<div dir="ltr"><div style="font-family:arial,sans-serif;font-size:13px">I have a problem :) .</div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">
<div>I configured, or rather do me wondering, RMQ to use ldap (openldap)</div><div>for authentication and authorization.</div><div><br></div><div>LDAP works ok, but the LDAP-user can not declare exchanges and queues, (login wheel:pass it works, published msg to exchange works, read msg from queque works )</div>
<div><br></div><div>Here's my Rabbit configs : </div><div><br></div><div>CONFIG1:</div><div><div>[</div><div> {rabbit, [</div><div> {auth_backends, [rabbit_auth_backend_ldap, rabbit_auth_backend_internal]},</div>
<div> {tcp_listeners, []},</div><div> {ssl_listeners, [{"127.0.0.1", 5671} ]},</div><div> {ssl_options, [{cacertfile,"/home/hg/cert/testca/cacert.pem"},</div><div> {certfile,"/home/hg/cert/server/cert.pem"},</div>
<div> {keyfile,"/home/hg/cert/server/key.pem"},</div><div> {verify,verify_peer},</div><div> {fail_if_no_peer_cert,true}]}</div><div> ]</div><div> },</div>
<div> {rabbitmq_auth_backend_ldap,</div><div> [ {servers, ["localhost"]},</div><div> {user_dn_pattern, "cn=${username},o=org1,dc=nodomain"},</div><div> {use_ssl, false},</div>
<div> {port, 389},</div><div> {log, true},</div><div> {resource_access_query,</div><div> {for, [{permission, configure, {in_group, "cn=wheel,o=org1,dc=nodomain"}},</div>
<div> {permission, write,</div><div> {for, [{resource, queue, {in_group, "cn=wheel,o=org1,dc=nodomain"}},</div><div> {resource, exchange, {constant, true}}]}},</div>
<div> {permission, read,</div><div> {for, [{resource, exchange, {in_group, "cn=wheel,o=org1,dc=nodomain"}},</div><div> {resource, queue, {constant, true}}]}}</div>
<div> ]</div><div> }},</div><div> {tag_queries, [{administrator, {constant, false}},</div><div> {management, {constant, true}}]}</div><div> ]</div><div> }</div>
<div>].</div><div><br></div><div>LOG:</div><div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div> LDAP DECISION: does wheel have tag management? true</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div>
<div>LDAP DECISION: login for wheel: ok</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div>LDAP CHECK: access to vhost "/" for "wheel"</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div>
<div> LDAP bind succeeded: cn=wheel,o=org1,dc=nodomain</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div> LDAP evaluating query: {constant,true}</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div>
<div> LDAP evaluated constant: true</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div>LDAP DECISION: access to vhost "/" for "wheel": ok</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div>
<div>LDAP CHECK: configure permission for queue "tyerter" in "/" for "wheel"</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div> LDAP bind succeeded: cn=wheel,o=org1,dc=nodomain</div>
<div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div> LDAP evaluating query: {for,</div><div> [{permission,configure,</div><div> {in_group,"cn=wheel,o=org1,dc=nodomain"}},</div>
<div> {permission,write,</div><div> {for,</div><div> [{resource,queue,</div><div> {in_group,"cn=wheel,o=org1,dc=nodomain"}},</div>
<div> {resource,exchange,{constant,true}}]}},</div><div> {permission,read,</div><div> {for,</div><div> [{resource,exchange,</div>
<div> {in_group,"cn=wheel,o=org1,dc=nodomain"}},</div><div> {resource,queue,{constant,true}}]}}]}</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div>
<div> LDAP selecting subquery permission = configure</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div> LDAP evaluating query: {in_group,"cn=wheel,o=org1,dc=nodomain"}</div><div>
<br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div> LDAP evaluating query: {in_group,"cn=wheel,o=org1,dc=nodomain","member"}</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div>
<div> LDAP filling template "cn=wheel,o=org1,dc=nodomain" with</div><div> [{username,<<"wheel">>},</div><div> {user_dn,"cn=wheel,o=org1,dc=nodomain"},</div>
<div> {vhost,<<"/">>},</div><div> {resource,queue},</div><div> {name,<<"tyerter">>},</div><div> {permission,configure}]</div><div>
<br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div> LDAP template result: "cn=wheel,o=org1,dc=nodomain"</div><div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div> LDAP evaluated in_group for "cn=wheel,o=org1,dc=nodomain": false</div>
<div><br></div><div>=INFO REPORT==== 29-Aug-2013::14:24:05 ===</div><div>LDAP DECISION: configure permission for queue "tyerter" in "/" for "wheel": denied</div><div><br></div><div>=ERROR REPORT==== 29-Aug-2013::14:24:05 ===</div>
<div>connection <0.1234.0>, channel 1 - soft error:</div><div>{amqp_error,access_refused,</div><div> "access to queue 'tyerter' in vhost '/' refused for user 'wheel'",</div>
<div> 'queue.declare'}</div><div><br></div><div>=ERROR REPORT==== 29-Aug-2013::14:24:05 ===</div><div>webmachine error: path="/api/queues/%2F/tyerter"</div><div>"Unauthorized"</div></div>
<div><br></div></div><div><br></div><div><br></div><div><div>Can anyone have any suggestions or experience with this problem.</div><div>For all thank you in advance.</div></div><div><br></div><div style>Muniek</div><div><br>
</div></div></div>