[rabbitmq-discuss] rabbit_auth_backend_ldap and Active Directory

Matt Bradbury bradbury at corenap.com
Mon Jan 7 22:29:41 GMT 2013


All/Simon?

I'm new to the RabbitMQ world and like the product, but I'm about to pull my hair out on AD authentication.

So, I'm looking to authorize with my unix username which are the same as our windows logins.

I'm having a lot of trouble getting the DNs to play nice.  Since my DN has my fullname as the cn part, I don't know how to map the username to the full name.

If I login with my full name "Matt Bradbury" so that my full user_dn matches my group structure, it works just fine.
i.e.  {user_dn_pattern,       "CN=${username},OU=Users,DC=corp,DC=example,DC=com"},

To use my unix name I have to use: {user_dn_pattern,       "${username}@CORP"},

This lets me login, but I'm then unable to match the DN with my groups since they use my full name in the DN.

Does anyone have a nice little recipe that lets me login with my shortname, which corresponds to the sAMAccountName attribute in AD LDAP?

Also, I can't seem to get dn_lookup_base or dn_lookup_attribute to make any difference to the LDAP queries when I look at the logs.  I feel like the solution is with these commands but I think I'm missing something here.

Is there a way to search for a DN from the sAMAccountName when I do resource_access_query?

FYI, I'm using other_bind for directory lookups after the login check.

Thank you for your time.

-Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130107/3a0e8328/attachment.htm>


More information about the rabbitmq-discuss mailing list