This section describes how to configure LDAP authentication in the broker, so that it can authenticate incoming credentials based on user entries stored in the X.500 directory server. The tutorial concludes by showing how to program credentials in Java clients and by running an end-to-end demonstration using the consumer and producer tools.
Perform the following steps to enable LDAP authentication:
Create the login configuration file. Using a text editor, create the file,
login.configunder the directory,$ACTIVEMQ_HOME/conf. Paste the following text into thelogin.configfile:LDAPLogin { org.apache.activemq.jaas.LDAPLoginModule required debug=true initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory connectionURL="ldap://localhost:10389" connectionUsername="uid=admin,ou=system" connectionPassword=secret connectionProtocol="" authentication=simple userBase="ou=User,ou=ActiveMQ,ou=system" userSearchMatching="(uid={0})" userSearchSubtree=false roleBase="ou=Group,ou=ActiveMQ,ou=system" roleName=cn roleSearchMatching="(member=uid={1})" roleSearchSubtree=false ; };Where these settings assume that the broker connects to a default instance of the Apache Directory Server running on the local host. The account with username,
uid=admin,ou=system, and password,secret, is the default administration account created by the Apache server.![[Note]](imagesdb/note.gif)
Note If you are using the OpenLDAP Directory Server, the syntax required for the
roleSearchMatchingproperty is different. You must set it asroleSearchMatching="(member:=uid={1})".Add the LDAP authentication plug-in to the broker configuration. Open the broker configuration file,
$ACTIVEMQ_HOME/conf/activemq.xml, with a text editor and add thejaasAuthenticationPluginelement, as follows:<beans> <broker ...> ... <plugins> <jaasAuthenticationPlugin configuration="LDAPLogin" /> </plugins> ... </broker> </beans>The value of the configuration attribute,
LDAPLogin, references the login entry from thelogin.configfile.Comment out the mediation router elements in the broker configuration. Open the broker configuration file and comment out the
camelContextelement as follows:<beans> <broker ...> ... </broker> <!-- <camelContext> ... </camelContext> --> ... </beans>The Camel route is not used in the current tutorial. If you left it enabled, you would have to supply it with appropriate username/password credentials, because it acts as a broker client.
Add username/password credentials to the consumer tool. Edit the file,
example/src/ConsumerTool.java, search for the line that creates a newActiveMQConnectionFactoryinstance, and just before this line, set the credentials,userandpassword, as shown:// Java ... public void run() { ... user = "jdoe"; password = "sunflower"; ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory(user, password, url); ... }Add username/password credentials to the producer tool. Edit the file,
example/src/ProducerTool.java, search for the line that creates a newActiveMQConnectionFactoryinstance, and just before this line, set the credentials,userandpassword, just as you did for the consumer tool.Ensure that the X.500 directory server is running. If necessary, manually restart the X.500 directory server. If the server is not running, all broker connections will fail.
Run the broker. Open a new command prompt and start the broker by entering the following command:
activemq
Run the consumer client. Open a new command prompt, change directory to
exampleand enter the following Ant command:ant consumer -Durl=tcp://localhost:61616 -Dmax=100
Run the producer client. Open a new command prompt, change directory to
exampleand enter the following Ant command:ant producer -Durl=tcp://localhost:61616
Perform a negative test. Edit one of the client source files (for example,
ConsumerTool.java) and change the credentials (username and password) to some invalid values. Now, if you re-run the client, you will get an authentication error.
 |  |  |
 |
