[rabbitmq-discuss] MCollective + RabbitMQ + LDAP authentication issues
E Raymond
lowlifi at gmail.com
Fri Mar 2 21:48:04 GMT 2012
Hello!
We have been testing MCollective with RabbitMQ 2.7.1 with great
success, but we are moving it into production, with a working LDAP
setup in place. I have created a test user,"mco-user', in LDAP, and
added to a group "ops". The user is able to authenticate through out
all our systems, but when trying to utilize with mcollective, I get
the following messages in the rabbitmq logs:
=INFO REPORT==== 2-Mar-2012::21:29:37 ===
accepted TCP connection on [::]:6163 from 10.0.0.92:25038
=INFO REPORT==== 2-Mar-2012::21:29:37 ===
starting STOMP connection <0.275.0> from ::FFFF:10.0.0.92:25038
=INFO REPORT==== 2-Mar-2012::21:29:37 ===
LDAP backend: connecting to ["ds.example.net"]
=INFO REPORT==== 2-Mar-2012::21:29:37 ===
LDAP backend: bind request = {'BindRequest',3,
"uid=mco-
user,ou=employees,ou=people,dc=example,dc=net",
{simple,<<"CrazYPWd!">>}}
=INFO REPORT==== 2-Mar-2012::21:29:37 ===
LDAP backend: bind reply = {ok,
{'LDAPMessage',1,
{bindResponse,
{'BindResponse',success,[],
[],asn1_NOVALUE,
asn1_NOVALUE}},
asn1_NOVALUE}}
=INFO REPORT==== 2-Mar-2012::21:29:37 ===
LDAP backend: connecting to ["ds.example.net"]
=INFO REPORT==== 2-Mar-2012::21:29:37 ===
LDAP backend: connecting to ["ds.example.net"]
=INFO REPORT==== 2-Mar-2012::21:29:37 ===
LDAP backend: search request = {'SearchRequest',
"ou=/,ou=employees,ou=people,dc=example,dc=net",
baseObject,neverDerefAliases,
0,0,false,
{present,"objectClass"},
[]}
=INFO REPORT==== 2-Mar-2012::21:29:37 ===
LDAP backend: search reply = {ok,
{'LDAPMessage',1,
{searchResDone,
{'LDAPResult',noSuchObject,
"ou=employees,ou=people,dc=example,dc=net",
[],asn1_NOVALUE}},
asn1_NOVALUE}}
=ERROR REPORT==== 2-Mar-2012::21:29:37 ===
STOMP error frame sent:
Message: "Bad CONNECT"
Detail: "Authentication failure\n"
Server private detail: none
=INFO REPORT==== 2-Mar-2012::21:29:38 ===
Socket #Port<0.2954> closed by client
=INFO REPORT==== 2-Mar-2012::21:29:38 ===
ending STOMP connection <0.275.0> from ::FFFF:10.0.0.92:25038
=INFO REPORT==== 2-Mar-2012::21:31:43 ===
accepted TCP connection on [::]:5672 from 10.0.0.109:24056
=INFO REPORT==== 2-Mar-2012::21:31:43 ===
starting TCP connection <0.287.0> from 10.0.0.109:24056
=WARNING REPORT==== 2-Mar-2012::21:31:43 ===
exception on TCP connection <0.287.0> from 10.0.0.109:24056
connection_closed_abruptly
=INFO REPORT==== 2-Mar-2012::21:31:43 ===
closing TCP connection <0.287.0> from 10.0.0.109:24056
The rabbitmq.config file looks like this:
[ {rabbitmq_stomp, [{tcp_listeners, [6163]} ]},
{rabbit, [{auth_backends, [rabbit_auth_backend_ldap]}]},
{rabbitmq_auth_backend_ldap,
[ {servers, ["ds.example.net"]},
{user_dn_pattern, "uid=$
{username},ou=employees,ou=people,dc=example,dc=net"},
{vhost_access_query, {exists,
"ou=$
{vhost},ou=employees,ou=people,dc=example,dc=net"}},
{resource_access_query,
{for, [{resource, exchange,
{for, [{permission, configure,
{ in_group,
"cn=ops,ou=groups,dc=example,dc=net" }
},
{permission, write, {constant, true}},
{permission, read, {constant, true}}
]}},
{resource, queue, {constant, true}} ]}},
{tag_queries, [{administrator, {constant, false}}]},
{use_ssl, false},
{port, 389},
{log, true} ] }
].
More information about the rabbitmq-discuss
mailing list