[rabbitmq-discuss] Debugging AD
Simon MacMullen
simon at rabbitmq.com
Fri Dec 2 11:49:39 GMT 2011
On 01/12/11 17:10, Ben Hood wrote:
> So I would love to be corrected, but I can't see how AD authentication
> can work without post-processing the initial bind call. Has anybody
> else had any success with AD where authentication for the bind is
> required?
So after some off-list discussion, the issue is that AD allows you to
bind using a short ID rather than a full name - useful in the case where
you have too many users to stick them in a single OU, but don't want
people to have to enter their full DN to log in.
But the LDAP plugin assumes that the name you log in as is your full DN
(after applying user_dn_pattern). So it would be useful to have an
optional step to go look up the DN after bind.
I'll file a bug.
Cheers, Simon
--
Simon MacMullen
RabbitMQ, VMware
More information about the rabbitmq-discuss
mailing list