[rabbitmq-discuss] OpenLDAP-based auth with 'other_bind' option: no DN attribute?
Jan Kaliszewski
jan.kaliszewski at nask.pl
Fri Dec 6 13:32:00 GMT 2013
2013-12-06 12:21, Simon MacMullen <simon at rabbitmq.com> dixit:
[...]
> Yes, I've been able to replicate this. Most of the LDAP plugin was
> developed against OpenLDAP, but the dn_lookup_attribute /
> dn_lookup_base feature was added to address the common idiom of
> logging in with a non-DN username in Active Directory, and I guess I
> never tested it against OpenLDAP. So I'll file a bug for this (your
> fix looks correct, but I want to make sure it doesn't break against
> AD).
Awesome, thanks!
> Out of curiosity, is there a reason why you don't set
> ssl_cert_login_from to distinguished_name and skip this lookup step?
> Or do the DNs in the certs not match the DNs in LDAP?
That's true: unfortunately they do not.
Cheers,
*j
--
Jan Kaliszewski <jan.kaliszewski at nask.pl>
More information about the rabbitmq-discuss
mailing list