Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-4076

[LTS] LegacyLDAPSecuritySettingPlugin ignore group changes

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • AMQ 7.7.0.CR2
    • AMQ 7.4.5.GA
    • security
    • None
    • +
    • Hide
      Previously, if you made an update on an LDAP server, the `LegacyLDAPSecuritySettingPlugin` security settings plugin configured on the broker might not immediately detect the change. For example, if you added a new user to an existing group on the LDAP server, the plugin did not immediately authorize the new user with the same broker permissions as existing users in the same group. Instead, for a change such as this to take effect, you needed to restart the broker. This issue is now resolved.
      Show
      Previously, if you made an update on an LDAP server, the `LegacyLDAPSecuritySettingPlugin` security settings plugin configured on the broker might not immediately detect the change. For example, if you added a new user to an existing group on the LDAP server, the plugin did not immediately authorize the new user with the same broker permissions as existing users in the same group. Instead, for a change such as this to take effect, you needed to restart the broker. This issue is now resolved.
    • Documented as Resolved Issue
    • Verified in a release
    • Hide
      1. Create a server in Apache DS Studio
      2. Create partition dc=cloud,dc=smals,dc=be
      3. Start the server and import the [^ldap-export.ldif] under the partition
      4. Create a broker using the [^broker.xml] and [^login.config]
      5. Test user3 access 
        sh bin/artemis queue stat --queueName project1.testldap --password user3  --user user3
      6. Import [^team4.ldif] under the partition, with Update existing entries checked
      7. Test user4 access that will fail with the message AMQ229213: User: user4 does not have permission='CREATE_NON_DURABLE_QUEUE' 
        sh bin/artemis queue stat --queueName project1.testldap --password user4  --user user4
      8. restart the broker
      9. Test user4 access that now will works.
      Show
      Create a server in Apache DS Studio Create partition dc=cloud,dc=smals,dc=be Start the server and import the [^ldap-export.ldif] under the partition Create a broker using the [^broker.xml] and [^login.config] Test user3 access sh bin/artemis queue stat --queueName project1.testldap --password user3 --user user3 Import [^team4.ldif] under the partition, with Update existing entries checked Test user4 access that will fail with the message AMQ229213: User: user4 does not have permission='CREATE_NON_DURABLE_QUEUE' sh bin/artemis queue stat --queueName project1.testldap --password user4 --user user4 restart the broker Test user4 access that now will works.

    Description

      The option enableListener is true by default so is expected that LegacyLDAPSecuritySettingPlugin automatically receive updates made in the LDAP server.
      However, a new user within a new group is correctly authenticated but not authorized until the broker has been restart.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. ENTMQBR-3370 LegacyLDAPSecuritySettingPlugin ignore group changes

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              rhn-support-jbertram Justin Bertram
              rhn-support-agagliar Antonio Gagliardi
              Tiago Bueno Tiago Bueno
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: