From 8d7d78074c9d53b420e375c891f91a3627ea87b9 Mon Sep 17 00:00:00 2001 From: Justin Bertram Date: Thu, 4 Oct 2018 12:41:40 -0500 Subject: [PATCH] ARTEMIS-2192 LegacyLDAPSecuritySettingPlugin uses hard-coded RDN types Change the LegacyLDAPSecuritySettingPlugin to interpret the search results based on the order of the returned RDNs rather than hard-coded types. --- .../impl/LegacyLDAPSecuritySettingPlugin.java | 60 ++-- .../LegacyLDAPSecuritySettingPluginTest2.java | 181 ++++++++++ .../src/test/resources/AMQauth2.ldif | 335 ++++++++++++++++++ .../src/test/resources/login.config | 20 ++ 4 files changed, 575 insertions(+), 21 deletions(-) create mode 100644 tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LegacyLDAPSecuritySettingPluginTest2.java create mode 100644 tests/integration-tests/src/test/resources/AMQauth2.ldif diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java index e38c337e88..e698476b4a 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java @@ -326,30 +326,46 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin { return; } LdapName searchResultLdapName = new LdapName(searchResult.getName()); - logger.debug("LDAP search result : " + searchResultLdapName); + if (logger.isDebugEnabled()) { + logger.debug("LDAP search result : " + searchResultLdapName); + } String permissionType = null; String destination = null; String destinationType = "unknown"; - for (Rdn rdn : searchResultLdapName.getRdns()) { - if (rdn.getType().equals("cn")) { - logger.debug("\tPermission type: " + rdn.getValue()); - permissionType = rdn.getValue().toString(); - } - if (rdn.getType().equals("uid")) { - logger.debug("\tDestination name: " + rdn.getValue()); - destination = rdn.getValue().toString(); - } - if (rdn.getType().equals("ou")) { - String rawDestinationType = rdn.getValue().toString(); - if (rawDestinationType.toLowerCase().contains("queue")) { - destinationType = "queue"; - } else if (rawDestinationType.toLowerCase().contains("topic")) { - destinationType = "topic"; - } - logger.debug("\tDestination type: " + destinationType); + List rdns = searchResultLdapName.getRdns(); + if (rdns.size() != 3) { + if (logger.isDebugEnabled()) { + logger.debug("\tSkipping unexpected search result with " + rdns.size() + " RDNs."); } + return; + } + // we can count on the RNDs being in order from right to left + Rdn rdn = rdns.get(0); + String rawDestinationType = rdn.getValue().toString(); + if (rawDestinationType.toLowerCase().contains("queue")) { + destinationType = "queue"; + } else if (rawDestinationType.toLowerCase().contains("topic")) { + destinationType = "topic"; + } + if (logger.isDebugEnabled()) { + logger.debug("\tDestination type: " + destinationType); + } + + rdn = rdns.get(1); + if (logger.isDebugEnabled()) { + logger.debug("\tDestination name: " + rdn.getValue()); + } + destination = rdn.getValue().toString(); + + rdn = rdns.get(2); + if (logger.isDebugEnabled()) { + logger.debug("\tPermission type: " + rdn.getValue()); + } + permissionType = rdn.getValue().toString(); + + if (logger.isDebugEnabled()) { + logger.debug("\tAttributes: " + attrs); } - logger.debug("\tAttributes: " + attrs); Attribute attr = attrs.get(roleAttribute); NamingEnumeration e = attr.getAll(); Set roles = securityRoles.get(destination); @@ -363,9 +379,11 @@ public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin { while (e.hasMore()) { String value = (String) e.next(); LdapName ldapname = new LdapName(value); - Rdn rdn = ldapname.getRdn(ldapname.size() - 1); + rdn = ldapname.getRdn(ldapname.size() - 1); String roleName = rdn.getValue().toString(); - logger.debug("\tRole name: " + roleName); + if (logger.isDebugEnabled()) { + logger.debug("\tRole name: " + roleName); + } Role role = new Role(roleName, permissionType.equalsIgnoreCase(writePermissionValue), // send permissionType.equalsIgnoreCase(readPermissionValue), // consume diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LegacyLDAPSecuritySettingPluginTest2.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LegacyLDAPSecuritySettingPluginTest2.java new file mode 100644 index 0000000000..25a5adf442 --- /dev/null +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/LegacyLDAPSecuritySettingPluginTest2.java @@ -0,0 +1,181 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.security; + +import javax.naming.Context; +import javax.naming.NameClassPair; +import javax.naming.NamingEnumeration; +import javax.naming.directory.DirContext; +import javax.naming.directory.InitialDirContext; +import java.io.File; +import java.lang.management.ManagementFactory; +import java.net.URL; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Hashtable; +import java.util.Map; + +import org.apache.activemq.artemis.api.core.ActiveMQException; +import org.apache.activemq.artemis.api.core.SimpleString; +import org.apache.activemq.artemis.api.core.TransportConfiguration; +import org.apache.activemq.artemis.api.core.client.ActiveMQClient; +import org.apache.activemq.artemis.api.core.client.ClientProducer; +import org.apache.activemq.artemis.api.core.client.ClientSession; +import org.apache.activemq.artemis.api.core.client.ClientSessionFactory; +import org.apache.activemq.artemis.api.core.client.ServerLocator; +import org.apache.activemq.artemis.core.config.Configuration; +import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl; +import org.apache.activemq.artemis.core.remoting.impl.invm.InVMAcceptorFactory; +import org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnectorFactory; +import org.apache.activemq.artemis.core.server.ActiveMQServer; +import org.apache.activemq.artemis.core.server.ActiveMQServers; +import org.apache.activemq.artemis.core.server.impl.LegacyLDAPSecuritySettingPlugin; +import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager; +import org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule; +import org.apache.activemq.artemis.tests.util.ActiveMQTestBase; +import org.apache.directory.server.annotations.CreateLdapServer; +import org.apache.directory.server.annotations.CreateTransport; +import org.apache.directory.server.core.annotations.ApplyLdifFiles; +import org.apache.directory.server.core.integ.AbstractLdapTestUnit; +import org.apache.directory.server.core.integ.FrameworkRunner; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.TemporaryFolder; +import org.junit.runner.RunWith; + +@RunWith(FrameworkRunner.class) +@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port = 1024)}) +@ApplyLdifFiles("AMQauth2.ldif") +public class LegacyLDAPSecuritySettingPluginTest2 extends AbstractLdapTestUnit { + + static { + String path = System.getProperty("java.security.auth.login.config"); + if (path == null) { + URL resource = LegacyLDAPSecuritySettingPluginTest2.class.getClassLoader().getResource("login.config"); + if (resource != null) { + path = resource.getFile(); + System.setProperty("java.security.auth.login.config", path); + } + } + } + + private ServerLocator locator; + ActiveMQServer server; + + public static final String TARGET_TMP = "./target/tmp"; + private static final String PRINCIPAL = "uid=admin,ou=system"; + private static final String CREDENTIALS = "secret"; + + public LegacyLDAPSecuritySettingPluginTest2() { + File parent = new File(TARGET_TMP); + parent.mkdirs(); + temporaryFolder = new TemporaryFolder(parent); + } + + @Rule + public TemporaryFolder temporaryFolder; + private String testDir; + + @Before + public void setUp() throws Exception { + locator = ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration(InVMConnectorFactory.class.getCanonicalName())); + testDir = temporaryFolder.getRoot().getAbsolutePath(); + + Map init = new HashMap<>(); + init.put("destinationBase", "ou=Destination,ou=ActiveMQ,o=example,ou=system"); + init.put("roleAttribute", "member"); + + LegacyLDAPSecuritySettingPlugin legacyLDAPSecuritySettingPlugin = new LegacyLDAPSecuritySettingPlugin() + .setInitialContextFactory("com.sun.jndi.ldap.LdapCtxFactory") + .setConnectionURL("ldap://localhost:1024") + .setConnectionUsername("uid=admin,ou=system") + .setConnectionPassword("secret") + .setConnectionProtocol("s") + .setAuthentication("simple") + .init(init); + + ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("LDAPLogin2"); + Configuration configuration = new ConfigurationImpl() + .setSecurityEnabled(true) + .addAcceptorConfiguration(new TransportConfiguration(InVMAcceptorFactory.class.getCanonicalName())) + .setJournalDirectory(ActiveMQTestBase.getJournalDir(testDir, 0, false)) + .setBindingsDirectory(ActiveMQTestBase.getBindingsDir(testDir, 0, false)) + .setPagingDirectory(ActiveMQTestBase.getPageDir(testDir, 0, false)) + .setLargeMessagesDirectory(ActiveMQTestBase.getLargeMessagesDir(testDir, 0, false)) + .setPersistenceEnabled(false) + .addSecuritySettingPlugin(legacyLDAPSecuritySettingPlugin); + + server = ActiveMQServers.newActiveMQServer(configuration, ManagementFactory.getPlatformMBeanServer(), securityManager, false); + } + + @After + public void tearDown() throws Exception { + locator.close(); + server.stop(); + } + + @Test + public void testRunning() throws Exception { + Hashtable env = new Hashtable<>(); + env.put(Context.PROVIDER_URL, "ldap://localhost:1024"); + env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); + env.put(Context.SECURITY_AUTHENTICATION, "simple"); + env.put(Context.SECURITY_PRINCIPAL, PRINCIPAL); + env.put(Context.SECURITY_CREDENTIALS, CREDENTIALS); + DirContext ctx = new InitialDirContext(env); + + HashSet set = new HashSet<>(); + + NamingEnumeration list = ctx.list("ou=system"); + + while (list.hasMore()) { + NameClassPair ncp = list.next(); + set.add(ncp.getName()); + } + + Assert.assertTrue(set.contains("uid=admin")); + Assert.assertTrue(set.contains("ou=users")); + Assert.assertTrue(set.contains("ou=groups")); + Assert.assertTrue(set.contains("ou=configuration")); + Assert.assertTrue(set.contains("prefNodeName=sysPrefRoot")); + } + + @Test + public void testBasicPluginAuthorization() throws Exception { + org.jboss.logmanager.Logger.getLogger(LDAPLoginModule.class.getName()).setLevel(org.jboss.logmanager.Level.DEBUG); + org.jboss.logmanager.Logger.getLogger(LegacyLDAPSecuritySettingPlugin.class.getName()).setLevel(org.jboss.logmanager.Level.DEBUG); + server.start(); + ClientSessionFactory cf = locator.createSessionFactory(); + String name = "TEST.FOO"; + + try { + ClientSession session = cf.createSession("admin", "secret", false, true, true, false, 0); + session.createQueue(SimpleString.toSimpleString(name), SimpleString.toSimpleString(name)); + ClientProducer producer = session.createProducer(); + producer.send(name, session.createMessage(false)); + session.close(); + } catch (ActiveMQException e) { + e.printStackTrace(); + Assert.fail("should not throw exception"); + } + + cf.close(); + } +} diff --git a/tests/integration-tests/src/test/resources/AMQauth2.ldif b/tests/integration-tests/src/test/resources/AMQauth2.ldif new file mode 100644 index 0000000000..7a2b4220c7 --- /dev/null +++ b/tests/integration-tests/src/test/resources/AMQauth2.ldif @@ -0,0 +1,335 @@ +## --------------------------------------------------------------------------- +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## --------------------------------------------------------------------------- + + +########################## +## Define basic objects ## +########################## + +dn: o=example,ou=system +#objectClass: dcObject +#objectClass: container +objectClass: organization +objectClass: top +#cn: activemq +#o: activemq +o: example + +dn: ou=ActiveMQ,o=example,ou=system +objectClass: organizationalUnit +objectClass: top +ou: ActiveMQ + +dn: ou=Services,o=example,ou=system +ou: Services +objectClass: organizationalUnit +objectClass: top + +dn: cn=mqbroker,ou=Services,o=example,ou=system +cn: mqbroker +objectClass: organizationalRole +objectClass: top +objectClass: simpleSecurityObject +userPassword: {SSHA}YvMAkkd66cDecNoejo8jnw5uUUBziyl0 +description: Bind user for MQ broker + + +################### +## Define groups ## +################### + + +dn: ou=Group,ou=ActiveMQ,o=example,ou=system +objectClass: organizationalUnit +objectClass: top +ou: Group + +dn: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +cn: admins +member: uid=admin +objectClass: groupOfNames +objectClass: top + +dn: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +cn: users +member: uid=jdoe +objectClass: groupOfNames +objectClass: top + + +################## +## Define users ## +################## + + +dn: ou=User,ou=ActiveMQ,o=example,ou=system +objectClass: organizationalUnit +objectClass: top +ou: User + +dn: uid=admin,ou=User,ou=ActiveMQ,o=example,ou=system +uid: admin +userPassword: secret +objectclass: uidObject +objectclass: organizationalPerson +objectclass: person +objectclass: top +cn: Admin +sn: Admin + + +dn: uid=jdoe,ou=User,ou=ActiveMQ,o=example,ou=system +uid: jdoe +userPassword: secret +objectclass: uidObject +objectclass: organizationalPerson +objectclass: person +objectclass: top +cn: Jane Doe +sn: Doe + + +######################### +## Define destinations ## +######################### + +dn: ou=Destination,ou=ActiveMQ,o=example,ou=system +objectClass: organizationalUnit +objectClass: top +ou: Destination + +dn: ou=Topic,ou=Destination,ou=ActiveMQ,o=example,ou=system +objectClass: organizationalUnit +objectClass: top +ou: Topic + +dn: ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +objectClass: organizationalUnit +objectClass: top +ou: Queue + +## TEST.FOO + +dn: uid=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +uid: TEST.FOO +description: A queue +objectClass: applicationProcess +objectclass: uidObject +objectClass: top +cn: TEST.FOO + +dn: cn=admin,uid=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: admin +description: Admin privilege group, members are roles +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +objectClass: groupOfNames +objectClass: top + +dn: cn=read,uid=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: read +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +objectClass: groupOfNames +objectClass: top + +dn: cn=write,uid=TEST.FOO,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: write +objectClass: groupOfNames +objectClass: top +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system + +## TEST.FOOBAR + +dn: cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: TEST.FOOBAR +description: A queue +objectClass: applicationProcess +objectClass: top + +dn: cn=admin,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: admin +description: Admin privilege group, members are roles +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +objectClass: groupOfNames +objectClass: top + +dn: cn=read,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: read +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +member: uid=jdoe,ou=User,ou=ActiveMQ,o=example,ou=system +objectClass: groupOfNames +objectClass: top + +dn: cn=write,cn=TEST.FOOBAR,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: write +objectClass: groupOfNames +objectClass: top +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +member: uid=jdoe,ou=User,ou=ActiveMQ,o=example,ou=system + +## FOO.> + +dn: cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: FOO.$ +description: A queue +objectClass: applicationProcess +objectClass: top + +dn: cn=admin,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: admin +description: Admin privilege group, members are roles +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +objectClass: groupOfNames +objectClass: top + +dn: cn=read,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: read +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +objectClass: groupOfNames +objectClass: top + +dn: cn=write,cn=FOO.$,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: write +objectClass: groupOfNames +objectClass: top +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system + +## BAR.* + +dn: cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: BAR.* +description: A queue +objectClass: applicationProcess +objectClass: top + +dn: cn=admin,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: admin +description: Admin privilege group, members are roles +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +objectClass: groupOfNames +objectClass: top + +dn: cn=read,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: read +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +objectClass: groupOfNames +objectClass: top + +dn: cn=write,cn=BAR.*,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: write +objectClass: groupOfNames +objectClass: top +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system + +## $ + +dn: cn=$,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: $ +description: A queue +objectclass: applicationProcess +objectclass: top + +dn: cn=admin,cn=$,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: admin +description: Admin privilege group, members are roles +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +objectclass: groupOfNames +objectclass: top + +dn: cn=read,cn=$,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: read +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +objectclass: groupOfNames +objectclass: top + +dn: cn=write,cn=$,ou=Queue,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: write +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +objectclass: groupOfNames +objectclass: top + +####################### +## Define advisories ## +####################### + +dn: cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: ActiveMQ.Advisory.$ +objectClass: applicationProcess +objectClass: top +description: Advisory topics + +dn: cn=read,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: read +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +objectClass: groupOfNames +objectClass: top + +dn: cn=write,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: write +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +objectClass: groupOfNames +objectClass: top + +dn: cn=admin,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: admin +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +objectClass: groupOfNames +objectClass: top + +###################### +## Define temporary ## +###################### + +dn: ou=Temp,ou=Destination,ou=ActiveMQ,o=example,ou=system +objectClass: organizationalUnit +objectClass: top +ou: Temp + +dn: cn=read,ou=Temp,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: read +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +objectClass: groupOfNames +objectClass: top + +dn: cn=write,ou=Temp,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: write +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +objectClass: groupOfNames +objectClass: top + +dn: cn=admin,ou=Temp,ou=Destination,ou=ActiveMQ,o=example,ou=system +cn: admin +member: cn=admins,ou=Group,ou=ActiveMQ,o=example,ou=system +member: cn=users,ou=Group,ou=ActiveMQ,o=example,ou=system +objectClass: groupOfNames +objectClass: top diff --git a/tests/integration-tests/src/test/resources/login.config b/tests/integration-tests/src/test/resources/login.config index 19d684e39b..fb7020572f 100644 --- a/tests/integration-tests/src/test/resources/login.config +++ b/tests/integration-tests/src/test/resources/login.config @@ -21,6 +21,7 @@ PropertiesLogin { org.apache.activemq.jaas.properties.role="roles.properties"; }; + LDAPLogin { org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required debug=true @@ -40,6 +41,25 @@ LDAPLogin { ; }; +LDAPLogin2 { + org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required + debug=true + initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory + connectionURL="ldap://localhost:1024" + connectionUsername="uid=admin,ou=system" + connectionPassword=secret + connectionProtocol=s + authentication=simple + userBase="ou=User,ou=ActiveMQ,o=example,ou=system" + userSearchMatching="(uid={0})" + userSearchSubtree=true + roleBase="ou=Group,ou=ActiveMQ,o=example,ou=system" + roleName=cn + roleSearchMatching="(member=uid={1})" + roleSearchSubtree=true + ; +}; + UnAuthenticatedLDAPLogin { org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required debug=true