[rabbitmq-discuss] RabbitMQ 3.1.0 LDAP plugin help
chads.finishing.strong
chads.finishing.strong at gmail.com
Thu May 9 13:39:01 BST 2013
Tested on Fedora 17 and 18 (x86_64)
dev$ rabbitmqctl environment
Application environment of node 'rabbit at dev-1' ...
[{auth_backends,[rabbit_auth_backend_ldap,rabbit_auth_backend_internal]},
{auth_mechanisms,['PLAIN','AMQPLAIN']},
{backing_queue_module,rabbit_variable_queue},
{cluster_nodes,{[],disc}},
{cluster_partition_handling,ignore},
{collect_statistics,fine},
{collect_statistics_interval,10000},
{default_permissions,[<<".*">>,<<".*">>,<<".*">>]},
{default_user,<<"guest">>},
{default_user_tags,[administrator]},
{default_vhost,<<"/">>},
{delegate_count,16},
{disk_free_limit,1000000000},
{enabled_plugins_file,"/etc/rabbitmq/enabled_plugins"},
{error_logger,{file,"/var/log/rabbitmq/rabbit at dev-1.log"}},
{frame_max,131072},
{heartbeat,600},
{hipe_compile,false},
{included_applications,[]},
{log_levels,[{connection,info}]},
{msg_store_file_size_limit,16777216},
{msg_store_index_module,rabbit_msg_store_ets_index},
{plugins_dir,"/usr/lib/rabbitmq/lib/rabbitmq_server-3.1.0/sbin/../plugins"},
{plugins_expand_dir,"/var/lib/rabbitmq/mnesia/rabbit at dev-1-plugins-expand
"},
{queue_index_max_journal_entries,65536},
{rabbitmq_auth_backend_ldap,
[{servers,["sfcodc01.example.com"]},
{dn_lookup_attribute,"sAMAccountName"},
{dn_lookup_base,"DC=example,DC=com"},
{user_dn_pattern,"example\\${username}"},
{use_ssl,false},
{port,389},
{log,true},
{vhost_access_query,{constant,true}},
{resource_access_query,{constant,true}},
{tag_queries,
[{administrator,{constant,true}},
{management,{constant,true}},
{monitoring,{constant,true}}]}]},
{reverse_dns_lookups,false},
{sasl_error_logger,{file,"/var/log/rabbitmq/rabbit at dev-1-sasl.log"}},
{server_properties,[]},
{ssl_cert_login_from,distinguished_name},
{ssl_listeners,[]},
{ssl_options,[]},
{tcp_listen_options,
[binary,
{packet,raw},
{reuseaddr,true},
{backlog,128},
{nodelay,true},
{linger,{true,0}},
{exit_on_close,false}]},
{tcp_listeners,[{"127.0.0.1",5672}]},
{trace_vhosts,[]},
{vm_memory_high_watermark,0.4}]
...done.
dev$ cat rabbitmq.config
[
{rabbit, [
{tcp_listeners, [{"127.0.0.1", 5672}]},
{log_levels, [{connection, info}]},
{collect_statistics_interval, 10000},
{auth_backends, [
rabbit_auth_backend_ldap, rabbit_auth_backend_internal
]},
{rabbitmq_auth_backend_ldap, [
{servers, ["ldap.example.com"]},
{other_bind, {"example\\\ptdldap", "mypasswd"}},
{dn_lookup_attribute, "sAMAccountName"},
{dn_lookup_base, "DC=example,DC=com"},
{user_dn_pattern,
"(&(objectClass=user)(sAMAccountName=${username})),DC=example,DC=com"},
{use_ssl, false},
{port, 389},
{log, true},
{vhost_access_query, {constant, true}},
{resource_access_query, {constant, true}},
{tag_queries, [
{administrator, {constant, true}},
{management, {constant, true}},
{monitoring, {constant, true}}
]}
]}
]},
{rabbitmq_management, [{listener, [{port, 9012}]}]},
{rabbitmq_management_agent, [{force_fine_statistics, true}]}
].
I wouldn't put money on my dn_lookup_* or user_dn_pattern settings; I'm
reaching, trying to get this to work.
As far as the logs, **"nothing"** shows up; failed or otherwise.
dev$ cat *
=INFO REPORT==== 9-May-2013::07:35:23 ===
Starting RabbitMQ 3.1.0 on Erlang R15B03
Copyright (C) 2007-2013 VMware, Inc.
Licensed under the MPL. See http://www.rabbitmq.com/
=INFO REPORT==== 9-May-2013::07:35:23 ===
node : rabbit at dev-1
home dir : /var/lib/rabbitmq
cookie hash : eGWdsIswL6rcJkTG9w+ZDQ==
log : /var/log/rabbitmq/rabbit at dev-1.log
sasl log : /var/log/rabbitmq/rabbit at dev-1-sasl.log
database dir : /var/lib/rabbitmq/mnesia/rabbit at dev-1
=INFO REPORT==== 9-May-2013::07:35:24 ===
Limiting to approx 924 file handles (829 sockets)
=INFO REPORT==== 9-May-2013::07:35:24 ===
Memory limit set to 1582MB of 3955MB total.
=INFO REPORT==== 9-May-2013::07:35:24 ===
Disk free limit set to 1000MB
=INFO REPORT==== 9-May-2013::07:35:24 ===
msg_store_transient: using rabbit_msg_store_ets_index to provide index
=INFO REPORT==== 9-May-2013::07:35:24 ===
msg_store_persistent: using rabbit_msg_store_ets_index to provide index
=INFO REPORT==== 9-May-2013::07:35:24 ===
started TCP Listener on 127.0.0.1:5672
=INFO REPORT==== 9-May-2013::07:35:24 ===
Management plugin started. Port: 8012
=INFO REPORT==== 9-May-2013::07:35:24 ===
Statistics database started.
=INFO REPORT==== 9-May-2013::07:35:24 ===
Server startup complete; 8 plugins started.
* amqp_client
* eldap
* mochiweb
* rabbitmq_auth_backend_ldap
* rabbitmq_management
* rabbitmq_management_agent
* rabbitmq_web_dispatch
* webmachine
RabbitMQ 3.1.0. Copyright (C) 2007-2013 VMware, Inc.
## ## Licensed under the MPL. See http://www.rabbitmq.com/
## ##
########## Logs: /var/log/rabbitmq/rabbit at dev-1.log
###### ## /var/log/rabbitmq/rabbit at dev-1-sasl.log
##########
Starting broker... completed with 8 plugins.
On Thu, May 9, 2013 at 4:58 AM, Simon MacMullen <simon at rabbitmq.com> wrote:
> On 08/05/13 17:40, chads.finishing.strong wrote:
>
>> Simon, I did get your response; thanks. The rabbitmq.config portion I
>> listed, is under
>> rabbitmq_auth_backend_ldap. The ldap plugin is enabled and loaded. A
>> tcpdump shows that
>> it is indeed communicating with the ldap server.
>>
>> The issues are
>>
>> (1) the plugin is not logging debug info; neither {log, true} or {log,
>> network} work
>> (2) I'm unable to authenticate via ldap
>>
>
> Hmm.
>
> The log config item definitely works. What does "rabbitmqctl environment"
> say?
>
> When you say "I'm unable to authenticate via ldap", what *does* show up in
> then logs?
>
> Can you post your complete config?
>
> Cheers, Simon
>
>
> --
> Simon MacMullen
> RabbitMQ, Pivotal
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130509/1f3c1e82/attachment.htm>
More information about the rabbitmq-discuss
mailing list