[rabbitmq-discuss] RabbitMQ 3.1.0 LDAP plugin help

Simon MacMullen simon at rabbitmq.com
Thu May 9 13:51:18 BST 2013 

The rabbitmq_auth_backend_ldap element should not be nested within the 
rabbit element; it should be a peer of it like rabbitmq_management and 
rabbitmq_management_agent. Your whole LDAP config is being ignored.

Cheers, Simon

On 09/05/13 13:39, chads.finishing.strong wrote:
> Tested on Fedora 17 and 18 (x86_64)
>
> dev$ rabbitmqctl environment
>
> Application environment of node 'rabbit at dev-1' ...
> [{auth_backends,[rabbit_auth_backend_ldap,rabbit_auth_backend_internal]},
>   {auth_mechanisms,['PLAIN','AMQPLAIN']},
>   {backing_queue_module,rabbit_variable_queue},
>   {cluster_nodes,{[],disc}},
>   {cluster_partition_handling,ignore},
>   {collect_statistics,fine},
>   {collect_statistics_interval,10000},
>   {default_permissions,[<<".*">>,<<".*">>,<<".*">>]},
>   {default_user,<<"guest">>},
>   {default_user_tags,[administrator]},
>   {default_vhost,<<"/">>},
>   {delegate_count,16},
>   {disk_free_limit,1000000000},
>   {enabled_plugins_file,"/etc/rabbitmq/enabled_plugins"},
>   {error_logger,{file,"/var/log/rabbitmq/rabbit at dev-1.log"}},
>   {frame_max,131072},
>   {heartbeat,600},
>   {hipe_compile,false},
>   {included_applications,[]},
>   {log_levels,[{connection,info}]},
>   {msg_store_file_size_limit,16777216},
>   {msg_store_index_module,rabbit_msg_store_ets_index},
>   {plugins_dir,"/usr/lib/rabbitmq/lib/rabbitmq_server-3.1.0/sbin/../plugins"},
>   {plugins_expand_dir,"/var/lib/rabbitmq/mnesia/rabbit at dev-1-plugins-expand"},
>   {queue_index_max_journal_entries,65536},
>   {rabbitmq_auth_backend_ldap,
>       [{servers,["sfcodc01.example.com <http://sfcodc01.example.com>"]},
>        {dn_lookup_attribute,"sAMAccountName"},
>        {dn_lookup_base,"DC=example,DC=com"},
>        {user_dn_pattern,"example\\${username}"},
>        {use_ssl,false},
>        {port,389},
>        {log,true},
>        {vhost_access_query,{constant,true}},
>        {resource_access_query,{constant,true}},
>        {tag_queries,
>            [{administrator,{constant,true}},
>             {management,{constant,true}},
>             {monitoring,{constant,true}}]}]},
>   {reverse_dns_lookups,false},
>   {sasl_error_logger,{file,"/var/log/rabbitmq/rabbit at dev-1-sasl.log"}},
>   {server_properties,[]},
>   {ssl_cert_login_from,distinguished_name},
>   {ssl_listeners,[]},
>   {ssl_options,[]},
>   {tcp_listen_options,
>       [binary,
>        {packet,raw},
>        {reuseaddr,true},
>        {backlog,128},
>        {nodelay,true},
>        {linger,{true,0}},
>        {exit_on_close,false}]},
>   {tcp_listeners,[{"127.0.0.1",5672}]},
>   {trace_vhosts,[]},
>   {vm_memory_high_watermark,0.4}]
> ...done.
>
> dev$ cat rabbitmq.config
> [
>
>     {rabbit, [
>
>        {tcp_listeners, [{"127.0.0.1", 5672}]},
>
>        {log_levels, [{connection, info}]},
>
>        {collect_statistics_interval, 10000},
>
>        {auth_backends, [
>           rabbit_auth_backend_ldap, rabbit_auth_backend_internal
>        ]},
>
>        {rabbitmq_auth_backend_ldap, [
>
>           {servers,    ["ldap.example.com <http://ldap.example.com>"]},
>           {other_bind, {"example\\\ptdldap", "mypasswd"}},
>           {dn_lookup_attribute, "sAMAccountName"},
>           {dn_lookup_base, "DC=example,DC=com"},
>           {user_dn_pattern,
> "(&(objectClass=user)(sAMAccountName=${username})),DC=example,DC=com"},
>           {use_ssl, false},
>           {port, 389},
>           {log, true},
>           {vhost_access_query,    {constant, true}},
>           {resource_access_query, {constant, true}},
>           {tag_queries, [
>              {administrator, {constant, true}},
>              {management,    {constant, true}},
>              {monitoring,    {constant, true}}
>           ]}
>
>        ]}
>
>     ]},
>
>     {rabbitmq_management, [{listener, [{port, 9012}]}]},
>
>     {rabbitmq_management_agent, [{force_fine_statistics, true}]}
>
> ].
>
> I wouldn't put money on my dn_lookup_* or user_dn_pattern settings; I'm
> reaching, trying to get this to work.
>
> As far as the logs, **"nothing"** shows up; failed or otherwise.
>
> dev$ cat *
>
> =INFO REPORT==== 9-May-2013::07:35:23 ===
> Starting RabbitMQ 3.1.0 on Erlang R15B03
> Copyright (C) 2007-2013 VMware, Inc.
> Licensed under the MPL.  See http://www.rabbitmq.com/
>
> =INFO REPORT==== 9-May-2013::07:35:23 ===
> node           : rabbit at dev-1
> home dir       : /var/lib/rabbitmq
> cookie hash    : eGWdsIswL6rcJkTG9w+ZDQ==
> log            : /var/log/rabbitmq/rabbit at dev-1.log
> sasl log       : /var/log/rabbitmq/rabbit at dev-1-sasl.log
> database dir   : /var/lib/rabbitmq/mnesia/rabbit at dev-1
>
> =INFO REPORT==== 9-May-2013::07:35:24 ===
> Limiting to approx 924 file handles (829 sockets)
>
> =INFO REPORT==== 9-May-2013::07:35:24 ===
> Memory limit set to 1582MB of 3955MB total.
>
> =INFO REPORT==== 9-May-2013::07:35:24 ===
> Disk free limit set to 1000MB
>
> =INFO REPORT==== 9-May-2013::07:35:24 ===
> msg_store_transient: using rabbit_msg_store_ets_index to provide index
>
> =INFO REPORT==== 9-May-2013::07:35:24 ===
> msg_store_persistent: using rabbit_msg_store_ets_index to provide index
>
> =INFO REPORT==== 9-May-2013::07:35:24 ===
> started TCP Listener on 127.0.0.1:5672 <http://127.0.0.1:5672>
>
> =INFO REPORT==== 9-May-2013::07:35:24 ===
> Management plugin started. Port: 8012
>
> =INFO REPORT==== 9-May-2013::07:35:24 ===
> Statistics database started.
>
> =INFO REPORT==== 9-May-2013::07:35:24 ===
> Server startup complete; 8 plugins started.
>   * amqp_client
>   * eldap
>   * mochiweb
>   * rabbitmq_auth_backend_ldap
>   * rabbitmq_management
>   * rabbitmq_management_agent
>   * rabbitmq_web_dispatch
>   * webmachine
>
>                RabbitMQ 3.1.0. Copyright (C) 2007-2013 VMware, Inc.
>    ##  ##      Licensed under the MPL.  See http://www.rabbitmq.com/
>    ##  ##
>    ##########  Logs: /var/log/rabbitmq/rabbit at dev-1.log
>    ######  ##        /var/log/rabbitmq/rabbit at dev-1-sasl.log
>    ##########
>                Starting broker... completed with 8 plugins.
>
>
> On Thu, May 9, 2013 at 4:58 AM, Simon MacMullen <simon at rabbitmq.com
> <mailto:simon at rabbitmq.com>> wrote:
>
>     On 08/05/13 17:40, chads.finishing.strong wrote:
>
>         Simon, I did get your response; thanks. The rabbitmq.config
>         portion I
>         listed, is under
>         rabbitmq_auth_backend_ldap. The ldap plugin is enabled and loaded. A
>         tcpdump shows that
>         it is indeed communicating with the ldap server.
>
>         The issues are
>
>         (1) the plugin is not logging debug info; neither {log, true} or
>         {log,
>         network} work
>         (2) I'm unable to authenticate via ldap
>
>
>     Hmm.
>
>     The log config item definitely works. What does "rabbitmqctl
>     environment" say?
>
>     When you say "I'm unable to authenticate via ldap", what *does* show
>     up in then logs?
>
>     Can you post your complete config?
>
>     Cheers, Simon
>
>
>     --
>     Simon MacMullen
>     RabbitMQ, Pivotal
>
>


-- 
Simon MacMullen
RabbitMQ, Pivotal

More information about the rabbitmq-discuss mailing list