使用LDAP Active Directory身份验证的ActiveMQ Web控制台
努力让ActiveMQ web控制台使用LDAP并通过Active Directory验证。 启动MQ时没有错误,用户名/密码登录框提示出现,但插入正确凭据时不会继续 版本 5.15.6 login.config使用LDAP Active Directory身份验证的ActiveMQ Web控制台,activemq,Activemq,努力让ActiveMQ web控制台使用LDAP并通过Active Directory验证。 启动MQ时没有错误,用户名/密码登录框提示出现,但插入正确凭据时不会继续 版本 5.15.6 login.config amqLdapLoginModule{ 需要org.eclipse.jetty.jaas.spi.LdapLoginModule debug=“true” contextFactory=“com.sun.jndi.ldap.LdapCtxFactory” hostname=“ad-s
amqLdapLoginModule{
需要org.eclipse.jetty.jaas.spi.LdapLoginModule
debug=“true”
contextFactory=“com.sun.jndi.ldap.LdapCtxFactory”
hostname=“ad-server1.domain.com”
port=“389”
bindDn=“CN=readonly用户,OU=Accounts,DC=domain,DC=com”
bindPassword=“只读用户密码”
authenticationMethod=“简单”
forceBindingLogin=“false”
userBaseDn=“CN=users,DC=domain,DC=com”
userrdnatribute=“uid”
userIdAttribute=“uid”
userPasswordAttribute=“userPassword”
userObjectClass=“inetOrgPerson”
roleBaseDn=“CN=groups,DC=domain,DC=com”
rolenaeattribute=“cn”
roleMemberAttribute=“唯一成员”
roleObjectClass=“groupOfUniqueNames”;
};遵循ldaptive ldap java库的指南并使用该库,对配置进行了一些调整,我成功地使其在我们的AD环境中工作
将ldaptive-{version number}.jar和jetty jass-{version number}.jar复制到/activemq/lib目录
login.conf
activemq {
org.ldaptive.jaas.LdapLoginModule required
debug=true
storePass="true"
ldapUrl="ldap://ldap-server1.domainname.com:389 ldap://ldap-server2.domainname.com:389"
connectionStrategy="ACTIVE_PASSIVE"
bindDn="CN=ldap-readaccount,OU=Read Accounts,DC=domainname,DC=com"
baseDn="OU=accounts,DC=domainname,DC=com"
bindCredential="ldapuser-password"
useStartTLS="false"
userFilter="(sAMAccountName={user})";
org.ldaptive.jaas.LdapRoleAuthorizationModule required
useFirstPass="true"
ldapUrl="ldap://ldap-server1.domainname.com:389 ldap://ldap-server2.domainname.com:389"
connectionStrategy="ACTIVE_PASSIVE"
bindDn="CN=ldap-readaccount,OU=Read Accounts,DC=domainname,DC=com"
baseDn="OU=groups,DC=domainname,DC=com"
bindCredential="ldapuser-password"
roleFilter="(&(cn=webconsoleadmins)(member={user}))"
useStartTLS="false"
defaultRole="admins"
roleAttribute="cn";
})
jetty.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="securityLoginService" class="org.eclipse.jetty.jaas.JAASLoginService">
<property name="name" value="LdapRealm" />
<property name="loginModuleName" value="activemq" />
<property name="roleClassNames" value="org.ldaptive.jaas.LdapRole" />
<property name="identityService" ref="identityService" />
</bean>
<bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>
<bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins,webconsoleadmins" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="adminSecurityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins,webconsoleadmins" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="loginService" ref="securityLoginService" />
<property name="identityService" ref="identityService" />
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
</property>
<property name="constraintMappings">
<list>
<ref bean="adminSecurityConstraintMapping" />
<ref bean="securityConstraintMapping" />
</list>
</property>
<property name="handler" ref="secHandlerCollection" />
</bean>