<div dir="ltr">On Active Directory - the only way to do authentication is by bind authentication. Authorization of course is a different discussion. AD doesn't give you direct access to the passwords for users via ldap. <div>
<br></div><div>Jason</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, May 2, 2014 at 8:11 AM, Mark Soderquist <span dir="ltr"><<a href="mailto:SoderquistMV@ldschurch.org" target="_blank">SoderquistMV@ldschurch.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">We definitely need to bind first with svc-ldap, I'm not sure yet whether we bind with the user credentials or just do a lookup. I have to figure that one out.<br>
<br>
We currently have 3.2.4 installed so that makes sense why dn_lookup_bind is not working as expected. We'll update to the latest and give that a try.<br>
<span class="HOEnZb"><font color="#888888"><br>
Mark<br>
</font></span><div class="im HOEnZb"><br>
-----Original Message-----<br>
From: Simon MacMullen [mailto:<a href="mailto:simon@rabbitmq.com">simon@rabbitmq.com</a>]<br>
Sent: Friday, May 02, 2014 2:03 AM<br>
To: Discussions about RabbitMQ; Mark Soderquist<br>
Subject: Re: [rabbitmq-discuss] RabbitMQ LDAP Configuration<br>
<br>
On 01/05/2014 20:04, Mark Soderquist wrote:<br>
> We are<br>
> required to authenticate using the svc-ldap account before making<br>
> queries.<br>
<br>
Just to be clear, are you saying that you want to bind first with svc-ldap to look up a user's DN, before binding with their credentials (which is supported) or that you want to only ever bind with svc-ldap and never with the user's creds (which is not)?<br>
<br>
> We have tried several different configuration options but nothing has<br>
> worked so far. Here is the configuration we thought most likely to<br>
> work:<br>
<br>
<snip><br>
<br>
If you are going for the former choice, that should work. However, from your log it looks like dn_lookup_bind is being ignored. dn_lookup_bind is new in RabbitMQ 3.3.0, so are you using an earlier version?<br>
<br>
Cheers, Simon<br>
<br>
<br>
</div><div class="im HOEnZb"> NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.<br>
<br>
</div><div class="HOEnZb"><div class="h5">_______________________________________________<br>
rabbitmq-discuss mailing list<br>
<a href="mailto:rabbitmq-discuss@lists.rabbitmq.com">rabbitmq-discuss@lists.rabbitmq.com</a><br>
<a href="https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss" target="_blank">https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Jason McIntosh<br><a href="https://github.com/jasonmcintosh/" target="_blank">https://github.com/jasonmcintosh/</a><br>573-424-7612</div>
</div>