[rabbitmq-discuss] Computer authentication/authorisation

Simon MacMullen simon at rabbitmq.com
Fri Aug 17 16:48:40 BST 2012


Hi Michael.

On 17/08/12 15:05, Michael Cohen wrote:
> I was wondering whether if both plugins are used what happens during
> authentication
>
> If I...
> Create certs on the workers with the cert cn = ldap computer object cn
> Set {ssl_cert_login_from, common_name}
> Set {dn_lookup_attribute, "cn"}
> Set {other_bind, {diruser, dirpassword}}
>
> During authentication, will the ldap backend just check common_name
> (from the cert) = cn (from computer object) and ignore the password?

Depends what you mean by "the password". RabbitMQ will use the password 
you configured in {other_bind, {diruser, dirpassword}} to talk to the 
LDAP server. But on the AMQPS connection there won't be a password 
transmitted at all.

You'll also need to tell your client to use the EXTERNAL SASL mechanism 
- e.g. in the Java client you would:

     ConnectionFactory factory = new ConnectionFactory();
     factory.setSaslConfig(DefaultSaslConfig.EXTERNAL);

Cheers, Simon

-- 
Simon MacMullen
RabbitMQ, VMware


More information about the rabbitmq-discuss mailing list