使用LDAP Active Directory身份验证的ActiveMQ Web控制台 [英] ActiveMQ Web console using LDAP Active Directory authentication
本文介绍了使用LDAP Active Directory身份验证的ActiveMQ Web控制台的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
努力使ActiveMQ Web控制台使用LDAP并针对Active Directory进行身份验证。
启动MQ时没有错误,出现用户名/密码登录框提示,但在插入正确的凭据时不会继续。
Struggling to get ActiveMQ web console to use LDAP and authenticated against Active Directory. No errors when starting MQ, username/password login box prompt appears but doesn't progress when inserting the correct credentials.
版本
5.15.6
Version 5.15.6
登录。 config
amqLdapLoginModule {
org.eclipse.jetty.jaas.spi.LdapLoginModule required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
hostname="ad-server1.domain.com"
port="389"
bindDn="CN=readonly-user,OU=Accounts,DC=domain,DC=com"
bindPassword="readonly-user-password"
authenticationMethod="simple"
forceBindingLogin="false"
userBaseDn="CN=users,DC=domain,DC=com"
userRdnAttribute="uid"
userIdAttribute="uid"
userPasswordAttribute="userPassword"
userObjectClass="inetOrgPerson"
roleBaseDn="CN=groups,DC=domain,dc=com"
roleNameAttribute="cn"
roleMemberAttribute="uniqueMember"
roleObjectClass="groupOfUniqueNames";
};
jetty.xml
<bean id="ldapLoginService" class="org.eclipse.jetty.jaas.JAASLoginService">
<property name="name" value="LdapRealm" />
<property name="loginModuleName" value="amqLdapLoginModule" />
<property name="roleClassNames" value="org.eclipse.jetty.jaas.JAASRole" />
<property name="identityService" ref="identityService" />
</bean>
<bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>
<bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins-group" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="adminSecurityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins-group" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="securityHandlerLdap" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="loginService" ref="ldapLoginService" />
<property name="identityService" ref="identityService" />
<property name="realmName" value="LdapRealm" />
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
</property>
<property name="constraintMappings">
<list>
<ref bean="adminSecurityConstraintMapping" />
<ref bean="securityConstraintMapping" />
</list>
</property>
<property name="handler" ref="secHandlerCollection" />
</bean>
<bean id="contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection">
</bean>
推荐答案
在 http://上遵循该指南bacedifo.blogspot.com/2013/06/securing-activemq-580-web-console-using.html ,并使用ldaptive ldap java库并对其配置进行了一些调整,因此我设法使它适用于我们的AD环境
Following the guide from http://bacedifo.blogspot.com/2013/06/securing-activemq-580-web-console-using.html and using the ldaptive ldap java library with some tweaks to the configs I managed to get this working for our AD environment.
将ldaptive- {版本号} .jar和jetty-jass- {版本号} .jar复制到/ activemq / lib目录。
Copied the ldaptive-{version number}.jar and jetty-jass-{version number}.jar to /activemq/lib directory.
login.conf
activemq {
org.ldaptive.jaas.LdapLoginModule required
debug=true
storePass="true"
ldapUrl="ldap://ldap-server1.domainname.com:389 ldap://ldap-server2.domainname.com:389"
connectionStrategy="ACTIVE_PASSIVE"
bindDn="CN=ldap-readaccount,OU=Read Accounts,DC=domainname,DC=com"
baseDn="OU=accounts,DC=domainname,DC=com"
bindCredential="ldapuser-password"
useStartTLS="false"
userFilter="(sAMAccountName={user})";
org.ldaptive.jaas.LdapRoleAuthorizationModule required
useFirstPass="true"
ldapUrl="ldap://ldap-server1.domainname.com:389 ldap://ldap-server2.domainname.com:389"
connectionStrategy="ACTIVE_PASSIVE"
bindDn="CN=ldap-readaccount,OU=Read Accounts,DC=domainname,DC=com"
baseDn="OU=groups,DC=domainname,DC=com"
bindCredential="ldapuser-password"
roleFilter="(&(cn=webconsoleadmins)(member={user}))"
useStartTLS="false"
defaultRole="admins"
roleAttribute="cn";
};
码头.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="securityLoginService" class="org.eclipse.jetty.jaas.JAASLoginService">
<property name="name" value="LdapRealm" />
<property name="loginModuleName" value="activemq" />
<property name="roleClassNames" value="org.ldaptive.jaas.LdapRole" />
<property name="identityService" ref="identityService" />
</bean>
<bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>
<bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins,webconsoleadmins" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="adminSecurityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins,webconsoleadmins" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
...
<bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="loginService" ref="securityLoginService" />
<property name="identityService" ref="identityService" />
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
</property>
<property name="constraintMappings">
<list>
<ref bean="adminSecurityConstraintMapping" />
<ref bean="securityConstraintMapping" />
</list>
</property>
<property name="handler" ref="secHandlerCollection" />
</bean>
这篇关于使用LDAP Active Directory身份验证的ActiveMQ Web控制台的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
