小贝子编程

ActiveMQ Artemis无法根据OpenLDAP进行身份验证



我有一个在docker容器中本地运行的简单设置,一个容器基于openjdk:13-alpine安装artemis2.11.0,另一个基于osixia/openldap

当我试图登录到网络控制台时,我收到了一个我根本无法理解的错误:

HTTP ERROR 500
Problem accessing /console/auth/login/. Reason:
Server Error
Caused by:
java.lang.SecurityException: java.io.IOException: Configuration Error:
Line 11: expected [option value], found [null]
at java.base/sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)
at java.base/sun.security.provider.ConfigFile.<init>(ConfigFile.java:102)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
at java.base/java.lang.reflect.ReflectAccess.newInstance(ReflectAccess.java:166)
at java.base/jdk.internal.reflect.ReflectionFactory.newInstance(ReflectionFactory.java:404)
at java.base/java.lang.Class.newInstance(Class.java:591)
at java.base/javax.security.auth.login.Configuration$2.run(Configuration.java:255)
at java.base/javax.security.auth.login.Configuration$2.run(Configuration.java:246)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:554)
at java.base/javax.security.auth.login.Configuration.getConfiguration(Configuration.java:245)
at java.base/javax.security.auth.login.LoginContext$1.run(LoginContext.java:242)
at java.base/javax.security.auth.login.LoginContext$1.run(LoginContext.java:240)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
at java.base/javax.security.auth.login.LoginContext.init(LoginContext.java:240)
at java.base/javax.security.auth.login.LoginContext.<init>(LoginContext.java:378)
at java.base/javax.security.auth.login.LoginContext.<init>(LoginContext.java:451)
at io.hawt.system.Authenticator.doAuthenticate(Authenticator.java:128)
at io.hawt.system.Authenticator.authenticate(Authenticator.java:92)
at io.hawt.web.AuthenticationFilter.doFilter(AuthenticationFilter.java:168)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.XXSSProtectionFilter.doFilter(XXSSProtectionFilter.java:28)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:28)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.CORSFilter.doFilter(CORSFilter.java:42)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.CacheHeadersFilter.doFilter(CacheHeadersFilter.java:37)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.SessionExpiryFilter.process(SessionExpiryFilter.java:117)
at io.hawt.web.SessionExpiryFilter.doFilter(SessionExpiryFilter.java:57)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.RedirectFilter.process(RedirectFilter.java:73)
at io.hawt.web.RedirectFilter.doFilter(RedirectFilter.java:38)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1613)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:541)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1593)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1239)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:481)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1562)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1141)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:52)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:564)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:672)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:590)
at java.base/java.lang.Thread.run(Thread.java:830)
Caused by: java.io.IOException: Configuration Error:
Line 11: expected [option value], found [null]
at java.base/sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:665)
at java.base/sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:578)
at java.base/sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:479)
at java.base/sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:426)
at java.base/sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)
at java.base/sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)
at java.base/sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135)
... 61 more
Caused by:
java.io.IOException: Configuration Error:
Line 11: expected [option value], found [null]
at java.base/sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:665)
at java.base/sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:578)
at java.base/sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:479)
at java.base/sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:426)
at java.base/sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)
at java.base/sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)
at java.base/sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135)
at java.base/sun.security.provider.ConfigFile.<init>(ConfigFile.java:102)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
at java.base/java.lang.reflect.ReflectAccess.newInstance(ReflectAccess.java:166)
at java.base/jdk.internal.reflect.ReflectionFactory.newInstance(ReflectionFactory.java:404)
at java.base/java.lang.Class.newInstance(Class.java:591)
at java.base/javax.security.auth.login.Configuration$2.run(Configuration.java:255)
at java.base/javax.security.auth.login.Configuration$2.run(Configuration.java:246)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:554)
at java.base/javax.security.auth.login.Configuration.getConfiguration(Configuration.java:245)
at java.base/javax.security.auth.login.LoginContext$1.run(LoginContext.java:242)
at java.base/javax.security.auth.login.LoginContext$1.run(LoginContext.java:240)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
at java.base/javax.security.auth.login.LoginContext.init(LoginContext.java:240)
at java.base/javax.security.auth.login.LoginContext.<init>(LoginContext.java:378)
at java.base/javax.security.auth.login.LoginContext.<init>(LoginContext.java:451)
at io.hawt.system.Authenticator.doAuthenticate(Authenticator.java:128)
at io.hawt.system.Authenticator.authenticate(Authenticator.java:92)
at io.hawt.web.AuthenticationFilter.doFilter(AuthenticationFilter.java:168)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.XXSSProtectionFilter.doFilter(XXSSProtectionFilter.java:28)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:28)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.CORSFilter.doFilter(CORSFilter.java:42)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.CacheHeadersFilter.doFilter(CacheHeadersFilter.java:37)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.SessionExpiryFilter.process(SessionExpiryFilter.java:117)
at io.hawt.web.SessionExpiryFilter.doFilter(SessionExpiryFilter.java:57)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at io.hawt.web.RedirectFilter.process(RedirectFilter.java:73)
at io.hawt.web.RedirectFilter.doFilter(RedirectFilter.java:38)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1613)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:541)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1593)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1239)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:481)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1562)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1141)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:52)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:564)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:672)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:590)
at java.base/java.lang.Thread.run(Thread.java:830)

当我尝试从Artemis容器本身中使用bin/artemis producer命令时,也会发生同样的错误:

2020-03-26 15:44:34,845 INFO  [org.apache.activemq.artemis.core.server.plugin.impl] AMQ841000: created connection: RemotingConnectionImpl [ID=e66c8100, clientID=null, nodeID=1fa3713e-6926-11ea-b9f9-0242c0a8d002, transportConnection=org.apache.activemq.artemis.core.remoting.impl.netty.NettyServerConnection@3d04dde0[ID=e66c8100, local= /127.0.0.1:61616, remote=/127.0.0.1:40444]]
2020-03-26 15:44:34,937 ERROR [org.apache.activemq.artemis.core.server] AMQ224018: Failed to create session: java.lang.SecurityException: java.io.IOException: Configuration Error:
Line 11: expected [option value], found [null]
at java.base/sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137) [java.base:]
at java.base/sun.security.provider.ConfigFile.<init>(ConfigFile.java:102) [java.base:]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [java.base:]
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [java.base:]
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [java.base:]
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) [java.base:]
at java.base/java.lang.reflect.ReflectAccess.newInstance(ReflectAccess.java:166) [java.base:]
at java.base/jdk.internal.reflect.ReflectionFactory.newInstance(ReflectionFactory.java:404) [java.base:]
at java.base/java.lang.Class.newInstance(Class.java:591) [java.base:]
at java.base/javax.security.auth.login.Configuration$2.run(Configuration.java:255) [java.base:]
at java.base/javax.security.auth.login.Configuration$2.run(Configuration.java:246) [java.base:]
at java.base/java.security.AccessController.doPrivileged(AccessController.java:554) [java.base:]
at java.base/javax.security.auth.login.Configuration.getConfiguration(Configuration.java:245) [java.base:]
at java.base/javax.security.auth.login.LoginContext$1.run(LoginContext.java:242) [java.base:]
at java.base/javax.security.auth.login.LoginContext$1.run(LoginContext.java:240) [java.base:]
at java.base/java.security.AccessController.doPrivileged(AccessController.java:312) [java.base:]
at java.base/javax.security.auth.login.LoginContext.init(LoginContext.java:240) [java.base:]
at java.base/javax.security.auth.login.LoginContext.<init>(LoginContext.java:501) [java.base:]
at org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager.getAuthenticatedSubject(ActiveMQJAASSecurityManager.java:190) [artemis-server-2.11.0.jar:2.11.0]
at org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager.validateUser(ActiveMQJAASSecurityManager.java:99) [artemis-server-2.11.0.jar:2.11.0]
at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:137) [artemis-server-2.11.0.jar:2.11.0]
at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1530) [artemis-server-2.11.0.jar:2.11.0]
at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handleCreateSession(ActiveMQPacketHandler.java:166) [artemis-server-2.11.0.jar:2.11.0]
at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQPacketHandler.handlePacket(ActiveMQPacketHandler.java:88) [artemis-server-2.11.0.jar:2.11.0]
at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:720) [artemis-core-client-2.11.0.jar:2.11.0]
at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:408) [artemis-core-client-2.11.0.jar:2.11.0]
at org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:385) [artemis-core-client-2.11.0.jar:2.11.0]
at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:654) [artemis-server-2.11.0.jar:2.11.0]
at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:73) [artemis-core-client-2.11.0.jar:2.11.0]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:337) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:323) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:297) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:337) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:796) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:427) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:328) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:905) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118) [artemis-commons-2.11.0.jar:2.11.0]
Caused by: java.io.IOException: Configuration Error:
Line 11: expected [option value], found [null]
at java.base/sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:665) [java.base:]
at java.base/sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:578) [java.base:]
at java.base/sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:479) [java.base:]
at java.base/sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:426) [java.base:]
at java.base/sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329) [java.base:]
at java.base/sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271) [java.base:]
at java.base/sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135) [java.base:]
... 45 more
2020-03-26 15:44:35,033 INFO  [org.apache.activemq.artemis.core.server.plugin.impl] AMQ841001: destroyed connection: RemotingConnectionImpl [ID=e66c8100, clientID=null, nodeID=1fa3713e-6926-11ea-b9f9-0242c0a8d002, transportConnection=org.apache.activemq.artemis.core.remoting.impl.netty.NettyServerConnection@3d04dde0[ID=e66c8100, local= /127.0.0.1:61616, remote=/127.0.0.1:40444]]

日志没有显示哪个文件是罪魁祸首(即使是在级别DEBUG中(——不过我假设是login.config,但我看不到其中有任何问题。

我非常感谢任何关于无效Artemis配置或无效LDAP记录的提示,这些提示可能会导致此类问题。

代理似乎能够从LDAP读取数据——至少在授权方面是这样——因为日志显示了角色填充的详细信息,例如:

2020-03-26 14:45:24,021 INFO  [org.apache.activemq.artemis.core.server] AMQ221051: Populating security roles from LDAP at: ldap://ldapserver:389
...
2020-03-26 14:45:24,240 DEBUG [org.apache.activemq.artemis.core.server.impl.LegacyLDAPSecuritySettingPlugin] LDAP search result: cn=read,cn=public.foo.test1.#,ou=Topic
Destination type: topic
Destination name: public.foo.test1.#
Permission type: read
Attributes: {member=member: cn=admins,ou=Group,dc=example,dc=com, cn=users,ou=Group,dc=example,dc=com}
Role name: admins
Role name: users
...

旁注:在上述消息之后,我收到一个日志,表明分页支持存在一些问题:

2020-03-26 14:45:24,231 ERROR [org.apache.activemq.artemis.core.server] AMQ224086: Caught unexpected exception: javax.naming.OperationNotSupportedException: [LDAP: error code 12 - critical extension is not recognized]; remaining name 'ou=Destination,dc=example,dc=com'

然而,这似乎是在处理完第一块记录后弹出的——如果我没有错的话,每页的默认项目限制应该是500个,这对我目前的情况来说已经足够了。

我已经配置了artemis配置如下:

login.config:

openldap {
org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required
debug=true
initialContextFactory="com.sun.jndi.ldap.LdapCtxFactory"
connectionURL="ldap://ldapserver:389"
connectionUsername="cn=admin,dc=example,dc=com"
connectionPassword="..."
connectionProtocol="s"
connectionTimeout=10000
readTimeout=10000
topicSearchMatchingFormat="cn={0},ou=Topic,ou=Destination,dc=example,dc=com"
topicSearchSubtreeBool=true
authentication=simple
ignorePartialResultException=true
userBase="ou=User,dc=example,dc=com"
userSearchMatching="(uid={0})"
userSearchSubtree=false
queueSearchMatchingFormat="cn={0},ou=Queue,ou=Destination,dc=example,dc=com"
queueSearchSubtreeBool=true
roleBase="ou=Group,dc=example,dc=com"
roleName="cn"
roleSearchMatching="(member:=uid={1})"
roleSearchSubtree=true
;
};

broker.xml:

<configuration ...>
<!-- ... SNIP ... -->
<security-settings>
<security-setting-plugin class-name="org.apache.activemq.artemis.core.server.impl.LegacyLDAPSecuritySettingPlugin">
<setting name="initialContextFactory" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<setting name="connectionURL" value="ldap://ldapserver:389"/>
<setting name="connectionUsername" value="cn=admin,dc=example,dc=com"/>
<setting name="connectionPassword" value="...SNIP..."/>
<setting name="connectionProtocol" value="s"/>
<setting name="authentication" value="simple"/>
<setting name="destinationBase" value="ou=Destination,dc=example,dc=com"/>
<setting name="roleAttribute" value="member"/>
<setting name="ignorePartialResultException" value="true"/>
<setting name="filter" value="(cn=*)"/>
<setting name="readPermissionValue" value="read"/>
<setting name="writePermissionValue" value="write"/>
</security-setting-plugin>
</security-settings>
<!-- ... SNIP ... -->
</configuration>

我的LDAP记录的一个稍微修改过的版本:

version: 1
dn: dc=example,dc=com
objectClass: organization
objectClass: dcObject
objectClass: top
dc: example
o: Example Inc.
dn: ou=User,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: User
dn: cn=admin,dc=example,dc=com
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: admin
userPassword: {SSHA}3++NsuMU6iOErazxJNROGPmk1iw9Nboa
description: LDAP administrator
dn: ou=Group,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Group
dn: ou=Services,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Services
dn: ou=Destination,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Destination
dn: uid=CT84Ac0k,ou=User,dc=example,dc=com
objectClass: uidObject
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: CT84Ac0k
uid: CT84Ac0k
userPassword: {SSHA}ZGpJdZ3CRyP35pltd16Fbydnhfw6HmzV
dn: cn=users,ou=Group,dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: users
member: uid=CT84Ac0k
dn: cn=admins,ou=Group,dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: admins
member: uid=admin
dn: cn=mqbroker,ou=Services,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
objectClass: top
cn: mqbroker
userPassword: {SSHA}lcLtOtmqIT4BjB7hlhV60H2dzUH0C5bb
dn: ou=Queue,ou=Destination,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Queue
dn: ou=Topic,ou=Destination,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Topic
dn: cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,dc=example,dc=com
objectClass: applicationProcess
objectClass: top
cn: ActiveMQ.Advisory.$
description: A destination represents the target for which an ArtemisRole ca
n get access
dn: cn=public.foo.test1.#,ou=Topic,ou=Destination,dc=example,dc=com
objectClass: applicationProcess
objectClass: top
cn: public.foo.test1.#
dn: cn=read,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: read
member: cn=admins,ou=Group,dc=example,dc=com
member: cn=users,ou=Group,dc=example,dc=com
dn: cn=admin,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: admin
member: cn=admins,ou=Group,dc=example,dc=com
dn: cn=write,cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: write
member: cn=admins,ou=Group,dc=example,dc=com
member: cn=users,ou=Group,dc=example,dc=com
dn: cn=read,cn=public.foo.test1.#,ou=Topic,ou=Destination,dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: read
member: cn=admins,ou=Group,dc=example,dc=com
member: cn=users,ou=Group,dc=example,dc=com
dn: cn=admin,cn=public.foo.test1.#,ou=Topic,ou=Destination,dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: admin
member: cn=admins,ou=Group,dc=example,dc=com
dn: cn=write,cn=public.foo.test1.#,ou=Topic,ou=Destination,dc=example,dc=com
objectClass: groupOfNames
objectClass: top
cn: write
member: cn=users,ou=Group,dc=example,dc=com

login.config中存在语法错误。readTimeoutconnectionTimeout的值需要加引号,例如:

openldap {
org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required
debug=true
initialContextFactory="com.sun.jndi.ldap.LdapCtxFactory"
connectionURL="ldap://ldapserver:389"
connectionUsername="cn=admin,dc=example,dc=com"
connectionPassword="..."
connectionProtocol="s"
connectionTimeout="10000"
readTimeout="10000"
authentication=simple
ignorePartialResultException=true
userBase="ou=User,dc=example,dc=com"
userSearchMatching="(uid={0})"
userSearchSubtree=false
roleBase="ou=Group,dc=example,dc=com"
roleName="cn"
roleSearchMatching="(member:=uid={1})"
roleSearchSubtree=true
;
};

注意:我删除了topicSearchMatchingFormattopicSearchSubtreeBoolqueueSearchMatchingFormat和&queueSearchSubtreeBool,因为org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule不支持它们。从技术上讲,把它们放在里面不会造成问题,但它让阅读变得更容易;在他们离开的情况下理解。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium