Red Hat AMQ 6
As of February 2025, Red Hat is no longer supporting Red Hat AMQ 6. If you are using AMQ 6, please upgrade: Migrating to AMQ 7.Questo contenuto non è disponibile nella lingua selezionata.
8.4. Enable LDAP Authentication in the OSGi Container
Overview Copia collegamentoCollegamento copiato negli appunti!
Copia collegamentoCollegamento copiato negli appunti!
In this part of the tutorial you will configure an LDAP realm in the OSGi container. The new realm overrides the default karaf realm, so that the container authenticates credentials based on user entries stored in the X.500 directory server.
Procedure Copia collegamentoCollegamento copiato negli appunti!
Copia collegamentoCollegamento copiato negli appunti!
To enable LDAP authentication:
- Ensure that the X.500 directory server is running.
- Start Red Hat JBoss A-MQ by entering the following command in a terminal window:
amq
amq
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Create a Blueprint configuration file called
ldap-module.xml
. - Copy Example 8.1, “Blueprint JAAS Realm” into
ldap-module.xml
.Example 8.1. Blueprint JAAS Realm
Copy to Clipboard Copied! Toggle word wrap Toggle overflow This login module creates a JAAS realm calledkaraf
, which is the same name as the default JAAS realm used by Red Hat JBoss A-MQ. By redefining this realm with arank
attribute value greater than0
, it overrides the standardkaraf
realm which has the rank0
. For more information on configuring a JAAS realm see Section 2.1.2, “Defining JAAS Realms”.For a detailed description of configuring JBoss A-MQ to use LDAP see Section 2.2, “Enabling LDAP Authentication”.ImportantWhen setting the JAAS properties above, do not enclose the property values in double quotes.TipIf you use OpenLDAP, the syntax of the role filter is(member:=uid=%u)
. - To deploy the new LDAP module, copy the
ldap-module.xml
into the JBoss A-MQdeploy/
directory.The LDAP module is automatically activated. - Test the new LDAP realm by connecting to the running container using the Red Hat JBoss A-MQ
client
utility.- Open a new command prompt.
- change directory to the JBoss A-MQ
InstallDir/bin
directory. - Enter the following command to log on to the running container instance using the identity
janedoe
:client -u janedoe -p secret
client -u janedoe -p secret
Copy to Clipboard Copied! Toggle word wrap Toggle overflow You should receive the following message:Authentication failure
Authentication failure
Copy to Clipboard Copied! Toggle word wrap Toggle overflow This fails becausejanedoe
does not have theadmin
role which is required for using the remote console. - Enter the following command to log on to the running container instance using the identity
jdoe
:client -u jdoe -p secret
client -u jdoe -p secret
Copy to Clipboard Copied! Toggle word wrap Toggle overflow You should successfully log into the container's remote console becausejdoe
does have theadmin
role. - Log off the remote console by entering the logout command.