Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: None
Affects Version/s: AMQ 7.8.1.GA
Component/s: security
Labels:

Blocked:
False
Blocked Reason:
None
Ready:
False
GSS Priority:
Target Release:

AMQ 7.10.1.GA
Upstream Jira:
https://issues.apache.org/jira/browse/ARTEMIS-3984 https://issues.apache.org/jira/browse/ARTEMIS-4010
Steps to Reproduce:
Hide

add the following entries to LDAP server:

dn: cn=$,ou=queues,ou=destinations,ou=ActiveMQ,dc=example,dc=com objectClass: top objectClass: applicationProcess cn: $ dn: cn=admin,cn=$,ou=queues,ou=destinations,ou=ActiveMQ,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: admin uniqueMember: cn=some_role,ou=roles,dc=example,dc=com dn: cn=write,cn=$,ou=queues,ou=destinations,ou=ActiveMQ,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: write uniqueMember: cn=some_role,ou=roles,dc=example,dc=com dn: cn=read,cn=$,ou=queues,ou=destinations,ou=ActiveMQ,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: read uniqueMember: cn=some_role,ou=roles,dc=example,dc=com

Note, the new user does not belong to the "some_role". And the rest of testing steps can be the same as the JIRA ~~ENTMQBR-3719~~.
Show
add the following entries to LDAP server: dn: cn=$,ou=queues,ou=destinations,ou=ActiveMQ,dc=example,dc=com objectClass: top objectClass: applicationProcess cn: $ dn: cn=admin,cn=$,ou=queues,ou=destinations,ou=ActiveMQ,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: admin uniqueMember: cn=some_role,ou=roles,dc=example,dc=com dn: cn=write,cn=$,ou=queues,ou=destinations,ou=ActiveMQ,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: write uniqueMember: cn=some_role,ou=roles,dc=example,dc=com dn: cn=read,cn=$,ou=queues,ou=destinations,ou=ActiveMQ,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: read uniqueMember: cn=some_role,ou=roles,dc=example,dc=com Note, the new user does not belong to the "some_role". And the rest of testing steps can be the same as the JIRA ENTMQBR-3719 .

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

The Jira ~~ENTMQBR-3719~~ fixed an issue that when a new user was added to LDAP server it allows the new user to create and access new destinations.

However, it is not fully fixed. In a case when a default wildcard destination such as:

dn: cn=$,ou=queues,ou=destinations,ou=ActiveMQ,dc=example,dc=com
objectClass: top
objectClass: applicationProcess
cn: $

exists in the LDAP server, a newly created user would be able to create and access any new destination and such behaviour will only be rectified after broker is restarted.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

user5.ldif
1 kB
2022/09/21 2:38 PM
test.ldif
8 kB
2022/09/21 2:38 PM
broker.xml
12 kB
2022/09/21 2:39 PM
artemis-server-2.21.0-PATCH-3226.jar
2.20 MB
2022/09/23 3:25 AM
artemis-core-client-2.21.0-PATCH-3226.jar
820 kB
2022/09/23 3:25 AM

is related to

ENTMQBR-3719 LegacyLDAPSecuritySettingPlugin allows new user to access any newly created destinations

Closed

relates to

ENTMQBR-8456 The fix of ENTMQBR-7118 does not work with Microsoft Active Directory specifically

Closed

Assignee:: Justin Bertram

Reporter:: Joe Luo

Tester:: Roman Vais (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2022/09/07 12:24 PM

Updated:: 2024/08/14 9:41 AM

Resolved:: 2022/10/12 1:33 PM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates