FUSE Message Broker
  1. FUSE Message Broker
  2. MB-874

Please enhance the diagnostic logging when using the LDAPLoginModule

    Details

    • Type: Enhancement Enhancement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: 5.4.2-fuse-02-00
    • Fix Version/s: 5.4.2-fuse-05-26
    • Component/s: broker
    • Labels:
      None
    • Similar Issues:
      Show 9 results 

      Description

      I've been working with login module both inside and outside of Service mix. I noticed the karaf login module has really helpful diagnostics:

      14:12:19,756 | INFO  | /127.0.0.1:52429 | Transport                        | 43 - org.apache.activemq.activemq-core - 5.4.2.fuse-03-00-SNAPSHOT | Transport failed: java.io.EOFException
      14:12:35,783 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Create the LDAP initial context.
      14:12:35,784 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Bound access requested.
      14:12:35,784 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Get the user DN.
      14:12:35,784 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Initialize the JNDI LDAP Dir Context.
      14:12:35,788 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Define the subtree scope search control.
      14:12:35,788 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Looking for the user in LDAP with 
      14:12:35,788 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 |   base DN: ou=User,ou=ActiveMQ,ou=system,dc=fusesource,dc=com
      14:12:35,788 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 |   filter: (uid=jdoe)
      14:12:35,792 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Get the user DN.
      14:12:35,792 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Bind user (authentication).
      14:12:35,792 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Set the security principal for uid=jdoe,ou=User,ou=ActiveMQ,ou=system,dc=fusesource,dc=com
      14:12:35,792 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Binding the user.
      14:12:35,795 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | User jdoe successfully bound.
      14:12:35,796 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Get user roles.
      14:12:35,800 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 | Looking for the user roles in LDAP with 
      14:12:35,800 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 |   base DN: ou=Group,ou=ActiveMQ,ou=system,dc=fusesource,dc=com
      14:12:35,800 | DEBUG | /127.0.0.1:52438 | LDAPLoginModule                  | 12 - org.apache.karaf.jaas.modules - 2.1.3.fuse-00-00 |   filter: (member=uid=jdoe)
       

      Any way we can add something similar to the activemq version? It's quite helpful for troubleshooting these problems especially at a customer site where hooking up the debugger isn't always possible.

      Thanks,
      Susan

        Gliffy Diagrams

          Activity

          Hide
          Susan Javurek added a comment -

          While here it would be nice to set up the error handling a bit nicer. It seems we always get

          {code] ava.lang.SecurityException: User name or password is invalid. at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)[58:org.apache.activemq.activemq-core:5.4.2.fuse-03-00-SNAPSHOT] ... Caused by: javax.security.auth.login.LoginException: LDAP Error {code}

          I suspect this may be down to the response we get from LDAP, however, we get this error no matter what the configuration issue, bad password, invalid role matching criteria,
          invalid domain name (non-existant). It would really increase the usability of the module to be a bit more specific if possible. Otherwise, I'll settle for the values we are using
          like the above example.

          Thanks,
          Susan

          Show
          Susan Javurek added a comment - While here it would be nice to set up the error handling a bit nicer. It seems we always get {code] ava.lang.SecurityException: User name or password is invalid. at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)[58:org.apache.activemq.activemq-core:5.4.2.fuse-03-00-SNAPSHOT] ... Caused by: javax.security.auth.login.LoginException: LDAP Error {code} I suspect this may be down to the response we get from LDAP, however, we get this error no matter what the configuration issue, bad password, invalid role matching criteria, invalid domain name (non-existant). It would really increase the usability of the module to be a bit more specific if possible. Otherwise, I'll settle for the values we are using like the above example. Thanks, Susan
          Hide
          Matt Hernon added a comment -

          BQ: Medium (Requested to be in 4.3.1-fuse-02-xx by the FAA)

          Show
          Matt Hernon added a comment - BQ: Medium (Requested to be in 4.3.1-fuse-02-xx by the FAA)
          Hide
          Dejan Bosanac added a comment -

          This has been implemented and merged to 5.5.x-fuse branch.

          It's available for testing in the latest (20110516.144701-22) snapshot from

          http://repo.fusesource.com/nexus/content/repositories/snapshots/org/apache/activemq/apache-activemq/5.5-fuse-SNAPSHOT/

          Please reopen if you need it merged to some other branch as well

          Show
          Dejan Bosanac added a comment - This has been implemented and merged to 5.5.x-fuse branch. It's available for testing in the latest (20110516.144701-22) snapshot from http://repo.fusesource.com/nexus/content/repositories/snapshots/org/apache/activemq/apache-activemq/5.5-fuse-SNAPSHOT/ Please reopen if you need it merged to some other branch as well
          Hide
          Dejan Bosanac added a comment -

          This has now been merged in 5.4.x-fuse branch. Snapshot (20110718.143320-6) available from

          http://repo.fusesource.com/nexus/content/repositories/snapshots/org/apache/activemq/apache-activemq/5.4.2-fuse-03-00-SNAPSHOT/

          Show
          Dejan Bosanac added a comment - This has now been merged in 5.4.x-fuse branch. Snapshot (20110718.143320-6) available from http://repo.fusesource.com/nexus/content/repositories/snapshots/org/apache/activemq/apache-activemq/5.4.2-fuse-03-00-SNAPSHOT/

            People

            • Assignee:
              Dejan Bosanac
              Reporter:
              Susan Javurek
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: