[rabbitmq-discuss] Debugging AD
Ben Hood
0x6e6562 at gmail.com
Wed Nov 30 16:44:09 GMT 2011
Hi Simon,
So after spinning the underlying LDAP driver on it's own, I was able
to establish what combination of input parameters was going to work
with AD:
1> {_, C} = eldap:open(["172.20.3.21"],[]).
2> eldap:simple_bind(C,
"ben.hood at ACMEDOMAIN","DB/nUcPk?DdF<eCjp?erzpbi[g"BdJL.w;pFrT>tg at KnbCDsi").
ok
So this boils down to putting
{user_dn_pattern, "${username}@ACMEDOMAIN"},
into rabbitmq.config.
I now have a follow up question: is it possible to create two
different groups in LDAP and assign them different levels of
privileges within the Management frontend?
I was thinking of having a group for admins who can do anything, and a
group for people who should be able to look at statistical info, but
can't do anything that would cause any messages to get binned (such as
queue/exchange deletions, queue purges or queue binds/unbinds).
Cheers,
Ben
On Wed, Nov 30, 2011 at 2:40 PM, Ben Hood <0x6e6562 at gmail.com> wrote:
> Pardon my ignorance of how LDAP works, but basically I am trying to
> port a known working LDAP configuration from some Java app that
> supplies a statically defined username/password in order to submit the
> authenication (aka bind) query.
More information about the rabbitmq-discuss
mailing list