[rabbitmq-discuss] RabbitMQ 2.8.7 + LDAP + other_bind
Marc
marc.villacorta at gmail.com
Wed Oct 10 15:28:26 BST 2012
Hello all!
For authentication I need to bind to a Microsoft Active Directory.
Let's say my bind user is '*uxxx*' with password '*pxxx*'.
Let's say the user I try to authenticate is '*uyyy*' with password '*pyyy*'.
I use the *other_bind<http://hg.rabbitmq.com/rabbitmq-auth-backend-ldap/file/d76afaf44415/README#l100>
* configuration option in order to bind with user '*uxxx*'.
Like this:
{ rabbit, [{auth_backends, [rabbit_auth_backend_ldap]}]},
{ rabbitmq_auth_backend_ldap, [
{servers, ["myldapserver"]},
{other_bind, {"uxxx", "pxxx"}},
{dn_lookup_base, "DC=my,DC=domain,DC=com"},
{dn_lookup_attribute, "AccountName"},
{user_dn_pattern,
> "CN=${username},OU=users,OU=mycompany,DC=my,DC=domain,DC=com"},
{log,true}
]}
but when I try to login with user '*uyyy*' I get this in my logs:
> =INFO REPORT==== 10-Oct-2012::16:21:04 ===
LDAP backend: connecting to ["myldapserver"]
> =INFO REPORT==== 10-Oct-2012::16:21:04 ===
LDAP backend: bind request = {'BindRequest',3,
> "CN=uyyy,OU=users,OU=mycompany,DC=my,DC=domain,DC=com",
{simple,<<"pyyy">>}}
> =INFO REPORT==== 10-Oct-2012::16:21:04 ===
LDAP backend: bind reply = {ok,
{'LDAPMessage',1,
{bindResponse,
{'BindResponse',invalidCredentials,[],
[56,48,48,57,48,51,48,56,58,32,76,100,97,112,
69,114,114,58,32,68,83,73,68,45,48,67,48,57,
> 48,51,65,57,44,32,99,111,109,109,101,110,116,
> 58,32,65,99,99,101,112,116,83,101,99,117,114,
> 105,116,121,67,111,110,116,101,120,116,32,101,
> 114,114,111,114,44,32,100,97,116,97,32,53,50,
101,44,32,118,49,100,98,48,0],
asn1_NOVALUE,asn1_NOVALUE}},
asn1_NOVALUE}}
I understand the bind request is being forged with the wrong user.
Could that be a bug in the LDAP plugin?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20121010/7726fbdc/attachment.htm>
More information about the rabbitmq-discuss
mailing list