Gary Tully created ARTEMIS-2433:
-----------------------------------
Summary: Support LDAP role mapping of SASL EXTERNAL credentials
Key: ARTEMIS-2433
URL: https://issues.apache.org/jira/browse/ARTEMIS-2433
Project: ActiveMQ Artemis
Issue Type: Improvement
Components: AMQP, Broker
Affects Versions: 2.9.0
Reporter: Gary Tully
Assignee: Gary Tully
Fix For: 2.10.0
currently the textcertificate login module must be used with SASL EXTERNAL.
There is no other way to do authorisation and role assignment.
however a validated TLS certificate subject dn is a valid identity, in the same
way as a kerberos token identity. If we provide a login module that will
populate a subject principal with the subject DN, it will be possible to chain
with the LDAPLoginModule and have LDAP used for role assignment. In LDAP, the
CERT subjectDN just needs to be added as a member to any existing role
definition.
LDAPLoginModule can be configured to not authenticate, not lookup the user and
*just* do role assignment.
authenticateUser=false and default/empty userSearchMatching
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
