[
https://issues.apache.org/jira/browse/AMQ-3064?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16158459#comment-16158459
]
Gary Tully commented on AMQ-3064:
---------------------------------
This has been resolved in ARTEMIS-1373 which has a clone of this login module.
https://git-wip-us.apache.org/repos/asf?p=activemq-artemis.git;h=99b2e4c
> Security: LDAPLoginModule: Specifying userRoleName as 'memberOf' fetches the
> full DN of the group, and initializes a GroupPrincipal with full DN
> ------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-3064
> URL: https://issues.apache.org/jira/browse/AMQ-3064
> Project: ActiveMQ
> Issue Type: Wish
> Affects Versions: 5.3.0
> Reporter: Amit Kumar
> Priority: Minor
>
> In the sample below, when I specify the userRoleName as 'memberOf', it
> initializes a GroupPrincipal with the name as full DN. e.g.
> 'CN=somegroupIAMMemberOf,OU=Groups,O=domain'...
> This may not work if the expected role is 'somegroupIAMMemberOf'.
> TestLogin {
> org.apache.activemq.jaas.LDAPLoginModule required
> debug=false
> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
> connectionURL="ldap://something:389";
> connectionUsername="uid=generic.gen,OU=Generics,O=something"
> connectionPassword="generic123"
> connectionProtocol=""
> authentication=simple
> userBase="OU=Users,O=something"
> userSearchMatching="(uid={0})"
> userSearchSubtree=true
> userRoleName="memberOf"
> roleName="CN"
> roleBase="OU=Groups,O=something"
> roleSearchMatching="member={0}"
> roleSearchSubtree=true
> ;
> };
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
