Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-2527

Insufficient permissions for an administrative user defined in LegacyLDAPSecuritySettingPlugin

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Minor
    • AMQ 7.5.0.GA
    • None
    • security
    • None

    Description

      We have defined an administrative user in LDAP with a group which maps onto admin role, which should have all permissions on the broker. However, the "artemis queue" command fails with an exception related to insufficient permissions.

      ./artemis queue stat --user amq --password secret

Exception in thread "main" ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ229213: User: amq does not have permission='CREATE_NON_DURABLE_QUEUE' for queue activemq.management.cd366747-dab6-4050-8f1f-86c8c25e0de5 on address activemq.management.cd366747-dab6-4050-8f1f-86c8c25e0de5]
        at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:423)
        at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:319)
        at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQSessionContext.createQueue(ActiveMQSessionContext.java:682)
        at org.apache.activemq.artemis.core.client.impl.ClientSessionImpl.internalCreateQueue(ClientSessionImpl.java:1927)
        at org.apache.activemq.artemis.core.client.impl.ClientSessionImpl.createTemporaryQueue(ClientSessionImpl.java:472)
        at org.apache.activemq.artemis.core.client.impl.ClientSessionImpl.createTemporaryQueue(ClientSessionImpl.java:487)
        at org.apache.activemq.artemis.core.client.impl.ClientSessionImpl.createTemporaryQueue(ClientSessionImpl.java:351)
        at org.apache.activemq.artemis.core.client.impl.ClientSessionImpl.createTemporaryQueue(ClientSessionImpl.java:339)
        at org.apache.activemq.artemis.api.core.client.ClientRequestor.<init>(ClientRequestor.java:54)
        at org.apache.activemq.artemis.api.core.client.ClientRequestor.<init>(ClientRequestor.java:62)
        at org.apache.activemq.artemis.cli.commands.AbstractAction.performCoreManagement(AbstractAction.java:38)
        at org.apache.activemq.artemis.cli.commands.queue.StatQueue.printStats(StatQueue.java:124)
        at org.apache.activemq.artemis.cli.commands.queue.StatQueue.execute(StatQueue.java:119)
        at org.apache.activemq.artemis.cli.Artemis.internalExecute(Artemis.java:149)
        at org.apache.activemq.artemis.cli.Artemis.execute(Artemis.java:97)
        at org.apache.activemq.artemis.cli.Artemis.execute(Artemis.java:124)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.activemq.artemis.boot.Artemis.execute(Artemis.java:129)
        at org.apache.activemq.artemis.boot.Artemis.main(Artemis.java:49)

      Attachments

        1. broker.xml
          11 kB
        2. ldap.ldif
          7 kB
        3. login.config
          0.6 kB

        Activity

          People

            rhn-support-jbertram Justin Bertram
            rhn-support-qluo Joe Luo
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: