<div dir="ltr">Looks like I'm hitting this as I cannot connect to port 636. But does eldap support StartTLS now?<br><br>From: Simon MacMullen <<a target="_top" href="http://gmane.org/get-address.php?address=simon%2dmQ7lE4MOPXtWk0Htik3J%2fw%40public.gmane.org" rel="nofollow">simon@...</a>><br>
Subject: <a target="_top" rel="nofollow" href="http://news.gmane.org/find-root.php?message_id=5268EBB6.4010504%40rabbitmq.com">Re: Configuring Auth LDAP Backend using LDAP+SSL/TLS</a><br>
Newsgroups: <a href="http://news.gmane.org/gmane.comp.networking.rabbitmq.general" target="_top">gmane.comp.networking.rabbitmq.general</a><br>
Date: 2013-10-24 09:43:18 GMT
(35 weeks, 4 days, 22 hours and 49 minutes ago)<br>
<pre>Currently you can't set SSL options for <b style="color:black;background-color:rgb(255,255,102)">LDAP</b> connections, you can only
set {<b style="color:black;background-color:rgb(255,255,102)">use_ssl</b>, true} to make a connection without presenting a client
certificate. I guess this should be fixed.
Also you have {port, 389} which is unlikely to work as it's the non-SSL
port and I'm not at all convinced e<b style="color:black;background-color:rgb(255,255,102)">ldap</b> (the underlying Erlang <b style="color:black;background-color:rgb(255,255,102)">LDAP</b>
library) supports StartTLS.
So the only configuration that could work at the moment is
{<b style="color:black;background-color:rgb(255,255,102)">use_ssl</b>, true},
{port, 636}</pre><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-07-01 16:16 GMT+08:00 Joey Jiao <span dir="ltr"><<a href="mailto:joey.jiaojg@gmail.com" target="_blank">joey.jiaojg@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Here is my config<br><br><div><div class="gmail_extra">[<br> {rabbit, [<br> {log_levels, [{default, info}]},<br>
{reverse_dns_lookups, true},<br> {auth_backends, [rabbit_auth_backend_ldap]},<br> {ssl_listeners, [5671]}<br>
% {ssl_options, [<br>% {verify, verify_none},<br>% {cacertfile, "/etc/rabbitmq/qc_root_g2_cert.crt"},<br>% {certfile, "/etc/rabbitmq/ssl_v1_cert.crt"}<br>% ]}<br> ]},<br> {rabbitmq_auth_backend_ldap, [<br>
{servers, ["ldap"]},<br> {user_dn_pattern, "uid=${username},ou=people,o=xxx"},<br> % {dn_lookup_attribute, "uid"},<br> % {dn_lookup_base, "ou=people,o=xxx"},<br> % {dn_lookup_bind, anon},<br>
{use_ssl, false},<br> {log, network},<br> {vhost_access_query, {constant, true}},<br> {resource_access_query, {constant, true}},<br> {tag_queries, [{administrator, {constant, true}},<br> {management, {constant, true}}]}<br>
]}<br>].<br><br><br><div class="gmail_quote">2014-07-01 13:20 GMT+08:00 Joey Jiao <span dir="ltr"><<a href="mailto:joey.jiaojg@gmail.com" target="_blank">joey.jiaojg@gmail.com</a>></span>:<div><div class="h5"><br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr"><div><div>Hi,<br></div>I'm still on using rabbitmq_auth_backends_ldap plugin but login still failed.<br></div>After a track, it failed during eldap:simple_bind.<br><div>But it failed at simple_bind with eldap:simple_bind(L,"uid=jiangenj,ou=people,o=xxx","password") with error {error,confidentialityRequired}.<br clear="all">
<div><div><br>My django app uses settings below and it worked. How can I convert to rabbitmq way?<br>import ldap<br><b>AUTH_LDAP_START_TLS = True<br>AUTH_LDAP_GLOBAL_OPTIONS = {<br> ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER<br>
}</b><br><b>AUTH_LDAP_BIND_DN = ''<br>AUTH_LDAP_BIND_PASSWORD = ''</b><br><b>AUTH_LDAP_BIND_AS_AUTHENTICATING_USER = True</b><br>AUTH_LDAP_SERVER_URI = 'ldap://ldap'<br>AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,ou=people,o=xxx'<span><font color="#888888"><br>
<br>-- <br>-Joey Jiao
</font></span></div></div></div></div>
</blockquote></div></div></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><br>-- <br>-Joey Jiao
</font></span></div></div></div>
</blockquote></div><br><br clear="all"><br>-- <br>-Joey Jiao
</div>