Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-2579

Masked password does not work in LDAP security-setting-plugin

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • AMQ 7.4.0.CR2
    • AMQ 7.2.4.GA
    • security
    • None
    • Release Notes
    • +
    • Hide
      In prior releases, if you used the `artemis mask` command to encrypt a password for inclusion in the LDAP `<security-setting-plugin>` configuration, the encrypted password did not work, even if the `mask-password` attribute in your `broker.xml` configuration file was set to `true`. As a result of this issue, you saw an LDAP authentication error. This issue is now resolved.
      Show
      In prior releases, if you used the `artemis mask` command to encrypt a password for inclusion in the LDAP `<security-setting-plugin>` configuration, the encrypted password did not work, even if the `mask-password` attribute in your `broker.xml` configuration file was set to `true`. As a result of this issue, you saw an LDAP authentication error. This issue is now resolved.
    • Documented as Resolved Issue
    • Verified in a release

      Even when the mask-password is set to true, the masked password generated by

      artemis mask password does not work when used in the LDAP security-setting-plugin.

      <security-setting-plugin class-name="org.apache.activemq.artemis.core.server.impl.LegacyLDAPSecuritySettingPlugin">
      <setting name="initialContextFactory" value="com.sun.jndi.ldap.LdapCtxFactory"/>
      <setting name="connectionURL" value="ldap://localhost:10389"/>
      <setting name="connectionUsername" value="uid=admin,ou=system"/>
      <setting name="connectionPassword" value="-41e444c3ed07d6dd"/>
      <setting name="connectionProtocol" value="s"/>
      <setting name="authentication" value="simple"/>
<setting name="destinationBase" value="ou=admin,ou=system"/>
   </security-setting-plugin>

      Error when the broker starts up:

      2019-06-06 14:15:41,601 ERROR [org.apache.activemq.artemis.core.server] AMQ224066: Error opening context for LDAP: javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=admin,ou=system]
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154) [rt.jar:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100) [rt.jar:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886) [rt.jar:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800) [rt.jar:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) [rt.jar:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) [rt.jar:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) [rt.jar:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) [rt.jar:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) [rt.jar:1.8.0_181]
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.8.0_181]
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) [rt.jar:1.8.0_181]
	at javax.naming.InitialContext.init(InitialContext.java:244) [rt.jar:1.8.0_181]
	at javax.naming.InitialContext.<init>(InitialContext.java:216) [rt.jar:1.8.0_181]
	at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) [rt.jar:1.8.0_181]

              rh-ee-ataylor Andy Taylor
              rhn-support-adongre Avinash Dongre
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: