[rabbitmq-discuss] RabbitMQ 3.1.0 LDAP plugin help

chads.finishing.strong chads.finishing.strong at gmail.com
Thu May 9 13:39:01 BST 2013


Tested on Fedora 17 and 18 (x86_64)

dev$ rabbitmqctl environment

Application environment of node 'rabbit at dev-1' ...
[{auth_backends,[rabbit_auth_backend_ldap,rabbit_auth_backend_internal]},
 {auth_mechanisms,['PLAIN','AMQPLAIN']},
 {backing_queue_module,rabbit_variable_queue},
 {cluster_nodes,{[],disc}},
 {cluster_partition_handling,ignore},
 {collect_statistics,fine},
 {collect_statistics_interval,10000},
 {default_permissions,[<<".*">>,<<".*">>,<<".*">>]},
 {default_user,<<"guest">>},
 {default_user_tags,[administrator]},
 {default_vhost,<<"/">>},
 {delegate_count,16},
 {disk_free_limit,1000000000},
 {enabled_plugins_file,"/etc/rabbitmq/enabled_plugins"},
 {error_logger,{file,"/var/log/rabbitmq/rabbit at dev-1.log"}},
 {frame_max,131072},
 {heartbeat,600},
 {hipe_compile,false},
 {included_applications,[]},
 {log_levels,[{connection,info}]},
 {msg_store_file_size_limit,16777216},
 {msg_store_index_module,rabbit_msg_store_ets_index},
 {plugins_dir,"/usr/lib/rabbitmq/lib/rabbitmq_server-3.1.0/sbin/../plugins"},
 {plugins_expand_dir,"/var/lib/rabbitmq/mnesia/rabbit at dev-1-plugins-expand
"},
 {queue_index_max_journal_entries,65536},
 {rabbitmq_auth_backend_ldap,
     [{servers,["sfcodc01.example.com"]},
      {dn_lookup_attribute,"sAMAccountName"},
      {dn_lookup_base,"DC=example,DC=com"},
      {user_dn_pattern,"example\\${username}"},
      {use_ssl,false},
      {port,389},
      {log,true},
      {vhost_access_query,{constant,true}},
      {resource_access_query,{constant,true}},
      {tag_queries,
          [{administrator,{constant,true}},
           {management,{constant,true}},
           {monitoring,{constant,true}}]}]},
 {reverse_dns_lookups,false},
 {sasl_error_logger,{file,"/var/log/rabbitmq/rabbit at dev-1-sasl.log"}},
 {server_properties,[]},
 {ssl_cert_login_from,distinguished_name},
 {ssl_listeners,[]},
 {ssl_options,[]},
 {tcp_listen_options,
     [binary,
      {packet,raw},
      {reuseaddr,true},
      {backlog,128},
      {nodelay,true},
      {linger,{true,0}},
      {exit_on_close,false}]},
 {tcp_listeners,[{"127.0.0.1",5672}]},
 {trace_vhosts,[]},
 {vm_memory_high_watermark,0.4}]
...done.

dev$ cat rabbitmq.config
[

   {rabbit, [

      {tcp_listeners, [{"127.0.0.1", 5672}]},

      {log_levels, [{connection, info}]},

      {collect_statistics_interval, 10000},

      {auth_backends, [
         rabbit_auth_backend_ldap, rabbit_auth_backend_internal
      ]},

      {rabbitmq_auth_backend_ldap, [

         {servers,    ["ldap.example.com"]},
         {other_bind, {"example\\\ptdldap", "mypasswd"}},
         {dn_lookup_attribute, "sAMAccountName"},
         {dn_lookup_base, "DC=example,DC=com"},
         {user_dn_pattern,
"(&(objectClass=user)(sAMAccountName=${username})),DC=example,DC=com"},
         {use_ssl, false},
         {port, 389},
         {log, true},
         {vhost_access_query,    {constant, true}},
         {resource_access_query, {constant, true}},
         {tag_queries, [
            {administrator, {constant, true}},
            {management,    {constant, true}},
            {monitoring,    {constant, true}}
         ]}

      ]}

   ]},

   {rabbitmq_management, [{listener, [{port, 9012}]}]},

   {rabbitmq_management_agent, [{force_fine_statistics, true}]}

].

I wouldn't put money on my dn_lookup_* or user_dn_pattern settings; I'm
reaching, trying to get this to work.

As far as the logs, **"nothing"** shows up; failed or otherwise.

dev$ cat *

=INFO REPORT==== 9-May-2013::07:35:23 ===
Starting RabbitMQ 3.1.0 on Erlang R15B03
Copyright (C) 2007-2013 VMware, Inc.
Licensed under the MPL.  See http://www.rabbitmq.com/

=INFO REPORT==== 9-May-2013::07:35:23 ===
node           : rabbit at dev-1
home dir       : /var/lib/rabbitmq
cookie hash    : eGWdsIswL6rcJkTG9w+ZDQ==
log            : /var/log/rabbitmq/rabbit at dev-1.log
sasl log       : /var/log/rabbitmq/rabbit at dev-1-sasl.log
database dir   : /var/lib/rabbitmq/mnesia/rabbit at dev-1

=INFO REPORT==== 9-May-2013::07:35:24 ===
Limiting to approx 924 file handles (829 sockets)

=INFO REPORT==== 9-May-2013::07:35:24 ===
Memory limit set to 1582MB of 3955MB total.

=INFO REPORT==== 9-May-2013::07:35:24 ===
Disk free limit set to 1000MB

=INFO REPORT==== 9-May-2013::07:35:24 ===
msg_store_transient: using rabbit_msg_store_ets_index to provide index

=INFO REPORT==== 9-May-2013::07:35:24 ===
msg_store_persistent: using rabbit_msg_store_ets_index to provide index

=INFO REPORT==== 9-May-2013::07:35:24 ===
started TCP Listener on 127.0.0.1:5672

=INFO REPORT==== 9-May-2013::07:35:24 ===
Management plugin started. Port: 8012

=INFO REPORT==== 9-May-2013::07:35:24 ===
Statistics database started.

=INFO REPORT==== 9-May-2013::07:35:24 ===
Server startup complete; 8 plugins started.
 * amqp_client
 * eldap
 * mochiweb
 * rabbitmq_auth_backend_ldap
 * rabbitmq_management
 * rabbitmq_management_agent
 * rabbitmq_web_dispatch
 * webmachine

              RabbitMQ 3.1.0. Copyright (C) 2007-2013 VMware, Inc.
  ##  ##      Licensed under the MPL.  See http://www.rabbitmq.com/
  ##  ##
  ##########  Logs: /var/log/rabbitmq/rabbit at dev-1.log
  ######  ##        /var/log/rabbitmq/rabbit at dev-1-sasl.log
  ##########
              Starting broker... completed with 8 plugins.


On Thu, May 9, 2013 at 4:58 AM, Simon MacMullen <simon at rabbitmq.com> wrote:

> On 08/05/13 17:40, chads.finishing.strong wrote:
>
>> Simon, I did get your response; thanks. The rabbitmq.config portion I
>> listed, is under
>> rabbitmq_auth_backend_ldap. The ldap plugin is enabled and loaded. A
>> tcpdump shows that
>> it is indeed communicating with the ldap server.
>>
>> The issues are
>>
>> (1) the plugin is not logging debug info; neither {log, true} or {log,
>> network} work
>> (2) I'm unable to authenticate via ldap
>>
>
> Hmm.
>
> The log config item definitely works. What does "rabbitmqctl environment"
> say?
>
> When you say "I'm unable to authenticate via ldap", what *does* show up in
> then logs?
>
> Can you post your complete config?
>
> Cheers, Simon
>
>
> --
> Simon MacMullen
> RabbitMQ, Pivotal
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130509/1f3c1e82/attachment.htm>


More information about the rabbitmq-discuss mailing list