<div dir="ltr">Hey Everyone!<div><br></div><div>I have been trying to figure this out for a couple days, and have made progress due to this post:</div><div><br></div><div><a href="http://rabbitmq.1065348.n5.nabble.com/Per-queue-exchange-ACL-via-LDAP-plugin-td25331.html">http://rabbitmq.1065348.n5.nabble.com/Per-queue-exchange-ACL-via-LDAP-plugin-td25331.html</a><br>
</div><div><br></div><div>I guess my question stems from that post.</div><div><br></div><div>I currently have multiple users and vhost&#39;s. Some users need to read queues on different vhost&#39;s and some need to configure the vhost. At the bottom the tag_queries works, but i need to remove management. </div>
<div><br></div><div>Here is what i was hoping to get help with:</div><div><br></div><div>1. I need to be able to have TestUser2 configure queues, exchanges, etc... on vhost &quot;One_&quot;. </div><div><br></div><div>The easy:<br>
</div><div>2. TestUser3 to read the queues from &quot;One_&quot; (easy). </div><div><br></div><div>Now the twist: </div><div>3. TestUser4 is on a different vhost &quot;Sec_&quot; that should be able to configure, and they should have no access to &quot;One_&quot; vhost, they will also have another user consuming.  </div>
<div><br></div><div>My question is how do i separate the two vhost&#39;s in the config file, and still maintain access control? </div><div><br></div><div>Do i have 2 &quot;vhost_access_query&quot;? but then how do i set the permissions for each?</div>
<div><br></div><div>** Also, all LDAP is 100% static, i cannot add groups or attributes. **</div><div><br></div><div><br></div><div>Here is the sample of the excerpt from my rabbitmq.conf:</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">{rabbitmq_auth_backend_ldap,</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
                [{servers, [&quot;<a href="http://ldap_server.com">ldap_server.com</a>&quot;]},</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
                {user_dn_pattern, &quot;cn=${username},ou=System,dc=Test&quot;},</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
                {use_ssl, true},</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">                {ssl_options, {certfile, &quot;/etc/rabbitmq/ssl/test.cer&quot;}},</blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">                {port, 443},</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
                {log, true},</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">                {other_bind, as_user}, </blockquote>
</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
                {resource_access_query, </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">                        {for, [{resource, exchange, {constant, false}}, </blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">                                {resource, queue, </blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">                                {for, [{permission, configure, {constant, false}}, </blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">                                    {permission, write, {constant, false}}, </blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">                                    {permission, read, </blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">                                        {match, {string, &quot;TestUser3&quot;}, {string, &quot;^${username}&quot;}}</blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">                                    }]}} </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
                        ]}</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">                } </blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">                {tag_queries, [{administrator, {match, {string, &quot;TestUser1&quot;}, {string, &quot;^${username}&quot;}}}]}</blockquote>
</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
        ]}</blockquote></blockquote><div><br></div><div><br></div><div>As always, thank you for any help or direction you can point me in! </div><div><br></div><div><br></div></div>