[rabbitmq-discuss] OpenLDAP-based auth with 'other_bind' option: no DN attribute?

Jan Kaliszewski jan.kaliszewski at nask.pl
Fri Dec 6 13:32:00 GMT 2013


2013-12-06 12:21, Simon MacMullen <simon at rabbitmq.com> dixit:

[...]
> Yes, I've been able to replicate this. Most of the LDAP plugin was 
> developed against OpenLDAP, but the dn_lookup_attribute /
> dn_lookup_base feature was added to address the common idiom of
> logging in with a non-DN username in Active Directory, and I guess I
> never tested it against OpenLDAP. So I'll file a bug for this (your
> fix looks correct, but I want to make sure it doesn't break against
> AD).

Awesome, thanks!

> Out of curiosity, is there a reason why you don't set 
> ssl_cert_login_from to distinguished_name and skip this lookup step?
> Or do the DNs in the certs not match the DNs in LDAP?

That's true: unfortunately they do not.

Cheers,
*j

-- 
Jan Kaliszewski <jan.kaliszewski at nask.pl>


More information about the rabbitmq-discuss mailing list