I've been meaning to ask on this subject: is there any level of caching of data received back from the LDAP server? I'd like to move to LDAP for our infrastructure but am worried about connection rates and throttling due to time spent making LDAP requests for the same connecting/disconnecting user.<div>
<br></div><div>Alternatively, does Rabbit check local auth prior to LDAP auth?</div><div><br></div><div>Gavin<br><br><div class="gmail_quote">On Wed, Nov 30, 2011 at 12:41 PM, Simon MacMullen <span dir="ltr"><<a href="mailto:simon@rabbitmq.com">simon@rabbitmq.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">On 30/11/11 16:44, Ben Hood wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I now have a follow up question: is it possible to create two<br>
different groups in LDAP and assign them different levels of<br>
privileges within the Management frontend?<br>
</blockquote>
<br>
Yes - see <a href="http://hg.rabbitmq.com/rabbitmq-auth-backend-ldap/file/rabbitmq_v2_7_0/README-authorisation" target="_blank">http://hg.rabbitmq.com/<u></u>rabbitmq-auth-backend-ldap/<u></u>file/rabbitmq_v2_7_0/README-<u></u>authorisation</a><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I was thinking of having a group for admins who can do anything, and a<br>
group for people who should be able to look at statistical info, but<br>
can't do anything that would cause any messages to get binned (such as<br>
queue/exchange deletions, queue purges or queue binds/unbinds).<br>
</blockquote>
<br>
So the second group needs to have a tag_queries such that they get the "monitoring" tag, and a resource_access_query that restricts them from... well, from doing almost anything I guess.<br>
<br>
Cheers, Simon<br><font color="#888888">
<br>
-- <br>
Simon MacMullen<br>
RabbitMQ, VMware<br>
______________________________<u></u>_________________<br>
rabbitmq-discuss mailing list<br>
<a href="mailto:rabbitmq-discuss@lists.rabbitmq.com" target="_blank">rabbitmq-discuss@lists.<u></u>rabbitmq.com</a><br>
<a href="https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss" target="_blank">https://lists.rabbitmq.com/<u></u>cgi-bin/mailman/listinfo/<u></u>rabbitmq-discuss</a><br>
</font></blockquote></div><br></div>