Yes, it will try to keep the current cache until ldap server comes back.
Regards -- Dejan Bosanac Senior Software Engineer | FuseSource Corp. dej...@fusesource.com | fusesource.com skype: dejan.bosanac | twitter: @dejanb blog: http://www.nighttale.net ActiveMQ in Action: http://www.manning.com/snyder/ On Fri, Jun 22, 2012 at 5:46 PM, Christopher Wood <christopher_w...@pobox.com> wrote: > It certainly makes sense to reconnect if there's a problem. > > Will 5.7.0 also keep the current authorization cache if there's an ldap > issue? In a production scenario it's probably okay to keep functioning if the > ldap server goes away for a while. > > Thank you for the pointer, very much appreciated. > > On Fri, Jun 22, 2012 at 10:12:29AM +0200, Dejan Bosanac wrote: >> Hi, >> >> there are some improvements in that area on the trunk (and will be >> available in the next fuse release). Please take a look at >> >> https://issues.apache.org/jira/browse/AMQ-3845 >> >> >> Regards >> -- >> Dejan Bosanac >> Senior Software Engineer | FuseSource Corp. >> dej...@fusesource.com | fusesource.com >> skype: dejan.bosanac | twitter: @dejanb >> blog: http://www.nighttale.net >> ActiveMQ in Action: http://www.manning.com/snyder/ >> >> >> On Thu, Jun 21, 2012 at 6:56 PM, Christopher Wood >> <christopher_w...@pobox.com> wrote: >> > I upgraded our lab ActiveMQ to 5.6.0 and am using the cached ldap auth >> > module. I appear to be having a problem where at times ActiveMQ loses its >> > authorization data cache and does not refresh this from ldap. Is there any >> > way of forcing a retry if it has a connection issue, or otherwise further >> > diagnosing what is happening? >> > >> > Details: >> > >> > Three times now (solved by an ActiveMQ restart) I have started seeing >> > these errors in the log (but for all queues that they are trying to >> > access): >> > >> > 2012-06-21 11:57:31,538 | DEBUG | Error occured while processing sync >> > command: ConsumerInfo {commandId = 28936, responseRequired = true, >> > consumerId = ID:myhost-53793-1340295272790-0:6:-1:1, destination = >> > ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic, prefetchSize = 0, >> > maximumPendingMessageLimit = 0, browser = false, dispatchAsync = false, >> > selector = null, subscriptionName = null, noLocal = true, exclusive = >> > false, retroactive = false, priority = 0, brokerPath = null, >> > optimizedAcknowledge = false, noRangeAcks = false, additionalPredicate = >> > null}, exception: java.lang.SecurityException: User vm5a is not authorized >> > to read from: ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic | >> > org.apache.activemq.broker.TransportConnection.Service | ActiveMQ >> > Transport: tcp:///10.201.147.250:51236 >> > java.lang.SecurityException: User vm5a is not authorized to read from: >> > ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic >> > >> > Per our developers, they are seeing: >> > >> > 12:16:53,926 WARN DefaultMessageListenerContainer:822 - Setup of JMS >> > message listener invoker failed for destination 'queue://vm5.queuename' - >> > trying to recover. Cause: User vm5a is not authorized to read from: >> > ActiveMQ.Advisory.TempQueue,ActiveMQ.Advisory.TempTopic >> > >> > I ran some tcpdumps. While this is in the logs, I do not see any ldap >> > searches attempting to update the authorization info. Just after a >> > restart, I do see intermittent searches for the entries under >> > ou=destination,ou=activemq,ou=systems,o=me. >> > >> > My plugin info: >> > >> > <authorizationPlugin> >> > <map> >> > <cachedLDAPAuthorizationMap >> > connectionURL="ldap://ldap-lab.me:389"; >> > connectionUsername="cn=mqbroker,ou=services,o=me" >> > connectionPassword="password" >> > baseDn="ou=systems,o=me" >> > refreshInterval="5000" >> > /> >> > </map> >> > </authorizationPlugin> >>
