[rabbitmq-discuss] MCollective + RabbitMQ + LDAP authentication issues
E Raymond
lowlifi at gmail.com
Mon Mar 5 20:07:56 GMT 2012
Hi Simon,
Thanks for the help! I realize the problem now, and wonder if there is
an in between solution to this?
I only want to authenticate the user through LDAP. I feel adding
vhosts to OU's seems like a bulky solution, and would prefer to allow
specific authenticated users to have to access to a specified vhost,
and allow the resources to dictate what privileges they have.
Is this possible?
On Mar 5, 8:30 am, Simon MacMullen <si... at rabbitmq.com> wrote:
> On 02/03/12 21:48, E Raymond wrote:
>
>
>
>
>
>
>
>
>
> > =INFO REPORT==== 2-Mar-2012::21:29:37 ===
> > LDAP backend: search request = {'SearchRequest',
>
> > "ou=/,ou=employees,ou=people,dc=example,dc=net",
> > baseObject,neverDerefAliases,
> > 0,0,false,
> > {present,"objectClass"},
> > []}
>
> > =INFO REPORT==== 2-Mar-2012::21:29:37 ===
> > LDAP backend: search reply = {ok,
> > {'LDAPMessage',1,
> > {searchResDone,
> > {'LDAPResult',noSuchObject,
>
> > "ou=employees,ou=people,dc=example,dc=net",
> > [],asn1_NOVALUE}},
> > asn1_NOVALUE}}
>
> > =ERROR REPORT==== 2-Mar-2012::21:29:37 ===
> > STOMP error frame sent:
> > Message: "Bad CONNECT"
> > Detail: "Authentication failure\n"
> > Server private detail: none
>
> The request / response immediately before the authentication failure
> shows the LDAP plugin looking up the object
>
> "ou=/,ou=employees,ou=people,dc=example,dc=net"
>
> and getting
>
> noSuchObject
>
> in response.
>
> Does that object actually exist?
>
> Do you actually want to have:
> {vhost_access_query,
> {exists, "ou=${vhost},ou=employees,ou=people,dc=example,dc=net"}},
>
> in your config?
>
> Cheers, Simon
>
> --
> Simon MacMullen
> RabbitMQ, VMware
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-disc... at lists.rabbitmq.comhttps://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
More information about the rabbitmq-discuss
mailing list