[rabbitmq-discuss] Debugging AD

Ben Hood 0x6e6562 at gmail.com
Tue Nov 29 18:16:50 GMT 2011 

Hi,

I'm trying to see if I can get 2.7.0 (RHEL 2.6.18-274.3.1.el5, OTP
R14B03) to authenticate against a corporate AD.

The first iteration of my /etc/rabbitmq/rabbitmq.config looks like this:

--------------------------------------------

{rabbit, [{auth_backends, [rabbit_auth_backend_ldap,
rabbitmq_auth_backend_internal]}]  },

%% I'm assuming that the internal DB does not use the _mq suffix,
whereas the ldap backend module
%% appears to derive it's origin from rabbitmq_auth_backend_ldap.app,
which seems to get tarred into the rabbitmq_auth_backend_ldap-2.7.0.ez

 {rabbitmq_auth_backend_ldap,
 [ {servers,               ["ad.acme.com"]},
   {user_dn_pattern,
"(sAMAccountName=${username}),DC=global,DC=acme,DC=Com"},

 %% Leave this commented out for now, so that we can get the basic
LDAP handshake going
 %%  {resource_access_query,
 %%    {for, [{resource, exchange,{for, [{permission, configure,
 %%                                       { in_group,
"cn=acme,ou=groups,dc=acme,dc=com" }
 %%                                      },
 %%                                      {permission, write, {constant, true}},
 %%                                      {permission, read,  {constant, true}}
 %%                                     ]}},
 %%           {resource, queue, {constant, true}} ]}},
 %%    {tag_queries,           [{administrator, {constant, false}}]},

     {use_ssl,               false},
     {port,                  389},
     {log,                   true} ] }
].

--------------------------------------------

However, the effect of this is that the management plugin no longer
responds to any requests (I haven't yet tried to establish an AMQP
connection yet). This is what I gleaned from the SASL log:

=CRASH REPORT==== 29-Nov-2011::18:06:59 ===
  crasher:
    initial call: mochiweb_acceptor:init/3
    pid: <0.288.0>
    registered_name: []
    exception error: undefined function
rabbitmq_auth_backend_ldap:check_user_login/2
      in function  rabbit_access_control:'-check_user_login/2-fun-0-'/4
      in call from lists:foldl/3
      in call from rabbit_mgmt_app:'-make_loop/0-fun-0-'/4
      in call from mochiweb_http:headers/5
    ancestors: [rabbit_mochiweb_web_mgmt,rabbit_mochiweb_sup,<0.127.0>]
    messages: []
    links: [<0.226.0>,#Port<0.5315>]
    dictionary: []
    trap_exit: false
    status: running
    heap_size: 4181
    stack_size: 24
    reductions: 1490
  neighbours:


Looking at the source code of the app, the auth backend behavior
appears to be implemented in the rabbit_auth_backend_ldap module (sans
mq). So I've tried a few different combinations of mq/no mq in
rabbitmq.config, to no avail.

Does anybody know which way round I should define the mq in rabbitmq.config?

Cheers,

Ben

More information about the rabbitmq-discuss mailing list