Discussion:
Has anyone connected ActiveMQ to Active Directory?
mtod
2018-05-01 19:41:47 UTC
Permalink
Has anyone connected ActiveMQ to Active Directory?

Were trying to connect to our companies Active Directory and keep running
into issues.
I'm looking to see if anyone has an example of the config?

Mike



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Stefaniuk, Marcin
2018-05-02 09:05:53 UTC
Permalink
I've successfully configured ActiveMQ Artemis with LDAP / AD. Example configuration below:

ADLogin {
org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required
debug=true
initialContextFactory="com.sun.jndi.ldap.LdapCtxFactory"
connectionURL="ldap://<server>:<port>"
connectionUsername="<connection_username>"
connectionPassword="<password>"
connectionProtocol=s
authentication=simple
userBase="<user_base>"
userSearchMatching="(&(objectclass=Person)(CN={0}))"
userSearchSubtree=true
roleBase="<role_base>"
roleSearchMatching="(member=CN={1},<rest_of_roles_dn>)"
roleName=CN
authenticateUser=true;
}

You should familiarize youself with ldapsearch command to experiment with LDAP queries that fits to your AD structure.

Kind regards
Marcin


===============================================================================
Please access the attached hyperlink for an important electronic communications disclaimer:
http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
===============================================================================
mtod
2018-05-02 16:04:49 UTC
Permalink
Thanks

I have used AD LDAP with other systems but this one just seems to be giving
me issues.

I'll check out your config and see if I can figure out where I'm going
wrong.

Mike





--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
mtod
2018-05-02 16:26:21 UTC
Permalink
Would you happen to know how yo log the LDAP calls to assist in diagnosing
issues?

I'm not seeing any JAAS appenders

Mike



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Jonathan Gallimore
2018-05-02 18:45:54 UTC
Permalink
I'm currently doing the same thing in ActiveMQ 5.15.2.

Can you set the level for
"org.apache.activemq.artemis.spi.core.security.jaas" to debug/trace to get
the information you're after?

Jon
Post by mtod
Would you happen to know how yo log the LDAP calls to assist in diagnosing
issues?
I'm not seeing any JAAS appenders
Mike
--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
f2341805.html
mtod
2018-05-02 21:59:07 UTC
Permalink
Were getting closer but not quite there.
The following error keeps coming up when trying to send ActiveMQ a message.
I can't seem to find what the issue is or how to get deeper into
diagnosising the problem.
All the configs seem correct can you please take a look and see if you
happen to see something out of place?


Thanks

Mike

WARN | Failed to add Connection
id=ID:FM-WLTP745-58810-1525290001982-1053:1, clientId=ActiveMQSeedMsg9 due
to {}
java.lang.SecurityException: User name [inttest02] or password is invalid.
at
org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)[activemq-broker-5.15.3.jar:5.15.3]
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:68)[activemq-broker-5.15.3.jar:5.15.3]
at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)[activemq-broker-5.15.3.jar:5.15.3]
at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:843)[activemq-broker-5.15.3.jar:5.15.3]
at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)[activemq-broker-5.15.3.jar:5.15.3]
at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)[activemq-client-5.15.3.jar:5.15.3]
at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:330)[activemq-broker-5.15.3.jar:5.15.3]
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:194)[activemq-broker-5.15.3.jar:5.15.3]
at
org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)[activemq-client-5.15.3.jar:5.15.3]
at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:125)[activemq-client-5.15.3.jar:5.15.3]
at
org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:301)[activemq-client-5.15.3.jar:5.15.3]
at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[activemq-client-5.15.3.jar:5.15.3]
at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)[activemq-client-5.15.3.jar:5.15.3]
at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)[activemq-client-5.15.3.jar:5.15.3]
at java.lang.Thread.run(Thread.java:748)[:1.8.0_131]


My Login.config file

LDAPLogin {
org.apache.activemq.jaas.LDAPLoginModule required
debug=true
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://corp.local:389"
connectionUsername=”CN=Mirth Development Service Account,OU=Service
Accounts,DC=corp,DC=local”
connectionPassword=b8eF352386!
connectionProtocol=""
authentication=simple
userBase="OU=Test Accounts,OU=Special Accounts,DC=corp,DC=local"
userSearchMatching="(&(objectclass=Person)(CN={0}))"
userSearchSubtree=true
roleBase="CN=ActiveMQ_Admins_DEV,OU=Application Groups,OU=Domain
Groups,DC=corp,DC=local”
roleName=cn
roleSearchMatching="(member=CN={1},OU=Test Accounts,OU=Special
Accounts,DC=corp,DC=local)”
roleSearchSubtree=true
;
};



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Tim Bain
2018-05-03 12:34:02 UTC
Permalink
Mike,

I'd recommend grabbing the ActiveMQ source code or source JARs and
attaching a debugger to step through.

Also, the config file you posted contains a realistic-looking password, so
unless you replaced the real one with that value before sending, you should
plan to change the password ASAP.

Tim
Post by mtod
Were getting closer but not quite there.
The following error keeps coming up when trying to send ActiveMQ a message.
I can't seem to find what the issue is or how to get deeper into
diagnosising the problem.
All the configs seem correct can you please take a look and see if you
happen to see something out of place?
Thanks
Mike
WARN | Failed to add Connection
id=ID:FM-WLTP745-58810-1525290001982-1053:1, clientId=ActiveMQSeedMsg9 due
to {}
java.lang.SecurityException: User name [inttest02] or password is invalid.
at
org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)[activemq-broker-5.15.3.jar:5.15.3]
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:68)[activemq-broker-5.15.3.jar:5.15.3]
at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)[activemq-broker-5.15.3.jar:5.15.3]
at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:843)[activemq-broker-5.15.3.jar:5.15.3]
at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)[activemq-broker-5.15.3.jar:5.15.3]
at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)[activemq-client-5.15.3.jar:5.15.3]
at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:330)[activemq-broker-5.15.3.jar:5.15.3]
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:194)[activemq-broker-5.15.3.jar:5.15.3]
at
org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)[activemq-client-5.15.3.jar:5.15.3]
at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:125)[activemq-client-5.15.3.jar:5.15.3]
at
org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:301)[activemq-client-5.15.3.jar:5.15.3]
at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[activemq-client-5.15.3.jar:5.15.3]
at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)[activemq-client-5.15.3.jar:5.15.3]
at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)[activemq-client-5.15.3.jar:5.15.3]
at java.lang.Thread.run(Thread.java:748)[:1.8.0_131]
My Login.config file
LDAPLogin {
org.apache.activemq.jaas.LDAPLoginModule required
debug=true
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://corp.local:389"
connectionUsername=”CN=Mirth Development Service Account,OU=Service
Accounts,DC=corp,DC=local”
connectionPassword=b8eF352386!
connectionProtocol=""
authentication=simple
userBase="OU=Test Accounts,OU=Special Accounts,DC=corp,DC=local"
userSearchMatching="(&(objectclass=Person)(CN={0}))"
userSearchSubtree=true
roleBase="CN=ActiveMQ_Admins_DEV,OU=Application Groups,OU=Domain
Groups,DC=corp,DC=local”
roleName=cn
roleSearchMatching="(member=CN={1},OU=Test Accounts,OU=Special
Accounts,DC=corp,DC=local)”
roleSearchSubtree=true
;
};
--
http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
mtod
2018-05-03 19:34:32 UTC
Permalink
Thanks

I setup the debugging session and it seems there is an issue with the path
to the login.config file in the init() method in the configfile.class

"java.net.MalformedURLException: unknown protocol: c"

The url is on windows:

C:\Temp\activemq\assembly\target\apache-activemq-5.16.0-SNAPSHOT-bin\apache-activemq-5.16.0-SNAPSHOT\bin\..\conf\login.config

It seems valid but for some reason it can't resolve the path.

Mike




--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Tim Bain
2018-05-04 03:35:28 UTC
Permalink
I notice that "apache-activemq-5.16.0-SNAPSHOT-bin" is in the path twice;
does that match the actual path on your machine? I wouldn't have expected
that, but of course it depends on whether you've done any additional
configuration (or whether things work differently for a SNAPSHOT build).

Tim
Post by mtod
Thanks
I setup the debugging session and it seems there is an issue with the path
to the login.config file in the init() method in the configfile.class
"java.net.MalformedURLException: unknown protocol: c"
C:\Temp\activemq\assembly\target\apache-activemq-5.16.0-
SNAPSHOT-bin\apache-activemq-5.16.0-SNAPSHOT\bin\..\conf\login.config
It seems valid but for some reason it can't resolve the path.
Mike
--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
f2341805.html
Loading...