<div dir="ltr"><div style="font-family:arial,sans-serif;font-size:13px">I have a problem :) .</div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">
<div>I configured, or rather do me wondering, RMQ to use ldap (openldap)</div><div>for authentication and authorization.</div><div><br></div><div>LDAP works ok, but the LDAP-user can not declare exchanges and queues, (login wheel:pass it works, published msg to exchange works, read msg from queque works )</div>
<div><br></div><div>Here's my Rabbit configs :�</div><div><br></div><div>CONFIG1:</div><div><div>[</div><div>� {rabbit, [</div><div>� � �{auth_backends, [rabbit_auth_backend_ldap, rabbit_auth_backend_internal]},</div>
<div>� � �{tcp_listeners, []},</div><div>� � �{ssl_listeners, [{"127.0.0.1", 5671} ]},</div><div>� � �{ssl_options, [{cacertfile,"/home/hg/cert/testca/cacert.pem"},</div><div>� � � � � � � � � � {certfile,"/home/hg/cert/server/cert.pem"},</div>
<div>� � � � � � � � � � {keyfile,"/home/hg/cert/server/key.pem"},</div><div>� � � � � � � � � � {verify,verify_peer},</div><div>� � � � � � � � � � {fail_if_no_peer_cert,true}]}</div><div>� �]</div><div>� },</div>
<div>� {rabbitmq_auth_backend_ldap,</div><div>� �[ {servers, � � � � � � � ["localhost"]},</div><div>� � �{user_dn_pattern, � � � "cn=${username},o=org1,dc=nodomain"},</div><div>� � �{use_ssl, � � � � � � � false},</div>
<div>� � �{port, � � � � � � � � �389},</div><div>� � �{log, � � � � � � � � � true},</div><div>� � �{resource_access_query,</div><div>� � � {for, [{permission, configure, {in_group, "cn=wheel,o=org1,dc=nodomain"}},</div>
<div>� � � � � � �{permission, write,</div><div>� � � � � � � {for, [{resource, queue, � �{in_group, "cn=wheel,o=org1,dc=nodomain"}},</div><div>� � � � � � � � � � �{resource, exchange, {constant, true}}]}},</div>
<div>� � � � � � �{permission, read,</div><div>� � � � � � � {for, [{resource, exchange, {in_group, "cn=wheel,o=org1,dc=nodomain"}},</div><div>� � � � � � � � � � �{resource, queue, � �{constant, true}}]}}</div>
<div>� � � � � � ]</div><div>� � � }},</div><div>� � �{tag_queries, � � � � � [{administrator, {constant, false}},</div><div>� � � � � � � � � � � � � � � {management, � �{constant, true}}]}</div><div>� �]</div><div>� }</div>
<div>].</div><div><br></div><div>LOG:</div><div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div>� � LDAP DECISION: does wheel have tag management? true</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div>
<div>LDAP DECISION: login for wheel: ok</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div>LDAP CHECK: access to vhost "/" for "wheel"</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div>
<div>� � LDAP bind succeeded: cn=wheel,o=org1,dc=nodomain</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div>� � LDAP evaluating query: {constant,true}</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div>
<div>� � LDAP evaluated constant: true</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div>LDAP DECISION: access to vhost "/" for "wheel": ok</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div>
<div>LDAP CHECK: configure permission for queue "tyerter" in "/" for "wheel"</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div>� � LDAP bind succeeded: cn=wheel,o=org1,dc=nodomain</div>
<div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div>� � LDAP evaluating query: {for,</div><div>� � � � � � � � � � � � � � [{permission,configure,</div><div>� � � � � � � � � � � � � � � {in_group,"cn=wheel,o=org1,dc=nodomain"}},</div>
<div>� � � � � � � � � � � � � � �{permission,write,</div><div>� � � � � � � � � � � � � � � {for,</div><div>� � � � � � � � � � � � � � � �[{resource,queue,</div><div>� � � � � � � � � � � � � � � � �{in_group,"cn=wheel,o=org1,dc=nodomain"}},</div>
<div>� � � � � � � � � � � � � � � � {resource,exchange,{constant,true}}]}},</div><div>� � � � � � � � � � � � � � �{permission,read,</div><div>� � � � � � � � � � � � � � � {for,</div><div>� � � � � � � � � � � � � � � �[{resource,exchange,</div>
<div>� � � � � � � � � � � � � � � � �{in_group,"cn=wheel,o=org1,dc=nodomain"}},</div><div>� � � � � � � � � � � � � � � � {resource,queue,{constant,true}}]}}]}</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div>
<div>� � LDAP selecting subquery permission = configure</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div>� � LDAP evaluating query: {in_group,"cn=wheel,o=org1,dc=nodomain"}</div><div>
<br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div>� � LDAP evaluating query: {in_group,"cn=wheel,o=org1,dc=nodomain","member"}</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div>
<div>� � � � LDAP filling template "cn=wheel,o=org1,dc=nodomain" with</div><div>� � � � � � [{username,<<"wheel">>},</div><div>� � � � � � �{user_dn,"cn=wheel,o=org1,dc=nodomain"},</div>
<div>� � � � � � �{vhost,<<"/">>},</div><div>� � � � � � �{resource,queue},</div><div>� � � � � � �{name,<<"tyerter">>},</div><div>� � � � � � �{permission,configure}]</div><div>
<br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div>� � � � LDAP template result: "cn=wheel,o=org1,dc=nodomain"</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div>� � LDAP evaluated in_group for "cn=wheel,o=org1,dc=nodomain": false</div>
<div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div>LDAP DECISION: configure permission for queue "tyerter" in "/" for "wheel": denied</div><div><br></div><div>=ERROR REPORT==== 29-Aug-2013::14:24:05 ===</div>
<div>connection <0.1234.0>, channel 1 - soft error:</div><div>{amqp_error,access_refused,</div><div>� � � � � � "access to queue 'tyerter' in vhost '/' refused for user 'wheel'",</div>
<div>� � � � � � 'queue.declare'}</div><div><br></div><div>=ERROR REPORT==== 29-Aug-2013::14:24:05 ===</div><div>webmachine error: path="/api/queues/%2F/tyerter"</div><div>"Unauthorized"</div></div>
<div><br></div></div><div><br></div><div><br></div><div><div>Can anyone have any suggestions or experience with this problem.</div><div>For all thank you in advance.</div></div><div><br></div><div style>Muniek</div><div><br>
</div></div></div>