<div dir="ltr">Hey Everyone!<div><br></div><div>I have been trying to figure this out for a couple days, and have made progress due to this post:</div><div><br></div><div><a href="http://rabbitmq.1065348.n5.nabble.com/Per-queue-exchange-ACL-via-LDAP-plugin-td25331.html">http://rabbitmq.1065348.n5.nabble.com/Per-queue-exchange-ACL-via-LDAP-plugin-td25331.html</a><br>
</div><div><br></div><div>I guess my question stems from that post.</div><div><br></div><div>I currently have multiple users and vhost's. Some users need to read queues on different vhost's and some need to configure the vhost. At the bottom the tag_queries works, but i need to remove management.�</div>
<div><br></div><div>Here is what i was hoping to get help with:</div><div><br></div><div>1. I need to be able to have TestUser2 configure queues, exchanges, etc... on vhost "One_".�</div><div><br></div><div>The easy:<br>
</div><div>2. TestUser3 to read the queues from "One_" (easy).�</div><div><br></div><div>Now the twist:�</div><div>3. TestUser4 is on a different vhost "Sec_" that should be able to configure, and they should have no access to "One_" vhost, they will also have another user consuming. �</div>
<div><br></div><div>My question is how do i separate the two vhost's in the config file, and still maintain access control?�</div><div><br></div><div>Do i have 2 "vhost_access_query"? but then how do i set the permissions for each?</div>
<div><br></div><div>** Also, all LDAP is 100% static, i cannot add groups or attributes. **</div><div><br></div><div><br></div><div>Here is the sample of the excerpt from my rabbitmq.conf:</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">{rabbitmq_auth_backend_ldap,</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
� � � � � � � � [{servers, ["<a href="http://ldap_server.com">ldap_server.com</a>"]},</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
� � � � � � � � {user_dn_pattern, "cn=${username},ou=System,dc=Test"},</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
� � � � � � � � {use_ssl, true},</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">� � � � � � � � {ssl_options, {certfile, "/etc/rabbitmq/ssl/test.cer"}},</blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">� � � � � � � � {port, 443},</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
� � � � � � � � {log, true},</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">� � � � � � � � {other_bind, as_user},�</blockquote>
</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
� � � � � � � � {resource_access_query,�</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">� � � � � � � � � � � � {for, [{resource, exchange, {constant, false}},�</blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">� � � � � � � � � � � � � � � � {resource, queue,�</blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">� � � � � � � � � � � � � � � � {for, [{permission, configure, {constant, false}},�</blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">� � � � � � � � � � � � � � � � � � {permission, write, {constant, false}},�</blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">� � � � � � � � � � � � � � � � � � {permission, read,�</blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">� � � � � � � � � � � � � � � � � � � � {match, {string, "TestUser3"}, {string, "^${username}"}}</blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">� � � � � � � � � � � � � � � � � � }]}}�</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
� � � � � � � � � � � � ]}</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">� � � � � � � � }�</blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">� � � � � � � � {tag_queries, [{administrator, {match, {string, "TestUser1"}, {string, "^${username}"}}}]}</blockquote>
</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
� � � � ]}</blockquote></blockquote><div><br></div><div><br></div><div>As always, thank you for any help or direction you can point me in!�</div><div><br></div><div><br></div></div>