[jira] [Work logged] (AMQ-6148) When use LDAP auth, Activemq should not always connect to ldap service to do authentication

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/AMQ-6148?focusedWorklogId=817096&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-817096
 ]

ASF GitHub Bot logged work on AMQ-6148:
---------------------------------------

                Author: ASF GitHub Bot
            Created on: 14/Oct/22 16:35
            Start Date: 14/Oct/22 16:35
    Worklog Time Spent: 10m 
      Work Description: jbonofre commented on code in PR #699:
URL: https://github.com/apache/activemq/pull/699#discussion_r995941852


##########
activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java:
##########
@@ -175,7 +171,7 @@ public boolean commit() throws LoginException {
     public boolean abort() throws LoginException {
         if (!succeeded) {
             return false;
-        } else if (succeeded && commitSucceeded) {

Review Comment:
   I agree with @Dm-Chebotarskyi : as we already test `succeeded` at line 172, 
no need to test again.



##########
activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java:
##########
@@ -450,7 +440,6 @@ protected boolean bindUser(DirContext context, String dn, 
String password) throw
                 log.debug("User " + dn + " successfully bound.");
             }
         } catch (AuthenticationException e) {
-            isValid = false;

Review Comment:
   I agree with @Dm-Chebotarskyi : `isValid` is already set to `false` at line 
429.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 817096)
    Time Spent: 2h 20m  (was: 2h 10m)

> When use LDAP auth, Activemq should not always connect to ldap service to do 
> authentication
> -------------------------------------------------------------------------------------------
>
>                 Key: AMQ-6148
>                 URL: https://issues.apache.org/jira/browse/AMQ-6148
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.11.1
>            Reporter: JIE CHEN
>            Priority: Critical
>          Time Spent: 2h 20m
>  Remaining Estimate: 0h
>
> I am using LDAP service to do authentication for ActiveMQ, and I found 
> everytime ActiveMQ servers try to establish a connection between ActiveMQ 
> client, the ActiveMQ server will create a connection to LDAP server to do 
> authentication. That's is not good, think about there are thousands of 
> ActiveMQ clients are trying to connect to ActiveMQ servers, the ActiveMQ 
> servers will need to create thousands of connections to LDAP servers. And 
> moreover it is not reliable as well because the connection between LDAP 
> servers and ActiveMQ servers could be broken sometimes. We need something 
> similar as Cached LDAP Authorization Module. It is more reasonable that the 
> ActiveMQ will cache the ldap account credential in local memory and refresh 
> in certain interval.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)