[rabbitmq-discuss] Dual domain ldap configuration

• Previous message: [rabbitmq-discuss] Dual domain ldap configuration
• Next message: [rabbitmq-discuss] Feature: rabbitmq-management: Display "Time To Empty" for queues
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm afraid that's not possible; we assume one LDAP configuration.

So you could connect two clusters with shovel / federation. Other things 
you could do, of varying degrees of hackishness:

* Use a single cluster, with different nodes of the cluster configured 
to talk to different LDAP servers (nothing says all cluster nodes need 
to have the same auth setup). Clients would need to know which node to 
connect to obviously.

* Create a patched clone of the LDAP plugin called 
rabbit_auth_backend_ldap2 or whatever, and configure "both" plugins 
seperately.

* Create an LDAP proxy which talks to both LDAP servers. A quick Google 
suggests that OpenLDAP with back-ldap and suffixmassage might be one 
route to do this.

Cheers, Simon

On 02/06/2014 21:19, Pieter Erzeel wrote:
> Hi,
>
> I have a bit of a problem getting the LDAP configuration right for my
> rabbitmq setup.
>
> The broker should be able to authenticate users that live in different
> LDAP servers for different domains. We have an internal LDAP server and
> an external one for the DMZ.
>
> Obviously the DN’s aren’t the same, so I would have to configure
> different binding parameters for each server.
>
> Is this possible? Or can this only be done by basically setting up two
> separate clusters with federation?
>
> Pieter
>
>
>
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>

• Previous message: [rabbitmq-discuss] Dual domain ldap configuration
• Next message: [rabbitmq-discuss] Feature: rabbitmq-management: Display "Time To Empty" for queues
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]