[rabbitmq-discuss] Using ldap when connecting to management plugin

Kristen Stewart kristen.stewart at stonybrook.edu
Wed Aug 1 19:45:03 BST 2012


I am trying to authenticate users signing in to the management plugin using
Ldap.  I am running RabbitMQ 2.8.4 as a service on Windows 7 64 bit. Currently
my config file looks like this:

[{listeners, [{mgmt, [{port, 55672}]}]},
> {default_listener, [{port, 55670}]},
> {contexts, [{rabbit_mgmt, mgmt}]},
> {log_levels, [{connection, info}]},
> {rabbit, [{auth_backends, [rabbit_auth_backend_internal,
> rabbit_auth_backend_ldap]}]},
> {
> rabbitmq_auth_backend_ldap,
> [
> {servers,["my-server"]},
> {user_dn_pattern, "CN=${username},OU=Users,DC=mydomain,DC=com"},
> {tag_queries, [{administrator, {constant, true}}]},
> {resource_access_query, {constant, true}},
> {vhost_access_query, {constant, true}},
> {use_ssl,false},
> {port,389},
> {log,true}
> ]
> }].


This does allow the users who authenticate using ldap to sign in to the
management UI, but whenever I try to edit, create, or delete queues and
exchanges, it returns an error. I have tried similar operations using the
cli tool and it gives the same error, but I can get it to list exchanges
and queues. Logging in with the default local user "guest" works and the
user can edit everything.

I am wondering if I am missing something in the config file to give users
who authenticate with ldap write and configure access or if there is some
other error happening.

This is the error returned from the management UI:

{error,
    {exit,
        {{{case_clause,
              {badrpc,
                  {'EXIT',
                      {as_user_no_password,
                          {gen_server,call,
                              [rabbit_auth_backend_ldap,
                               {login,<<"knstewart">>},
                               infinity]}}}}},
          [{amqp_direct_connection,connect,4,[]},
           {amqp_gen_connection,handle_call,3,[]},
           {gen_server,handle_msg,5,[{file,"gen_server.erl"},{line,588}]},
           {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,227}]}]},
         {gen_server,call,[<0.21766.0>,connect,infinity]}},
        [{gen_server,call,3,[{file,"gen_server.erl"},{line,188}]},
         {rabbit_mgmt_util,with_channel,5,[]},
         {rabbit_mgmt_util,with_decode,5,[]},
         {rabbit_mgmt_wm_exchange_publish,process_post,2,[]},
         {webmachine_resource,resource_call,3,[]},
         {webmachine_resource,do,3,[]},
         {webmachine_decision_core,resource_call,1,[]},
         {webmachine_decision_core,decision,1,[]}]}}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120801/aeed1202/attachment.htm>


More information about the rabbitmq-discuss mailing list