[rabbitmq-discuss] ldap authentication

Nathan phenisha at gmail.com
Mon Sep 19 07:10:38 BST 2011


Hello,

I am experimenting with rabbitmq and ldap authentication plugin.

Below is my current /etc/rabbitmq/rabbitmq.config:

What I am trying to achieve is that users in ldap group zozee can 
publish and subscribe
to queues.

[
  {rabbitmq_stomp, [{tcp_listeners, [6163]} ]},
  {rabbit, [{auth_backends, [rabbit_auth_backend_ldap]}]  },
  {rabbit_auth_backend_ldap,
   [ {servers,               ["ldap.zozee.com"]},
     {user_dn_pattern,       "uid=${username},ou=people,dc=zozee,dc=com"},
     {vhost_access_query,    
{exists,"ou=${vhost},ou=people,dc=zozee,dc=com"}},
     {resource_access_query,
       {for, [{resource, exchange,{for, [{permission, configure,
                                          { in_group, 
"cn=zozee,ou=groups,dc=zozee,dc=com" }
                                         },
                                         {permission, write, {constant, 
true}},
                                         {permission, read,  {constant, 
true}}
                                        ]}},
              {resource, queue, {constant, true}} ]}},
       {tag_queries,           [{administrator, {constant, false}}]},
       {use_ssl,               true},
       {port,                  636},
       {log,                   false} ] }
].



when I try to publish work with a queue i get the following
errors

=ERROR REPORT==== 19-Sep-2011::15:54:21 ===
exception on TCP connection <0.362.0> from 172.16.0.51:37261
{channel0_error,starting,
                 {amqp_error,access_refused,
                             "PLAIN login refused: 
cn=guest,ou=People,dc=example,dc=com",
                             'connection.start_ok'}}

so it looks like rabbitmq is not reading my config file correctly as is 
looking at example.com in ldap??

any help will be appreciated

Thanks
Nathan

also below is my rabbitmqctl command
copernicium:~# rabbitmqctl  report
Reporting server status on {{2011,9,19},{6,7,46}}

Status of node rabbit at copernicium ...
[{pid,2316},
  {running_applications,
      [{amqp_client,"RabbitMQ AMQP Client","2.6.1"},
       {rabbitmq_stomp,"Embedded Rabbit Stomp Adapter","2.6.1"},
       {rabbit,"RabbitMQ","2.6.1"},
       {mnesia,"MNESIA  CXC 138 12","4.4.19"},
       {os_mon,"CPO  CXC 138 46","2.2.6"},
       {sasl,"SASL  CXC 138 11","2.1.9.4"},
       {rabbitmq_auth_backend_ldap,"RabbitMQ LDAP Authentication Backend",
           "2.6.1"},
       {eldap,"LDAP Client Library","2.6.1-gite309de4"},
       {stdlib,"ERTS  CXC 138 10","1.17.4"},
       {kernel,"ERTS  CXC 138 10","2.14.4"}]},
  {os,{unix,linux}},
  {erlang_version,
      "Erlang R14B03 (erts-5.8.4) [source] [64-bit] [smp:16:16] [rq:16] 
[async-threads:30] [kernel-poll:true]\n"},
  {memory,
      [{total,26838928},
       {processes,10152320},
       {processes_used,10139488},
       {system,16686608},
       {atom,1200153},
       {atom_used,1177465},
       {binary,74616},
       {code,11876398},
       {ets,821120}]}]

Cluster status of node rabbit at copernicium ...
[{nodes,[{disc,[rabbit at copernicium]}]},{running_nodes,[rabbit at copernicium]}]

Application environment of node rabbit at copernicium ...
[{auth_backends,[rabbit_auth_backend_ldap]},
  {auth_mechanisms,['PLAIN','AMQPLAIN']},
  {backing_queue_module,rabbit_variable_queue},
  {cluster_nodes,[]},
  {collect_statistics,none},
  {collect_statistics_interval,5000},
  {default_permissions,[<<".*">>,<<".*">>,<<".*">>]},
  {default_user,<<"guest">>},
  {default_user_tags,[administrator]},
  {default_vhost,<<"/">>},
  {delegate_count,16},
  {frame_max,131072},
  {included_applications,[]},
  {msg_store_file_size_limit,16777216},
  {msg_store_index_module,rabbit_msg_store_ets_index},
  {queue_index_max_journal_entries,262144},
  {server_properties,[]},
  {ssl_listeners,[]},
  {ssl_options,[]},
  {tcp_listen_options,[binary,
                       {packet,raw},
                       {reuseaddr,true},
                       {backlog,128},
                       {nodelay,true},
                       {exit_on_close,false}]},
  {tcp_listeners,[5672]},
  {trace_vhosts,[]},
  {vm_memory_high_watermark,0.4}]

Connections:

Channels:

Queues on /:

Exchanges on /:
name    type    durable    auto_delete    internal    arguments
amq.direct    direct    true    false    false    []
amq.topic    topic    true    false    false    []
amq.rabbitmq.trace    topic    true    false    false    []
amq.rabbitmq.log    topic    true    false    false    []
amq.fanout    fanout    true    false    false    []
amq.headers    headers    true    false    false    []
     direct    true    false    false    []
amq.match    headers    true    false    false    []

Bindings on /:

Consumers on /:

Permissions on /:
user    configure    write    read
mcollective    ^amq.gen-.*    .*    .*
testguy    .*    .*    .*

End of server status report
...done.
copernicium:~#



More information about the rabbitmq-discuss mailing list