[rabbitmq-discuss] Debugging AD

• Previous message: [rabbitmq-discuss] Debugging AD
• Next message: [rabbitmq-discuss] Debugging AD
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/12/11 17:10, Ben Hood wrote:
> So I would love to be corrected, but I can't see how AD authentication
> can work without post-processing the initial bind call. Has anybody
> else had any success with AD where authentication for the bind is
> required?

So after some off-list discussion, the issue is that AD allows you to 
bind using a short ID rather than a full name - useful in the case where 
you have too many users to stick them in a single OU, but don't want 
people to have to enter their full DN to log in.

But the LDAP plugin assumes that the name you log in as is your full DN 
(after applying user_dn_pattern). So it would be useful to have an 
optional step to go look up the DN after bind.

I'll file a bug.

Cheers, Simon

-- 
Simon MacMullen
RabbitMQ, VMware

• Previous message: [rabbitmq-discuss] Debugging AD
• Next message: [rabbitmq-discuss] Debugging AD
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]