[rabbitmq-discuss] RabbitMQ LDAP Configuration

Jason McIntosh mcintoshj at gmail.com
Fri May 2 14:22:21 BST 2014


On Active Directory - the only way to do authentication is by bind
authentication.  Authorization of course is a different discussion.  AD
doesn't give you direct access to the passwords for users via ldap.

Jason


On Fri, May 2, 2014 at 8:11 AM, Mark Soderquist
<SoderquistMV at ldschurch.org>wrote:

> We definitely need to bind first with svc-ldap, I'm not sure yet whether
> we bind with the user credentials or just do a lookup. I have to figure
> that one out.
>
> We currently have 3.2.4 installed so that makes sense why dn_lookup_bind
> is not working as expected. We'll update to the latest and give that a try.
>
> Mark
>
> -----Original Message-----
> From: Simon MacMullen [mailto:simon at rabbitmq.com]
> Sent: Friday, May 02, 2014 2:03 AM
> To: Discussions about RabbitMQ; Mark Soderquist
> Subject: Re: [rabbitmq-discuss] RabbitMQ LDAP Configuration
>
> On 01/05/2014 20:04, Mark Soderquist wrote:
> > We are
> > required to authenticate using the svc-ldap account before making
> > queries.
>
> Just to be clear, are you saying that you want to bind first with svc-ldap
> to look up a user's DN, before binding with their credentials (which is
> supported) or that you want to only ever bind with svc-ldap and never with
> the user's creds (which is not)?
>
> > We have tried several different configuration options but nothing has
> > worked so far. Here is the configuration we thought most likely to
> > work:
>
> <snip>
>
> If you are going for the former choice, that should work. However, from
> your log it looks like dn_lookup_bind is being ignored. dn_lookup_bind is
> new in RabbitMQ 3.3.0, so are you using an earlier version?
>
> Cheers, Simon
>
>
>  NOTICE: This email message is for the sole use of the intended
> recipient(s) and may contain confidential and privileged information. Any
> unauthorized review, use, disclosure or distribution is prohibited. If you
> are not the intended recipient, please contact the sender by reply email
> and destroy all copies of the original message.
>
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>



-- 
Jason McIntosh
https://github.com/jasonmcintosh/
573-424-7612
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140502/19034559/attachment.html>


More information about the rabbitmq-discuss mailing list