[rabbitmq-discuss] RabbitMQ LDAP Configuration

• Previous message: [rabbitmq-discuss] Hostname Verification for SSL connections
• Next message: [rabbitmq-discuss] RabbitMQ LDAP Configuration
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We are trying to connect Rabbit with our Active Directory LDAP server but still have not found the right configuration. Let me give you the use case:

We want to be able to authenticate administrative users against LDAP for the management console. Our LDAP server is ldschurch.org. We are required to authenticate using the svc-ldap account before making queries. We have tried several different configuration options but nothing has worked so far. Here is the configuration we thought most likely to work:

[
  {rabbit, [{auth_backends, [rabbit_auth_backend_ldap, rabbit_auth_backend_internal]}]},
  {rabbitmq_auth_backend_ldap,
   [ {servers,               ["ldschurch.org"]},
     {dn_lookup_bind,        {"cn=svc-ldap,ou=srv-app-accts,dc=ldschurch,dc=org", "password"}},
     {dn_lookup_base,        "dc=ldschurch,dc=org"},
     {dn_lookup_attribute,   "cn"},
     {use_ssl,               false},
     {port,                  389},
     {log,                   false}
   ]
  }
].

We can tell by watching the TCP traffic that the bind user is not part of the request, only the authenticating user, which is admmvs1 in our situation.

Here is the log output:
=INFO REPORT==== 1-May-2014::11:22:29 ===
LDAP CHECK: login for admmvs1

=INFO REPORT==== 1-May-2014::11:22:29 ===
        LDAP filling template "${username}" with
            [{username,<<"admmvs1">>}]

=INFO REPORT==== 1-May-2014::11:22:29 ===
        LDAP template result: "admmvs1"

=INFO REPORT==== 1-May-2014::11:22:29 ===
    LDAP bind returned "invalid credentials": admmvs1

=INFO REPORT==== 1-May-2014::11:22:29 ===
LDAP DECISION: login for admmvs1: denied

What did we do wrong in our configuration?


 NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140501/125f4290/attachment.html>

• Previous message: [rabbitmq-discuss] Hostname Verification for SSL connections
• Next message: [rabbitmq-discuss] RabbitMQ LDAP Configuration
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]