Details
-
Bug
-
Resolution: Done
-
Critical
-
AMQ 7.7.0.GA
-
+
-
Previously, when a new permission was added to LDAP the LegacyLDAPSecuritySettingPlugin used the new permission to modify the default security match which could break authorization for existing users. This issue is now resolved.
-
Verified in a release
Description
This issue relates to ENTMQBR-3370 but a slightly different problem.
Newly created user/group can still access any newly created queues/destinations. For all existing destinations that have already had proper "read", "write" and "admin" permission configured, the newly created user/group worked fine. But not for any new destinations.
For instance, an user "user3" from group "team3" has been configured to access queues "project3.$". If we create a new user "user4" from group "team4" and they are configured to only access queues "project4.$". But without restarting the AMQ broker, those changes in backend LDAP server will allow the user "user4" to access any other destinations, for instance, it can access queue "project8.test". For the existing configured queues like "project3.test", the user "user4" won't be able to access it, just as usual.
This strange behaviour will disappear after the AMQ broker restart. After that, everything worked fine as expected.
Attachments
Issue Links
- clones
-
-
- Closed
-