LibraryToggle FramesPrintFeedback

Tutorial: Enable LDAP Authorization in the Broker

Overview

This section explains how to enable LDAP authorization in the broker, so that the broker obtains its authorization data from the directory server. For each queue and topic, you can specify three different kinds of permission:

  • admin—allows you to create and destroy topics or queues.

  • read—allows you to read messages from topics or queues.

  • write—allows you to write messages to topics or queues.

Steps to enable LDAP authorization

Perform the following steps to enable LDAP authorization:

  1. Add the LDAP authorization plug-in to the broker configuration. Open the broker configuration file, $ACTIVEMQ_HOME/conf/activemq.xml, with a text editor and add the authorizationPlugin element, as follows:

    <beans ...>
      <broker ...>
        ...
        <plugins>
          ...
          <authorizationPlugin>
            <map>
              <bean id="lDAPAuthorizationMap" class="org.apache.activemq.security.LDAPAuthorizationMap"
                    xmlns="http://www.springframework.org/schema/beans">
                <property name="initialContextFactory" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                <property name="connectionURL" value="ldap://localhost:10389"/>
                <property name="authentication" value="simple"/>
                <property name="connectionUsername" value="uid=admin,ou=system"/>
                <property name="connectionPassword" value="secret"/>
                <property name="connectionProtocol" value=""/>
                <property name="topicSearchMatchingFormat"
                          value="cn={0},ou=Topic,ou=Destination,ou=ActiveMQ,ou=system"/>
                <property name="topicSearchSubtreeBool" value="true"/>
                <property name="queueSearchMatchingFormat"
                          value="cn={0},ou=Queue,ou=Destination,ou=ActiveMQ,ou=system"/>
                <property name="queueSearchSubtreeBool" value="true"/>
                <property name="advisorySearchBase"
                          value="cn=ActiveMQ.Advisory,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system"/>
                <property name="tempSearchBase"
                          value="cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system"/>
                <property name="adminBase" value="(cn=admin)"/>
                <property name="adminAttribute" value="member"/>
                <property name="readBase" value="(cn=read)"/>
                <property name="readAttribute" value="member"/>
                <property name="writeBase" value="(cn=write)"/>
                <property name="writeAttribute" value="member"/>
              </bean>
            </map>
          </authorizationPlugin>
        </plugins>
        ...
      </broker>
    </beans>
  2. If you have not already done so, add username/password credentials to the consumer tool, example/src/ConsumerTool.java, and to the producer tool, example/src/ProducerTool.java, as described in Tutorial: Enable LDAP Authentication in the Broker and its Clients.

  3. Ensure that the X.500 directory server is running. If necessary, manually restart the X.500 directory server. If the server is not running, all broker connections will fail.

  4. Run the broker. Open a new command prompt and start the broker by entering the following command:

    activemq
  5. Run the consumer client. Open a new command prompt, change directory to example and enter the following Ant command:

    ant consumer -Durl=tcp://localhost:61616 -Dmax=100
  6. Run the producer client. Open a new command prompt, change directory to example and enter the following Ant command:

    ant producer -Durl=tcp://localhost:61616
Comments powered by Disqus