[rabbitmq-discuss] Configuring Auth LDAP Backend using LDAP+SSL/TLS

Simon MacMullen simon at rabbitmq.com
Thu Oct 24 10:43:18 BST 2013


Currently you can't set SSL options for LDAP connections, you can only 
set {use_ssl, true} to make a connection without presenting a client 
certificate. I guess this should be fixed.

Also you have {port, 389} which is unlikely to work as it's the non-SSL 
port and I'm not at all convinced eldap (the underlying Erlang LDAP 
library) supports StartTLS.

So the only configuration that could work at the moment is

{use_ssl, true},
{port,    636}

Cheers, Simon

On 23/10/13 19:20, Carl Corliss wrote:
> Greetings,
>
>    I've been using RabbitMQ for a while now though this is my first
> time attempting to use the LDAP authentication backend plugin. I have
> a requirement to use SSL/TLS for LDAP connections (openldap ssf:
> simple_bind=128 update_ssf=128), so either LDAPS:// or
> LDAP://+starttls. However, from what I can tell, the plugin isn't
> talking to LDAP using SSL/TLS so ldap based logins are failing.
>
> Based on the documentation, which I could very well be
> misinterpreting, I setup the use_ssl option using ssl_options as a
> guide, however that doesn't appear to be working.
>
> You can see my settings, and log output here:
>
>      https://gist.github.com/rabbitt/cf2d42a011cff8bfe188
>
> Any suggestions/help/criticism is greatly appreciated!
>
> Thanks in advance!,
>
> --
> Carl P. Corliss
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>


-- 
Simon MacMullen
RabbitMQ, Pivotal


More information about the rabbitmq-discuss mailing list