Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

9.5. Add Broker Authorization Entries

Overview
Link kopieren

Before enabling LDAP authorization in the broker, you need to create a suitable tree of entries in the directory server to represent permissions. You need to create the following kinds of entry:
Queue entries
Each queue entry has a Common Name (cn), which can be the name of a specific queue or a wildcard pattern that matches multiple queues. Under each queue entry, you must create sub-entries for the admin, read, and write permissions.
Topic entries
Each topic entry has a Common Name (cn), which can be the name of a specific topic or a wildcard pattern that matches multiple topics. Under each topic entry, you must create sub-entries for the admin, read, and write permissions.
Advisory topics entry
In particular, you must define one topic entry with the Common Name, ActiveMQ.Advisory.$, which is a wildcard pattern that matches all advisory topics.
Temporary queues entry
A single Temp entry contains the admin, read, and write permissions that apply to all temporary queues.

Using wildcards in queue and topic entries
Link kopieren

When setting the common name of queue and topic entries in the directory server, you can use any of the wildcards shown in Table 9.1, “Destination Name Wildcards in LDAP” to match one or more segments of a destination name.
Expand
Table 9.1. Destination Name Wildcards in LDAP
WildcardDescription
.Separates segments in a path name.
*Matches any single segment in a path name.
$Matches any number of segments in a path name.
For example, the pattern, FOO.*, will match FOO.BAR, but not FOO.BAR.LONG; whereas the pattern, FOO.$, will match FOO.BAR and FOO.BAR.LONG.
Note
In the context of LDAP entries, the $ character is used instead of the usual > character to match multiple destination name segments.

Steps to add authorization entries
Link kopieren

Perform the following steps to add authorization entries to the directory server:
  1. The next few steps describe how to create the ou=ActiveMQ node.
    1. Right-click the YourDomain node, and select New Organizational Unit from the context menu. The Create New Organizational Unit dialog appears.
    2. Select the Unit tab in the left-hand pane of the Create New Organizational Unit dialog.
    3. Enter ActiveMQ in the Name field.
    4. Click OK, to close the Create New Organizational Unit dialog.
  2. The next few steps describe how to create the ou=Destination node.
    1. Right-click on the ActiveMQ node and select New Organizational Unit from the context menu. The Create New Organizational Unit dialog appears.
    2. Select the Unit tab in the left-hand pane of the Create New Organizational Unit dialog.
    3. Enter Destination in the Name field.
    4. Click OK, to close the Create New Organizational Unit dialog.
  3. In a similar manner to the preceding steps, by right-clicking on the Destination node and invoking the New Organizational Unit context menu option, create the following organisationalUnit nodes as children of the ou=Destination node: 
    ou=Queue,ou=Destination,ou=ActiveMQ,dc=YourDomain
ou=Topic,ou=Destination,ou=ActiveMQ,dc=YourDomain
ou=Temp,ou=Destination,ou=ActiveMQ,dc=YourDomain
    Copy to Clipboard Toggle word wrap
  4. In the LDAP Browser window, you should now see the following tree:

    Figure 9.1. DIT after Creating Destination, Queue, Topic and Temp Nodes

    DIT after Creating Destination, Queue, Topic and Temp Nodes
    View larger image
    DIT after Creating Destination, Queue, Topic and Temp Nodes
  5. The next few steps describe how to create the following nodes: 
    cn=$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=YourDomain
cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=YourDomain
    Copy to Clipboard Toggle word wrap
    These nodes represent name patterns that match queue names and topic names, respectively. The cn=$ queue node defines an entry that matches all queue names, so it can be used to define access rights for all queues. The cn=ActiveMQ.Advisory.$ node defines a topic entry that matches all advisory topics.
    1. Right-click on the ou=Queue node and select New Other. The New Object dialog appears.
    2. Select applicationprocess. Click OK.
    3. The Property Editor dialog now appears. In the Full name field, enter $ (where $ represents the wildcard that matches any queue name). Click OK.
      View larger image
    4. In a similar manner to the preceding steps, by right-clicking on the ou=Topic node and selecting the New Other context menu option, create the following applicationProcess node as a child of the ou=Topic node: 
      cn=ActiveMQ.Advisory.$,ou=Topic,ou=Destination,ou=ActiveMQ,dc=YourDomain
      Copy to Clipboard Toggle word wrap
  6. The next few steps describe how to create the permission group nodes, which represent admin, read, and write permissions, for the ou=Queue node.
    1. Right-click on the cn=$ node (initially depicted as a spherical icon in the console) and select New Group from the context menu.
      View larger image
    2. The Create New Group dialog appears. Select the General tab in the left-hand pane of the Create New Group dialog.
    3. Set the Group Name field to admin.
      View larger image
    4. Select the Members tab in the left-hand pane of the Create New Group dialog.
      View larger image
    5. Click Add to open the Search users and groups dialog.
    6. In the Search field, select Groups from the drop-down menu, and click the Search button.
    7. From the list of groups that is now displayed, select Administrator.
    8. Click OK, to close the Search users and groups dialog.
    9. Click OK, to close the Create New Group dialog.
    10. In a similar manner to the preceding steps, by right-clicking on the cn=$ node and opening the New Group dialog, create the following additional groupOfUniqueNames nodes as children of the cn=$ node: 
      cn=read,cn=$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=YourDomain
cn=write,cn=$,ou=Queue,ou=Destination,ou=ActiveMQ,dc=YourDomain
      Copy to Clipboard Toggle word wrap
  7. Copy the cn=admin, cn=read, and cn=write permission nodes and paste them as children of the cn=ActiveMQ.Advisory.$ node, as follows.
    Using a combination of mouse and keyboard, select the three nodes, cn=admin, cn=read, and cn=write, and type Ctrl-C to copy them. Select the cn=ActiveMQ.Advisory.$ node and type Ctrl-V to paste the copied nodes as children.
  8. Similarly, copy the cn=admin, cn=read, and cn=write permission nodes and paste them as children of the ou=Temp node.
  9. In the LDAP Browser window, you should now see the following tree:

    Figure 9.2. DIT after Creating Children of Queue, Topic and Temp Nodes

    DIT after Creating Children of Queue, Topic and Temp Nodes
    View larger image
    DIT after Creating Children of Queue, Topic and Temp Nodes
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat