[rabbitmq-discuss] rabbit_auth_backend_ldap and Active Directory

Simon MacMullen simon at rabbitmq.com
Tue Jan 8 09:16:55 GMT 2013 

Hi. dn_lookup_base and dn_lookup_attribute should do what you want. I 
would expect something like:

  {dn_lookup_base,      "OU=Users,DC=corp,DC=example,DC=com"},
  {dn_lookup_attribute, "sAMAccountName"}

should work.

Do the logs (in 'network' mode) not show a search after the bind?

If not: which version of RabbitMQ are you using? Can you post your 
config, and a screenshot or similar showing your account in AD?

Cheers, Simon

On 07/01/2013 10:45PM, Matt Bradbury wrote:
> All/Simon?
>
> I’m new to the RabbitMQ world and like the product, but I’m about to
> pull my hair out on AD authentication.
>
> So, I’m looking to authorize with my unix username which are the same as
> our windows logins.
>
> I’m having a lot of trouble getting the DNs to play nice.  Since my DN
> has my fullname as the cn part, I don’t know how to map the username to
> the full name.
>
> If I login with my full name “Matt Bradbury” so that my full user_dn
> matches my group structure, it works just fine.
>
> i.e.  {user_dn_pattern,
> "CN=${username},OU=Users,DC=corp,DC=example,DC=com"},
>
> To use my unix name I have to use: {user_dn_pattern,
> "${username}@CORP"},
>
> This lets me login, but I’m then unable to match the DN with my groups
> since they use my full name in the DN.
>
> Does anyone have a nice little recipe that lets me login with my
> shortname, which corresponds to the sAMAccountName attribute in AD LDAP?
>
> Also, I can’t seem to get dn_lookup_base or dn_lookup_attribute to make
> any difference to the LDAP queries when I look at the logs.  I feel like
> the solution is with these commands but I think I’m missing something here.
>
> Is there a way to search for a DN from the sAMAccountName when I do
> resource_access_query?
>
> FYI, I’m using other_bind for directory lookups after the login check.
>
> Thank you for your time.
>
> -Matt
>
>
>
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>

More information about the rabbitmq-discuss mailing list