis.log{noformat}
> After a restart of the Broker other Users have the same Problem. We use an
> ActiveDirectory as the LDAP directory.
> {noformat}
> activemq {
> /*
> org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
> sufficient
> debug=false
> reload=true
> org.apache.activemq.jaas.properties.user="artemis-users.properties"
> org.apache.activemq.jaas.properties.role="artemis-roles.properties";
> org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule
> sufficient
> debug=false
> org.apache.activemq.jaas.guest.user="admin"
> org.apache.activemq.jaas.guest.role="amq";
> */
> org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule
> sufficient
> debug=true
> initialContextFactory="com.sun.jndi.ldap.LdapCtxFactory"
> /*
> connectionURL - specify the location of the directory server using an
> ldap URL, ldap://Host:Port.
> You can optionally qualify this URL, by adding a forward slash, /,
> followed by the DN of a particular node in the directory tree.
> For example, ldap://ldapserver:10389/ou=system.
> */
> /*
> connectionURL="ldap://main.corp.fenaco.com:389/";
> */
> connectionURL="ldap://ad-ldap-rzsur.main.corp.fenaco.com:389/";
> /*
> authentication - specifies the authentication method used when binding
> to the LDAP server. Can take either of the values,
> - simple (username and password),
> - GSSAPI (Kerberos SASL) or
> - none (anonymous)
> */
> authentication="simple"{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
