Closed guidograzioli closed 1 year ago
The following new parameters allows to configure a secondary (sufficient) or primary (required) LDAP authentication endpoint.
activemq_auth_properties_enabled
True
activemq_auth_ldap_enabled
False
activemq_auth_ldap_url
ldap://localhost:389
activemq_auth_ldap_conn_username
uid=admin,ou=system
activemq_auth_ldap_conn_password
password
activemq_auth_ldap_conn_codec
{{ activemq_password_codec }}
activemq_auth_ldap_conn_protocol
s
activemq_auth_ldap_auth
simple
activemq_auth_ldap_user_base
ou=Users,dc=example,dc=com
activemq_auth_ldap_user_search
(uid={0})
activemq_auth_ldap_user_search_subtree
activemq_auth_ldap_role_base
ou=Groups,dc=example,dc=com
activemq_auth_ldap_role_name
cn
activemq_auth_ldap_role_search
(member={0})
activemq_auth_ldap_role_search_subtree
Example:
activemq_hawtio_role: Scientists activemq_auth_ldap_enabled: True activemq_auth_ldap_url: ldap://ldap.forumsys.com:389 activemq_auth_ldap_conn_username: uid=tesla,dc=example,dc=com activemq_auth_ldap_conn_password: password activemq_auth_ldap_user_base: dc=example,dc=com activemq_auth_ldap_user_search: '(uid={0})' activemq_auth_ldap_role_base: dc=example,dc=com activemq_auth_ldap_role_name: cn activemq_auth_ldap_role_search: '(uniqueMember={0})' activemq_auth_ldap_role_search_subtree: True activemq_users: - user: amq password: amqbrokerpass roles: [ admin ] - user: other password: amqotherpass roles: [ consumer, producer ] activemq_roles: - name: admin permissions: [ createNonDurableQueue, deleteNonDurableQueue, createDurableQueue, deleteDurableQueue, createAddress, deleteAddress, consume, browse, send, manage ] - name: Scientists permissions: [ createNonDurableQueue, deleteNonDurableQueue, createDurableQueue, deleteDurableQueue, createAddress, deleteAddress, consume, browse, send, manage ]
It will authenticate and authorized LDAP users in the "Scientists" group; in addition to amq and other defined in property files.
amq
other
Fix #80
The following new parameters allows to configure a secondary (sufficient) or primary (required) LDAP authentication endpoint.
activemq_auth_properties_enabled
True
activemq_auth_ldap_enabled
False
activemq_auth_ldap_url
ldap://localhost:389
activemq_auth_ldap_conn_username
uid=admin,ou=system
activemq_auth_ldap_conn_password
password
activemq_auth_ldap_conn_codec
{{ activemq_password_codec }}
activemq_auth_ldap_conn_protocol
s
activemq_auth_ldap_auth
simple
activemq_auth_ldap_user_base
ou=Users,dc=example,dc=com
activemq_auth_ldap_user_search
(uid={0})
activemq_auth_ldap_user_search_subtree
True
activemq_auth_ldap_role_base
ou=Groups,dc=example,dc=com
activemq_auth_ldap_role_name
cn
activemq_auth_ldap_role_search
(member={0})
activemq_auth_ldap_role_search_subtree
False
Example:
It will authenticate and authorized LDAP users in the "Scientists" group; in addition to
amq
andother
defined in property files.Fix #80