Hi all,
Does anyone use ldap broker discovery with broker authentication ?
Having worked out that the ldap discovery simply will not work if I have
useJMX="true" in the broker config, I now have it querying my ldap
directory for brokers, but since I have authentication enabled on my
brokers, the connection is failing as it doesn't appear to be picking up
and passing through the broker credentials.
According to http://activemq.apache.org/security.html you just add
userName and password attributes to the networkConnector, and
http://activemq.apache.org/ldap-broker-discovery-mechanism.html states:
*Other Properties*
All of the properties defined in Networks of Brokers
<http://activemq.apache.org/networks-of-brokers.html> are also available
to the ldapNetworkConnector. Any of the properties defined for a normal
networkConnector will be used as connection parameters to any discovered
brokers matching the search criteria.
However when I use the following config, it seems that userName and
password attributes are not passed to authenticate the connection:
<ldapNetworkConnector
uri="failover:(ldap://ldap1:389,ldap://ldap2:389)"
base="ou=Office,ou=Brokers,ou=ActiveMQ,ou=Systems,dc=myorg,dc=net"
searchFilter="(cn=*)"
userName="activemq"
user="cn=activemq,ou=Systems,dc=myorg,dc=net"
password="Secret"
searchScope="SUBTREE_SCOPE"
prefetchSize="1"
/>
And the errors from the console are:
DEBUG | Using min of local: WireFormatInfo { version=9,
properties={MaxFrameSize=9223372036854775807, CacheSize=1024,
CacheEnabled=true, SizePrefixDisabled=false,
MaxInactivityDurationInitalDelay=10000, TcpNoDelayEnabled=true,
MaxInactivityDuration=30000, TightEncodingEnabled=true,
StackTraceEnabled=true}, magic=[A,c,t,i,v,e,M,Q]} and remote:
WireFormatInfo { version=7, properties={CacheSize=1024,
CacheEnabled=true, SizePrefixDisabled=false,
MaxInactivityDurationInitalDelay=10000, TcpNoDelayEnabled=true,
MaxInactivityDuration=30000, TightEncodingEnabled=true,
StackTraceEnabled=true}, magic=[A,c,t,i,v,e,M,Q]}
DEBUG | Received WireFormat: WireFormatInfo { version=7,
properties={CacheSize=1024, CacheEnabled=true, SizePrefixDisabled=false,
MaxInactivityDurationInitalDelay=10000, TcpNoDelayEnabled=true,
MaxInactivityDuration=30000, TightEncodingEnabled=true,
StackTraceEnabled=true}, magic=[A,c,t,i,v,e,M,Q]}
DEBUG | tcp:///192.168.107.104:61616@41924 before negotiation:
OpenWireFormat{version=9, cacheEnabled=false, stackTraceEnabled=false,
tightEncodingEnabled=false, sizePrefixDisabled=false,
maxFrameSize=9223372036854775807}
DEBUG | tcp:///192.168.107.104:61616@41924 after negotiation:
OpenWireFormat{version=7, cacheEnabled=true, stackTraceEnabled=true,
tightEncodingEnabled=true, sizePrefixDisabled=false,
maxFrameSize=9223372036854775807}
DEBUG | broker1.office.myorg.net addBroker:broker2.office.myorg.net
brokerInfo size : 1
DEBUG | servletNameMap={jsp=jsp, default=default}
DEBUG | Initialized TaskRunnerFactory[ActiveMQ VMTransport:
vm://broker1.office.myorg.net#3] using ExecutorService: null
DEBUG | Setting up new connection id:
ID:broker1.office.myorg.net-33320-1355151115534-6:1, address:
vm://broker1.office.myorg.net#2, info: ConnectionInfo {commandId = 2,
responseRequired = true, connectionId =
ID:broker1.office.myorg.net-33320-1355151115534-6:1, clientId =
NC_broker2.office.myorg.net_inbound_broker1.office.myorg.net, clientIp =
null, userName = null, password = *****, brokerPath = null,
brokerMasterConnector = false, manageable = false, clientMaster = true,
faultTolerant = false, failoverReconnect = false}
WARN | Failed to add Connection
ID:broker1.office.myorg.net-33320-1355151115534-6:1, reason:
java.lang.SecurityException: User name [null] or password is invalid.
Can anyone give me any pointers how to get broker authentication to work
with ldap discovery please ?
Thanks in advance
Rob
