[rabbitmq-discuss] Access rights with rabbit_auth_backend_ldap plugin

GEHIN Olivier olivier.gehin at atos.net
Fri Oct 21 09:04:53 BST 2011


Hi Simon,

Thank you for your answer.

Today, we have not fully design our LDAP structur.
However, I could explain more what we try to implement:
We are developping a service platform, with communication based on rabbitMQ.
On this platform, we have dynamic users : each user has got this own queue to listen messages and has write access to a common exchange.
Our problem is the following: we will limit user to have read access only for this own queue.

I think that the solution to use in_group query is not working, because users and queue can be created dynamically, instead rabbit_auth_backend_ldap plugin configuration.

Best regards,
Olivier

-----Message d'origine-----
De : rabbitmq-discuss-bounces at lists.rabbitmq.com [mailto:rabbitmq-discuss-bounces at lists.rabbitmq.com] De la part de Simon MacMullen
Envoyé : jeudi 20 octobre 2011 18:20
À : rabbitmq-discuss at lists.rabbitmq.com
Objet : Re: [rabbitmq-discuss] Access rights with rabbit_auth_backend_ldap plugin

Hi Olivier.

At the moment there's no support for regular expressions in the LDAP
plugin. This might get added in the future though; I'm looking into how
the existing queries could be enhanced.

At the moment the sort of thing you can do is to use an in_group query
and have a groupOfNames per object you want to control access to - but
there's no pattern matching.

If you could describe on or off list how your LDAP database is
structured and what you're trying to do, that would be a help.

Cheers, Simon

On 20/10/11 14:48, GEHIN Olivier wrote:
> Hello,
>
> I have well configurate the rabbit_auth_backend_ldap plugin with my LDAP
> directory and the connexion works.
>
> Now, I would limit access for a user to write access for a specific
> exchange and read access for a specific queue.
>
> With internal database, we could use regular expression to define access
> rights for a user.
>
> Can we define similar access rights with this plugin?
>
> Best regards,
>
> Olivier
>
> ------------------------------------------------------------------------
>
> Ce message et les pièces jointes sont confidentiels et réservés à
> l'usage exclusif de ses destinataires. Il peut également être protégé
> par le secret professionnel. Si vous recevez ce message par erreur,
> merci d'en avertir immédiatement l'expéditeur et de le détruire.
> L'intégrité du message ne pouvant être assurée sur Internet, la
> responsabilité du groupe Atos ne pourra être engagée quant au contenu de
> ce message. Bien que les meilleurs efforts soient faits pour maintenir
> cette transmission exempte de tout virus, l'expéditeur ne donne aucune
> garantie à cet égard et sa responsabilité ne saurait être engagée pour
> tout dommage résultant d'un virus transmis.
>
> This e-mail and the documents attached are confidential and intended
> solely for the addressee; it may also be privileged. If you receive this
> e-mail in error, please notify the sender immediately and destroy it. As
> its integrity cannot be secured on the Internet, the Atos group
> liability cannot be triggered for the message content. Although the
> sender endeavors to maintain a computer virus-free network, the sender
> does not warrant that this transmission is virus-free and will not be
> liable for any damages resulting from any virus transmitted.
>
>
>
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss


--
Simon MacMullen
RabbitMQ, VMware
_______________________________________________
rabbitmq-discuss mailing list
rabbitmq-discuss at lists.rabbitmq.com
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

________________________________


Ce message et les pièces jointes sont confidentiels et réservés à l'usage exclusif de ses destinataires. Il peut également être protégé par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant être assurée sur Internet, la responsabilité du groupe Atos ne pourra être engagée quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne saurait être engagée pour tout dommage résultant d'un virus transmis.

This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.



More information about the rabbitmq-discuss mailing list