[rabbitmq-discuss] Debugging AD

Simon MacMullen simon at rabbitmq.com
Fri Dec 2 11:49:39 GMT 2011

On 01/12/11 17:10, Ben Hood wrote:
> So I would love to be corrected, but I can't see how AD authentication
> can work without post-processing the initial bind call. Has anybody
> else had any success with AD where authentication for the bind is
> required?

So after some off-list discussion, the issue is that AD allows you to 
bind using a short ID rather than a full name - useful in the case where 
you have too many users to stick them in a single OU, but don't want 
people to have to enter their full DN to log in.

But the LDAP plugin assumes that the name you log in as is your full DN 
(after applying user_dn_pattern). So it would be useful to have an 
optional step to go look up the DN after bind.

I'll file a bug.

Cheers, Simon

Simon MacMullen
RabbitMQ, VMware

More information about the rabbitmq-discuss mailing list