[rabbitmq-discuss] Error trying to configure rabbit_auth_backend_ldap
Eric Cozzi
n16483 at cray.com
Wed May 22 16:22:47 BST 2013
I am trying to configure rabbit_auth_backend_ldap as a backing auth for
passwordless login using rabbitmq_auth_mechanism_ssl, but I am getting
the following error. I've also included my rabbitmq.config file for
reference.
Any help would be appreciated.
Thanks,
Eric
Logfile:
=ERROR REPORT==== 22-May-2013::09:32:37 ===
** Generic server rabbit_auth_backend_ldap terminating
** Last message in was {login,<<"O=client,CN=ecozzi-01">>}
** When Server state == {state,
["192.168.252.5"],
"cn=${username},ou=msgbus,dc=cray,dc=com",none,none,
as_user,
{in_group,
"ou=${vhost}-users,ou=vhosts,dc=cray,dc=com"},
{for,
[{permission,configure,
{in_group,"cn=admin,dc=cray,dc=com"}},
{permission,write,
{for,
[{resource,queue,
{in_group,"cn=admin,dc=cray,dc=com"}},
{resource,exchange,{constant,true}}]}},
{permission,read,
{for,
[{resource,exchange,
{in_group,"cn=admin,dc=cray,dc=com"}},
{resource,queue,{constant,true}}]}}]},
[{administrator,{constant,false}},
{management,{constant,true}}],
false,network,389}
** Reason for termination ==
** as_user_no_password
=INFO REPORT==== 22-May-2013::09:32:37 ===
LDAP CHECK: passwordless login for O=client,CN=ecozzi-01
=ERROR REPORT==== 22-May-2013::09:32:40 ===
closing AMQP connection <0.4824.0> (192.168.252.1:41297 ->
192.168.252.1:5671):
{handshake_error,starting,0,
{exit,
{as_user_no_password,
{gen_server,call,
[rabbit_auth_backend_ldap,
{login,<<"O=client,CN=ecozzi-01">>},
infinity]}},
'connection.start_ok',
[{gen_server,call,3,[{file,"gen_server.erl"},{line,188}]},
{rabbit_access_control,'-check_user_login/2-fun-0-',4,[]},
{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,227}]}]}}
rabbitmq.config:
[
{rabbit,
[
{hipe_compile, true},
{tcp_listen_options,
[binary,
{packet,raw},
{reuseaddr,true},
{backlog,128},
{nodelay,true},
{exit_on_close,false}
]
},
{auth_mechanisms, ['EXTERNAL']},
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/opt/cray/ssl/testca/cacert.pem"},
{certfile,"/opt/cray/ssl/server-01/cert.pem"},
{keyfile,"/opt/cray/ssl/server-01/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,true}
]
},
{auth_backends, [rabbit_auth_backend_ldap]}
]
},
{rabbitmq_auth_backend_ldap,
[
{servers, ["192.168.252.5"]},
{user_dn_pattern, "cn=${username},ou=msgbus,dc=cray,dc=com"},
{use_ssl, false},
{port, 389},
{log, network},
{vhost_access_query, {in_group,
"ou=${vhost}-users,ou=vhosts,dc=cray,dc=com"}},
{resource_access_query,
{for, [
{permission, configure, {in_group,
"cn=admin,dc=cray,dc=com"}},
{permission, write,
{for, [{resource, queue, {in_group,
"cn=admin,dc=cray,dc=com"}},
{resource, exchange, {constant, true}}]}},
{permission, read,
{for, [{resource, exchange, {in_group,
"cn=admin,dc=cray,dc=com"}},
{resource, queue, {constant, true}}]}}
]
}
},
{tag_queries, [
{administrator, {constant, false}},
{management, {constant, true}}
]
}
]
}
].
More information about the rabbitmq-discuss
mailing list