[rabbitmq-discuss] Active Directory as an LDAP auth backen for Rabbitmq

Jensen, Kristian krjensen at ebay.com
Wed Feb 19 09:34:28 GMT 2014


Hi,

We use Active Directory as an LDAP auth backen for Rabbitmq.

We have 3 AD servers, and all 3 are configured in RabbitMQ. But if we shutdown one of them, we are no longer able to access RabbitMQ using an LDAP account.
I get the login promt, om the management site(http://host:15672<http://host:15672/>), but if i use a LDAP account, the site is not responding.

Why is the LDAP module not robust againt unavailable LDAP backens? - could you intruduce a sort of healtcheck?

We need to be able to take down 2/3 LDAP servers, and still be able to use RabbitMQ

RabbitMQ 3.2.3, Erlang R15B01

rabbitmq.config
[
  {rabbit, [{auth_backends, [rabbit_auth_backend_ldap, rabbit_auth_backend_internal]}]},
  {rabbitmq_auth_backend_ldap,
   [ {servers,               ["devopsad01.dev.local", "devopsad02.dev.local","devopsad03.dev.local"]},
     {dn_lookup_attribute,   "userPrincipalName"},
     {dn_lookup_base,        "DC=dev,DC=local"},
     {user_dn_pattern,       "${username}@dev.local"},
     {use_ssl,               false},
     {port,                  389},
     {log,                   false},
     {vhost_access_query,    {in_group,
                              "CN=sg_sh_mq_vhost-${vhost},OU=vhosts,OU=MQ,OU=Security Groups,OU=Groups,OU=SharedHosting,OU=eCG,DC=dev,DC=local"}}
     {resource_access_query,
      {for, [{permission, configure, {constant, true}},
             {permission, write,
              {for, [{resource, queue,    {constant, true}},
                     {resource, exchange, {constant, true}}]}},
             {permission, read,
              {for, [{resource, exchange, {constant, true}},
                     {resource, queue,    {constant, true}}]}}
            ]
      }},
     {tag_queries,           [{administrator, {in_group, "CN=sg_sh_mq-admin,OU=MQ,OU=Security Groups,OU=Groups,OU=SharedHosting,OU=eCG,DC=dev,DC=local"}},
                              {management,    {constant, true}}]}
   ]
  }
].


Med venlig hilsen / Best regards

Kristian Jensen
System Engineer | Site Operations Denmark | eBay Classifieds Group
Phone: +45 40226333 | krjensen at ebay.com<mailto:krjensen at ebay.com>

[classifiedsGroup]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140219/debbb1ed/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3531 bytes
Desc: image001.png
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140219/debbb1ed/attachment.png>


More information about the rabbitmq-discuss mailing list