diff options
author | Robert Gemmell <robbie@apache.org> | 2012-11-29 13:17:04 +0000 |
---|---|---|
committer | Robert Gemmell <robbie@apache.org> | 2012-11-29 13:17:04 +0000 |
commit | b6abff4f857f2fa7574252ac740f0b5f2bb9e142 (patch) | |
tree | 0b013d53e66fb79bbd97076128c59efb88ae5790 | |
parent | f58f4189e28b940bac1134325796f0c5c2751068 (diff) | |
download | qpid-python-b6abff4f857f2fa7574252ac740f0b5f2bb9e142.tar.gz |
QPID-4462: add some documentation regarding the security provider workaround, until the issue can be fixed
merge from trunk r1414821
git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/0.20@1415153 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml | 40 |
1 files changed, 33 insertions, 7 deletions
diff --git a/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml b/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml index 96b6f99185..0974441ae5 100644 --- a/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml +++ b/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml @@ -38,18 +38,44 @@ </section> - <section> + <section id="LDAPAuthManager"> <title>LDAP</title> + + <para> + LDAP authentication can be configured using the <simple-ldap-auth-manager> element + within the <security> section. An example of how to configure this is shown below. + Please note this example also configures an unused <pd-auth-manager> to use an empty + password file, this is a workaround for an issue relating to registration of security providers. + </para> + + <para> + <emphasis>NOTE: When using LDAP authentication, you must also use SSL on the brokers AMQP messaging and + JMX/HTTP management ports in order to protect passwords during transmission to the broker.</emphasis> + </para> <example> <title>Configuring LDAP authentication</title> <programlisting><![CDATA[ <security> - <simple-ldap-auth-manager> - <provider-url>ldaps://example.com:636/</provider-url> - <search-context>dc=example\,dc=com</search-context> - <search-filter>(uid={0})</search-filter> - </simple-ldap-auth-manager> - ... + <default-auth-manager>SimpleLDAPAuthenticationManager</default-auth-manager> + <simple-ldap-auth-manager> + <provider-url>ldaps://example.com:636/</provider-url> + <search-context>dc=example\,dc=com</search-context> + <search-filter>(uid={0})</search-filter> + </simple-ldap-auth-manager> + + <!-- Unused pd-auth-manager, a workaround to register the necessary security providers --> + <pd-auth-manager> + <principal-database> + <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class> + <attributes> + <attribute> + <name>passwordFile</name> + <value>${conf}/emptyPasswdFile</value> + </attribute> + </attributes> + </principal-database> + <pd-auth-manager> + ... </security>]]></programlisting> </example> |