[rabbitmq-discuss] Debugging AD

• Previous message: [rabbitmq-discuss] Debugging AD
• Next message: [rabbitmq-discuss] Debugging AD
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Simon,

So after spinning the underlying LDAP driver on it's own, I was able
to establish what combination of input parameters was going to work
with AD:

1> {_, C} = eldap:open(["172.20.3.21"],[]).
2> eldap:simple_bind(C,
"ben.hood at ACMEDOMAIN","DB/nUcPk?DdF<eCjp?erzpbi[g"BdJL.w;pFrT>tg at KnbCDsi").
ok

So this boils down to putting

{user_dn_pattern,       "${username}@ACMEDOMAIN"},

into rabbitmq.config.

I now have a follow up question: is it possible to create two
different groups in LDAP and assign them different levels of
privileges within the Management frontend?

I was thinking of having a group for admins who can do anything, and a
group for people who should be able to look at statistical info, but
can't do anything that would cause any messages to get binned (such as
queue/exchange deletions, queue purges or queue binds/unbinds).

Cheers,

Ben

On Wed, Nov 30, 2011 at 2:40 PM, Ben Hood <0x6e6562 at gmail.com> wrote:
> Pardon my ignorance of how LDAP works, but basically I am trying to
> port a known working LDAP configuration from some Java app that
> supplies a statically defined username/password in order to submit the
> authenication (aka bind) query.

• Previous message: [rabbitmq-discuss] Debugging AD
• Next message: [rabbitmq-discuss] Debugging AD
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]