[rabbitmq-discuss] Bug: rmq_auth_mech_ssl crashes when Cert Subject contains more than one CN

• Previous message: [rabbitmq-discuss] "How do I...?"
• Next message: [rabbitmq-discuss] Bug: rmq_auth_mech_ssl crashes when Cert Subject contains more than one CN
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When using Microsoft Active Directory and Certificate Services (AD DS
& AD CS) as your Kerberos/LDAP/PKI environment, users are - by default
- created in the Users container (CN=Users, DC=example, DC=com) in
LDAP.

Therefore, the DN of new domain users contains two common name (CN)
elements in their DN (i.e. CN=Test User, CN=Users, DC=example,
DC=com).  Therefore, the Subject of the user's certificate will
contain two CN elements.  This crashes the find_by_type method (line
88 of rabbit_ssl.erl) when the return of lists:flatten are an array
instead of a single value.

I suggest that the code be updated to check for multiple CN elements
and to concatenate them with a space (" ").  In this way, instead of
crashing and being unusable in Windows environments, administrators
will be able to create a rabbitmq user that will match the
concatenated value (i.e. "Users Test User").

Please see this thread for historical information:
http://groups.google.com/group/rabbitmq-discuss/browse_thread/thread/0a93665c63113683

Apologies for submitting this here, but when I created a rabbitmq
bugzilla account, I had no privileges whatsoever.

• Previous message: [rabbitmq-discuss] "How do I...?"
• Next message: [rabbitmq-discuss] Bug: rmq_auth_mech_ssl crashes when Cert Subject contains more than one CN
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]