[rabbitmq-discuss] Multi vhost access with static LDAP
Simon MacMullen
simon at rabbitmq.com
Fri Oct 11 12:01:04 BST 2013
On 08/10/2013 8:34PM, MyOwnFitness wrote:
> My question is how do i separate the two vhost's in the config file, and
> still maintain access control?
>
> Do i have 2 "vhost_access_query"? but then how do i set the permissions
> for each?
>
> ** Also, all LDAP is 100% static, i cannot add groups or attributes. **
I suspect you can't do this with 3.1.5, if there's no regularity in the
patterns of username and object, and the information you want isn't in
LDAP. The next release will support boolean operators in the various
access queries, which will allow you to combine various queries
together, one per user to do this.
But it sounds like what you really want is to be able to use LDAP just
for authentication, and then do authorisation via the built in database.
Does that sound accurate?
Cheers, Simon
--
Simon MacMullen
RabbitMQ, Pivotal
More information about the rabbitmq-discuss
mailing list