<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    What am I doing wrong?? I have set auth_mechanism=external in my

    federation URI, but according to the RabbitMQ log, it's trying to

    authenticate as guest. <br>

    <br>

    ecozzi-01:~ # rabbitmqctl list_parameters<br>

    Listing runtime parameters ...<br>

    federation&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; local-username&nbsp; "guest"<br>

    federation&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; local-nodename&nbsp; <a class="moz-txt-link-rfc2396E" href="mailto:rabbit@ecozzi-01.site">"rabbit@ecozzi-01.site"</a><br>

    federation-upstream&nbsp;&nbsp;&nbsp;&nbsp; ecozzi-02&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

{"prefetch-count":1000,"uri":"amqps://ecozzi-02?cacertfile=/opt/cray/ssl/testca/cacert.pem&amp;certfile=/opt/cray/ssl/client-01/cert.pem&amp;keyfile=/opt/cray/ssl/client-01/key.pem&amp;verify=verify_peer&amp;fail_if_no_peer_cert=true&amp;auth_mechanism=external","trust-user-id":true,"max-hops":1}<br>

    <br>

    ecozzi-02:/etc/rabbitmq # rabbitmqctl list_parameters<br>

    Listing runtime parameters ...<br>

    federation&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; local-username&nbsp; "guest"<br>

    federation&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; local-nodename&nbsp; "smw_cluster"<br>

    federation-upstream&nbsp;&nbsp;&nbsp;&nbsp; ecozzi-01&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

{"prefetch-count":1000,"uri":"amqps://ecozzi-01?cacertfile=/opt/cray/ssl/testca/cacert.pem&amp;certfile=/opt/cray/ssl/client-02/cert.pem&amp;keyfile=/opt/cray/ssl/client-02/key.pem&amp;verify=verify_peer&amp;fail_if_no_peer_cert=true&amp;auth_mechanism=external","trust-user-id":true,"max-hops":1}<br>

    <br>

    <b>Log File:</b><br>

    ecozzi-01:~ # rabbitmqctl list_parameters<br>

    Listing runtime parameters ...<br>

    federation&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; local-username&nbsp; "guest"<br>

    federation&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; local-nodename&nbsp; <a class="moz-txt-link-rfc2396E" href="mailto:rabbit@ecozzi-01.site">"rabbit@ecozzi-01.site"</a><br>

    federation-upstream&nbsp;&nbsp;&nbsp;&nbsp; ecozzi-02&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

{"prefetch-count":1000,"uri":"amqps://ecozzi-02?cacertfile=/opt/cray/ssl/testca/cacert.pem&amp;certfile=/opt/cray/ssl/client-01/cert.pem&amp;keyfile=/opt/cray/ssl/client-01/key.pem&amp;verify=verify_peer&amp;fail_if_no_peer_cert=true&amp;auth_mechanism=external","trust-user-id":true,"max-hops":1}<br>

    <br>

    ecozzi-02:/etc/rabbitmq # rabbitmqctl list_parameters<br>

    Listing runtime parameters ...<br>

    federation&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; local-username&nbsp; "guest"<br>

    federation&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; local-nodename&nbsp; "smw_cluster"<br>

    federation-upstream&nbsp;&nbsp;&nbsp;&nbsp; ecozzi-01&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

{"prefetch-count":1000,"uri":"amqps://ecozzi-01?cacertfile=/opt/cray/ssl/testca/cacert.pem&amp;certfile=/opt/cray/ssl/client-02/cert.pem&amp;keyfile=/opt/cray/ssl/client-02/key.pem&amp;verify=verify_peer&amp;fail_if_no_peer_cert=true&amp;auth_mechanism=external","trust-user-id":true,"max-hops":1}<br>

    <br>

    <br>

    <br>

    On 05/29/2013 09:53 AM, Eric Cozzi wrote:

    <blockquote cite="mid:51A61670.8050104@cray.com" type="cite">Matthias,

      <br>

      <br>

      Sorry for the delay in responding.

      <br>

      <br>

      I have the LDAP auth plugin logging at Network level. There are no

      additional log statements that are being output. I've also

      confirmed that the user exists in my LDAP. So, I'm not sure why it

      couldn't find the user, unless it's not looking for the correct

      username. It should be using the CN from the SSL certificate as

      the username, which in this case should be either ecozzi-02 or

      ecozzi-03.

      <br>

      <br>

      Erlang version is:

      <br>

      ecozzi-01:/home/ecozzi # cat /usr/lib64/erlang/releases/RELEASES

      <br>

      [{release,"OTP&nbsp; APN 181 01","R15B02","5.9.2",

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

      [{kernel,"2.15.2","/usr/lib64/erlang/lib/kernel-2.15.2"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

      {stdlib,"1.18.2","/usr/lib64/erlang/lib/stdlib-1.18.2"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {sasl,"2.2.1","/usr/lib64/erlang/lib/sasl-2.2.1"}],

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; permanent}].

      <br>

      <br>

      Rabbit Version:

      <br>

      ecozzi-01:/home/ecozzi # rabbitmqctl status

      <br>

      Status of node 'rabbit@ecozzi-01' ...

      <br>

      [{pid,3800},

      <br>

      &nbsp;{running_applications,

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp; [{rabbitmq_federation_management,"RabbitMQ Federation

      Management",

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "3.0.1"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {rabbitmq_management,"RabbitMQ Management Console","3.0.1"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {rabbitmq_federation,"RabbitMQ Federation","3.0.1"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {rabbitmq_auth_backend_ldap,"RabbitMQ LDAP Authentication

      Backend",

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "3.0.1"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {rabbitmq_management_agent,"RabbitMQ Management

      Agent","3.0.1"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {rabbit,"RabbitMQ","3.0.1"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {ssl,"Erlang/OTP SSL application","5.1"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {public_key,"Public key infrastructure","0.16"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {crypto,"CRYPTO version 2","2.2"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {os_mon,"CPO&nbsp; CXC 138 46","2.2.10"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {rabbitmq_auth_mechanism_ssl,

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "RabbitMQ SSL authentication (SASL EXTERNAL)","3.0.1"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {rabbitmq_mochiweb,"RabbitMQ Mochiweb Embedding","3.0.1"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {webmachine,"webmachine","1.9.1-rmq3.0.1-git52e62bc"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {mochiweb,"MochiMedia Web

      Server","2.3.1-rmq3.0.1-gitd541e9a"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {xmerl,"XML parser","1.3.2"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {inets,"INETS&nbsp; CXC 138 49","5.9.1"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {mnesia,"MNESIA&nbsp; CXC 138 12","4.7.1"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {eldap,"Ldap api","1.0"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {amqp_client,"RabbitMQ AMQP Client","3.0.1"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {sasl,"SASL&nbsp; CXC 138 11","2.2.1"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {stdlib,"ERTS&nbsp; CXC 138 10","1.18.2"},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {kernel,"ERTS&nbsp; CXC 138 10","2.15.2"}]},

      <br>

      &nbsp;{os,{unix,linux}},

      <br>

      &nbsp;{erlang_version,

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp; "Erlang R15B02 (erts-5.9.2) [source] [64-bit] [smp:2:2]

      [async-threads:30] [hipe] [kernel-poll:true]\n"},

      <br>

      &nbsp;{memory,

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp; [{total,37603792},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {connection_procs,162600},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {queue_procs,235552},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {plugins,377592},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {other_proc,10276868},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {mnesia,94464},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {mgmt_db,84936},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {msg_index,32576},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {other_ets,1236360},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {binary,306624},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {code,20204649},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {atom,760729},

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {other_system,3830842}]},

      <br>

      &nbsp;{vm_memory_high_watermark,0.4},

      <br>

      &nbsp;{vm_memory_limit,205919027},

      <br>

      &nbsp;{disk_free_limit,1000000000},

      <br>

      &nbsp;{disk_free,0},

      <br>

      &nbsp;{file_descriptors,

      <br>

      &nbsp;&nbsp;&nbsp;&nbsp;

[{total_limit,924},{total_used,16},{sockets_limit,829},{sockets_used,4}]},<br>

      &nbsp;{processes,[{limit,1048576},{used,249}]},

      <br>

      &nbsp;{run_queue,0},

      <br>

      &nbsp;{uptime,406985}]

      <br>

      ...done.

      <br>

      <br>

      On 05/25/2013 03:56 PM, Matthias Radestock wrote:

      <br>

      <blockquote type="cite">Eric,

        <br>

        <br>

        On 24/05/13 22:55, Eric Cozzi wrote:

        <br>

        <blockquote type="cite">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

          {{badarg,{error,noSuchObject}},

          <br>

          [{rabbit_access_control,'-check_vhost_access/2-fun-0-',3,[]},

          <br>

          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {rabbit_access_control,check_access,5,[]},

          <br>

        </blockquote>

        <br>

        That indicates that your LDAP auth backend returned a

        'noSuchObject' error when performing the vhost access check for

        the user.

        <br>

        <br>

        I suggest you enable logging in the LDAP auth plug-in to track

        down the cause.

        <br>

        <br>

        However, the error really should be handled more gracefully by

        rabbit, and I am at a loss why it's producing such a stack

        trace. What versions of RabbitMQ and Erlang are you running and

        how did you install rabbit (e.g. from a package, compiled from

        source, etc)?

        <br>

        <br>

        Matthias.

        <br>

        <br>

      </blockquote>

      _______________________________________________

      <br>

      rabbitmq-discuss mailing list

      <br>

      <a class="moz-txt-link-abbreviated" href="mailto:rabbitmq-discuss@lists.rabbitmq.com">rabbitmq-discuss@lists.rabbitmq.com</a>

      <br>

<a class="moz-txt-link-freetext" href="https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss">https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss</a>

      <br>

      <br>

    </blockquote>

  </body>

</html>