Hi,
I've been stuck on this for the past week or so. I'm trying to login to the Rabbit management UI, but I get user isn't a member of the management group.
WIndows LDAP
I've did a LDAP query test using ldapsearch and it does come back with a list of users in the group.
The RabbitMQ logs shows this when logging in, however the user in question is a member of the Admin and management security groups.
[info] <0.1328.0> LDAP CHECK: login for
joe-...@example.dev[info] <0.409.0> LDAP bind succeeded: CN=xxxx,OU=xxxx,OU=xxxx,OU=xxxx,DC=xxxx,DC=xxxx,DC=xxxx
[info] <0.409.0> LDAP filling template "${username}" with
[info] <0.409.0> [{username,<<“
joe-...@example.dev">>}]
[info] <0.409.0> LDAP template result: “
joe-...@example.dev"
[info] <0.409.0> LDAP DN lookup:
joe-...@example.dev -> CN=Joe Test,OU=Infra,OU=Users,OU=Cloud,DC=example,DC=dev
[info] <0.409.0> LDAP bind succeeded: CN=xxxx,OU=xxxx,OU=xxxx,OU=xxxx,DC=xxxx,DC=xxxx,DC=xxxx
[info] <0.409.0> LDAP CHECK: does
joe-...@example.dev have tag administrator?
[info] <0.409.0> LDAP evaluating query: {constant,false}
[info] <0.409.0> LDAP evaluated constant: false
[info] <0.409.0> LDAP DECISION: does
joe-...@example.dev have tag administrator? false
[info] <0.1328.0> LDAP DECISION: login for
joe-...@example.dev: ok
[debug] <0.1328.0> User ‘
joe-...@example.dev' authenticated successfully by backend rabbit_auth_backend_ldap
[warning] <0.1328.0> HTTP access denied: user ‘
joe-...@example.dev' - Not management user
rabbitmq.conf cluster_name = nonprod-rabbitmq
auth_backends.3 = rabbit_auth_backend_internal
auth_backends.1 = rabbit_auth_backend_ldap
auth_backends.2 = internal
auth_ldap.dn_lookup_base = OU=Users,OU=Cloud,DC=example,DC=dev
auth_ldap.connection_pool_size = 256
auth_ldap.idle_timeout = 30000
auth_ldap.use_ssl = false
auth_ldap.use_starttls = false
auth_ldap.servers.1 =
example.dev log.file.level = debug
auth_ldap.dn_lookup_bind.user_dn = CN=svc.ldap,OU=Service Accounts,OU=Users,OU=Cloud,DC=example,DC=dev
auth_ldap.dn_lookup_bind.password = secure
auth_ldap.dn_lookup_attribute = userPrincipalName
auth_ldap.log = true
advanced.conf [
{rabbit_auth_backend_ldap, [
,{group_lookup_base, "OU=Users,OU=Cloud,DC=example,DC=dev"}
,{tag_queries, [
{administrator, { in_group, "CN=RabbitMQ_Administrators,OU=Groups,OU=Users,OU=Cloud,DC=example,DC=dev","member" }},
{management, { in_group, "CN=RabbitMQ_Management,OU=Groups,OU=Users,OU=Cloud,DC=example,DC=dev","member"}}
]}
]}
}].