FUSE Message Broker
  1. FUSE Message Broker
  2. MB-874

Please enhance the diagnostic logging when using the LDAPLoginModule

    Details

    • Type: Enhancement Enhancement
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: 5.4.2-fuse-02-00
    • Fix Version/s: 5.4.2-fuse-05-26
    • Component/s: broker
    • Labels:
      None
    • Similar Issues:
      Show 9 results 

      Description

      I've been working with login module both inside and outside of Service mix. I noticed the karaf login module has really helpful diagnostics:

      14:12:19,756 | INFO  | /127.0.0.1:52429 | Transport                        | 43 - org.apache.activemq.activemq-core - 5.4.2.fuse-03-00-SNAPSHOT | Transport failed: java.io.EOFException
      14:12:35,783 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Create the LDAP initial context.
      14:12:35,784 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Bound access requested.
      14:12:35,784 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Get the user DN.
      14:12:35,784 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Initialize the JNDI LDAP Dir Context.
      14:12:35,788 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Define the subtree scope search control.
      14:12:35,788 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Looking for the user in LDAP with 
      14:12:35,788 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 |   base DN: ou=User,ou=ActiveMQ,ou=system,dc=fusesource,dc=com
      14:12:35,788 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 |   filter: (uid=jdoe)
      14:12:35,792 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Get the user DN.
      14:12:35,792 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Bind user (authentication).
      14:12:35,792 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Set the security principal for uid=jdoe,ou=User,ou=ActiveMQ,ou=system,dc=fusesource,dc=com
      14:12:35,792 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Binding the user.
      14:12:35,795 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | User jdoe successfully bound.
      14:12:35,796 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Get user roles.
      14:12:35,800 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Looking for the user roles in LDAP with 
      14:12:35,800 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 |   base DN: ou=Group,ou=ActiveMQ,ou=system,dc=fusesource,dc=com
      14:12:35,800 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 |   filter: (member=uid=jdoe)
      
      

      Any way we can add something similar to the activemq version? It's quite helpful for troubleshooting these problems especially at a customer site where hooking up the debugger isn't always possible.

      Thanks,
      Susan

        Activity

        Hide
        Susan Javurek
        added a comment -

        While here it would be nice to set up the error handling a bit nicer. It seems we always get

        {code] ava.lang.SecurityException: User name or password is invalid. at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)[58:org.apache.activemq.activemq-core:5.4.2.fuse-03-00-SNAPSHOT] ... Caused by: javax.security.auth.login.LoginException: LDAP Error {code}

        I suspect this may be down to the response we get from LDAP, however, we get this error no matter what the configuration issue, bad password, invalid role matching criteria,
        invalid domain name (non-existant). It would really increase the usability of the module to be a bit more specific if possible. Otherwise, I'll settle for the values we are using
        like the above example.

        Thanks,
        Susan

        Show
        Susan Javurek
        added a comment - While here it would be nice to set up the error handling a bit nicer. It seems we always get {code] ava.lang.SecurityException: User name or password is invalid. at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)[58:org.apache.activemq.activemq-core:5.4.2.fuse-03-00-SNAPSHOT] ... Caused by: javax.security.auth.login.LoginException: LDAP Error {code} I suspect this may be down to the response we get from LDAP, however, we get this error no matter what the configuration issue, bad password, invalid role matching criteria, invalid domain name (non-existant). It would really increase the usability of the module to be a bit more specific if possible. Otherwise, I'll settle for the values we are using like the above example. Thanks, Susan
        Hide
        Matt Hernon
        added a comment -

        BQ: Medium (Requested to be in 4.3.1-fuse-02-xx by the FAA)

        Show
        Matt Hernon
        added a comment - BQ: Medium (Requested to be in 4.3.1-fuse-02-xx by the FAA)
        Hide
        Dejan Bosanac
        added a comment -

        This has been implemented and merged to 5.5.x-fuse branch.

        It's available for testing in the latest (20110516.144701-22) snapshot from

        http://repo.fusesource.com/nexus/content/repositories/snapshots/org/apache/activemq/apache-activemq/5.5-fuse-SNAPSHOT/

        Please reopen if you need it merged to some other branch as well

        Show
        Dejan Bosanac
        added a comment - This has been implemented and merged to 5.5.x-fuse branch. It's available for testing in the latest (20110516.144701-22) snapshot from http://repo.fusesource.com/nexus/content/repositories/snapshots/org/apache/activemq/apache-activemq/5.5-fuse-SNAPSHOT/ Please reopen if you need it merged to some other branch as well
        Hide
        Dejan Bosanac
        added a comment -

        This has now been merged in 5.4.x-fuse branch. Snapshot (20110718.143320-6) available from

        http://repo.fusesource.com/nexus/content/repositories/snapshots/org/apache/activemq/apache-activemq/5.4.2-fuse-03-00-SNAPSHOT/

        Show
        Dejan Bosanac
        added a comment - This has now been merged in 5.4.x-fuse branch. Snapshot (20110718.143320-6) available from http://repo.fusesource.com/nexus/content/repositories/snapshots/org/apache/activemq/apache-activemq/5.4.2-fuse-03-00-SNAPSHOT/

          People

          • Assignee:
            Dejan Bosanac
            Reporter:
            Susan Javurek
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: