Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-4076

[LTS] LegacyLDAPSecuritySettingPlugin ignore group changes

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • AMQ 7.7.0.CR2
    • AMQ 7.4.5.GA
    • security
    • None
    • +
    • Hide
      Previously, if you made an update on an LDAP server, the `LegacyLDAPSecuritySettingPlugin` security settings plugin configured on the broker might not immediately detect the change. For example, if you added a new user to an existing group on the LDAP server, the plugin did not immediately authorize the new user with the same broker permissions as existing users in the same group. Instead, for a change such as this to take effect, you needed to restart the broker. This issue is now resolved.
      Show
      Previously, if you made an update on an LDAP server, the `LegacyLDAPSecuritySettingPlugin` security settings plugin configured on the broker might not immediately detect the change. For example, if you added a new user to an existing group on the LDAP server, the plugin did not immediately authorize the new user with the same broker permissions as existing users in the same group. Instead, for a change such as this to take effect, you needed to restart the broker. This issue is now resolved.
    • Documented as Resolved Issue
    • Verified in a release
    • Hide
      1. Create a server in Apache DS Studio
      2. Create partition dc=cloud,dc=smals,dc=be
      3. Start the server and import the [^ldap-export.ldif] under the partition
      4. Create a broker using the [^broker.xml] and [^login.config]
      5. Test user3 access 
        sh bin/artemis queue stat --queueName project1.testldap --password user3  --user user3
      6. Import [^team4.ldif] under the partition, with Update existing entries checked
      7. Test user4 access that will fail with the message AMQ229213: User: user4 does not have permission='CREATE_NON_DURABLE_QUEUE' 
        sh bin/artemis queue stat --queueName project1.testldap --password user4  --user user4
      8. restart the broker
      9. Test user4 access that now will works.
      Show
      Create a server in Apache DS Studio Create partition dc=cloud,dc=smals,dc=be Start the server and import the [^ldap-export.ldif] under the partition Create a broker using the [^broker.xml] and [^login.config] Test user3 access sh bin/artemis queue stat --queueName project1.testldap --password user3 --user user3 Import [^team4.ldif] under the partition, with Update existing entries checked Test user4 access that will fail with the message AMQ229213: User: user4 does not have permission='CREATE_NON_DURABLE_QUEUE' sh bin/artemis queue stat --queueName project1.testldap --password user4 --user user4 restart the broker Test user4 access that now will works.

      The option enableListener is true by default so is expected that LegacyLDAPSecuritySettingPlugin automatically receive updates made in the LDAP server.
      However, a new user within a new group is correctly authenticated but not authorized until the broker has been restart.

              rhn-support-jbertram Justin Bertram
              rhn-support-agagliar Antonio Gagliardi
              Tiago Bueno Tiago Bueno
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: