LDAP with Multiple Distinguished Name Patterns in RabbitMQ

173 views
Skip to first unread message

Nishant Kumar

unread,
Nov 17, 2022, 7:54:24 AM11/17/22
to rabbitmq-users

I need to add multiple DN (Distinguished Name) patterns to allow users from multiple OUs to login .

Kindly suggest .

I have added the below configuration to 'advanced.config' file ::

[ {rabbit, [ {auth_backends, [rabbit_auth_backend_ldap]} ]}, {rabbitmq_auth_backend_ldap, [ {servers, ["---.---.---.---"]}, {dn_lookup_attribute, "distinguishedName"}, {dn_lookup_base,"OU=--,DC=--,DC=--,DC=com"}, { user_dn_pattern,{'or', [ {"CN=${username},OU=<OU_1>,OU=Standard,OU=Users,DC=net,DC=<org>,DC=com"}, {"CN=${username},OU=<OU_2>,OU=Standard,OU=Users,DC=net,DC=<org>,DC=com"} ] } }, {port, 636}, {log, network}, {tag_queries, [ {administrator, {in_group,"CN=<Group Name>,OU=Security,OU=Groups,DC=net,DC=<org>,DC=com"}}, {management, {in_group,"CN=<Group Name>,OU=Security,OU=Groups,DC=net,DC=<org>,DC=com","member"}} ]}, {vhost_access_query, {constant, true}} ]} ].

With the reference to https://www.rabbitmq.com/ldap.html , 'Boolean Queries' I have added 'or' in user_dn_pattern .

Can you please share suggestions for this ? How we can add 2 user_dn_patterns for this ?

  • Tried to combine 2 DN patterns using Boolean based queries in LDAP for RabbitMQ .

But that did not work for me . 

Can you please suggest wjat else can I try from my end ? 

Luke Bakken

unread,
Nov 17, 2022, 10:23:23 AM11/17/22
to rabbitmq-users
"or" is not supported by user_dn_pattern

You will have to create a parent LDAP group that combines both of the groups you wish to query.

Poobear

unread,
Nov 17, 2022, 5:03:16 PM11/17/22
to rabbitmq-users
is the "or" pattern supported by the "dn_lookup_base" or list syntax ? [{},{}]

Luke Bakken

unread,
Nov 17, 2022, 5:16:12 PM11/17/22
to rabbitmq-users
The documentation is clear, please read it.

OR is only supported within the authorization configuration.

https://www.rabbitmq.com/ldap.html#authorisation

Nishant Kumar

unread,
Nov 17, 2022, 11:45:30 PM11/17/22
to rabbitmq-users
Hi All , 

If not , how can I combine both the DN patterns ? 

Nishant Kumar

unread,
Nov 17, 2022, 11:45:57 PM11/17/22
to rabbitmq-users
Is there any way we can avoid creating a Parent group and combine both the DN patterns ?? 

Luke Bakken

unread,
Nov 18, 2022, 10:27:13 AM11/18/22
to rabbitmq-users
I have clearly stated that this is not supported. Continuing to ask the same question over and over won't change RabbitMQ's behavior.

Nishant Kumar

unread,
Nov 20, 2022, 11:55:39 PM11/20/22
to rabbitmq-users
Hi Luke, 

Thank you for your help  . 
I am sorry I missed that . 

Regards,
Nishant 


Reply all
Reply to author
Forward
0 new messages