[rabbitmq-discuss] RabbitMQ LDAP Configuration

Fri May 2 14:32:46 BST 2014

We upgraded to 3.3.0 and it is working now with dn_lookup_bind. We bind first with svc-ldap and then bind as the user.

Thank you for the assistance.

From: rabbitmq-discuss [mailto:rabbitmq-discuss-bounces at lists.rabbitmq.com] On Behalf Of Jason McIntosh
Sent: Friday, May 02, 2014 7:22 AM
To: Discussions about RabbitMQ
Subject: Re: [rabbitmq-discuss] RabbitMQ LDAP Configuration

On Active Directory - the only way to do authentication is by bind authentication.  Authorization of course is a different discussion.  AD doesn't give you direct access to the passwords for users via ldap.

Jason

On Fri, May 2, 2014 at 8:11 AM, Mark Soderquist <SoderquistMV at ldschurch.org<mailto:SoderquistMV at ldschurch.org>> wrote:
We definitely need to bind first with svc-ldap, I'm not sure yet whether we bind with the user credentials or just do a lookup. I have to figure that one out.

We currently have 3.2.4 installed so that makes sense why dn_lookup_bind is not working as expected. We'll update to the latest and give that a try.

Mark

-----Original Message-----
From: Simon MacMullen [mailto:simon at rabbitmq.com<mailto:simon at rabbitmq.com>]
Sent: Friday, May 02, 2014 2:03 AM
To: Discussions about RabbitMQ; Mark Soderquist
Subject: Re: [rabbitmq-discuss] RabbitMQ LDAP Configuration

On 01/05/2014 20:04, Mark Soderquist wrote:
> We are
> required to authenticate using the svc-ldap account before making
> queries.

Just to be clear, are you saying that you want to bind first with svc-ldap to look up a user's DN, before binding with their credentials (which is supported) or that you want to only ever bind with svc-ldap and never with the user's creds (which is not)?

> We have tried several different configuration options but nothing has
> worked so far. Here is the configuration we thought most likely to
> work:

<snip>

If you are going for the former choice, that should work. However, from your log it looks like dn_lookup_bind is being ignored. dn_lookup_bind is new in RabbitMQ 3.3.0, so are you using an earlier version?

Cheers, Simon

 NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
_______________________________________________
rabbitmq-discuss mailing list
rabbitmq-discuss at lists.rabbitmq.com<mailto:rabbitmq-discuss at lists.rabbitmq.com>
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss<https://urldefense.proofpoint.com/v1/url?u=https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss&k=wlPCrglRP6kzT4RbABWMaw%3D%3D%0A&r=x%2BoSSw1f95Au%2BZ5GVcjhyy%2BZIjVIfBi1eHMAQKueqpE%3D%0A&m=SHF9jdT6LhyH%2B15mY2Nq4G361dnX4VWvrzpDBHsGsWg%3D%0A&s=76abe78b7bf4c29713761810bfecc6515c7b171d06022c325fdb2c1913da30d4>

--
Jason McIntosh
https://github.com/jasonmcintosh/<https://urldefense.proofpoint.com/v1/url?u=https://github.com/jasonmcintosh/&k=wlPCrglRP6kzT4RbABWMaw%3D%3D%0A&r=x%2BoSSw1f95Au%2BZ5GVcjhyy%2BZIjVIfBi1eHMAQKueqpE%3D%0A&m=SHF9jdT6LhyH%2B15mY2Nq4G361dnX4VWvrzpDBHsGsWg%3D%0A&s=05cd5c03421a13cd0f248384b6192e568b9c4c1cf6c0216a2e930dfcb5f99cf0>
573-424-7612

 NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140502/06bec742/attachment.html>