How to integrate or Configure the LDAP auth with Rabbitmq in container environment
261 views
Skip to first unread message
Bharadwaj G
Jan 25, 2023, 11:37:14 AM1/25/23
to rabbitmq-users
Hi,
i am looking configuration process or Steps to integrate the LDAP with RabbitMQ running in Container environment.
Thanks in advance ...
Luke Bakken
Jan 25, 2023, 6:31:31 PM1/25/23
to rabbitmq-users
LDAP configuration is the same whether or not you're using containers - https://www.rabbitmq.com/ldap.html
Marcial Rosales
Jan 26, 2023, 6:29:55 AM1/26/23
to rabbitmq-users
Furthermore, in this guide you can find various ldap scenarios. Ldap is deployed as a container whereas RabbitMQ runs locally. However, it could easily run in a container too as Luke pointed out.
Bharadwaj G
Jan 26, 2023, 10:36:22 AM1/26/23
to rabbitmq-users
Thanks to both,
Thanks in advance .....
am facing ( [warning] <0.830.0> HTTP access denied:) tried to implement the RabbitMQ(Docker Container) with LDAP Authentication.
steps followed as per the below, kindly suggest anything missing or suggest how to solve the HTTP Access Denied ....
Option-A
1. Run the container docker run -d --hostname my-rabbit --name MfgiotRabbitmq -p 15672:15672 -p 5672:5672 -p 1883:1883 -p 389:389 rabbitmq:3.9-management
2. prepare the rabbitmq.config
[
{rabbit, [
{auth_backends, [rabbit_auth_backend_ldap]}
]},
{rabbitmq_auth_backend_ldap, [
{servers, ["corporate server name"]},
{user_dn_pattern, "CN=${username},OU=Standard,OU=Users,DC=cor,DC=cor,DC=com"},
{port,389},
{tag_queries, [
{administrator, {constant, false}},
{management, {constant, true }}
]}
]}
].
3. copy the file to container at location of /etc/rabbitmq
4. Restart the container
5. enable the plugin: rabbitmq-plugins enable rabbitmq_auth_backend_ldap
6. i am getting HTTP Access denied warning while trying to enter the username from the rabbitmq console
option-B
1. Run the container docker run -d --hostname my-rabbit --name MfgiotRabbitmq -p 15672:15672 -p 5672:5672 -p 1883:1883 -p 389:389 rabbitmq:3.9-management
2. prepare the rabbitmq.conf
auth_backends.1 = ldap
auth_ldap.servers.1 = query.jdnet.deere.com
auth_ldap.user_dn_pattern = CN=${username},OU=Standard,OU=JDUsers,DC=jdnet,DC=deere,DC=com
auth_ldap.use_ssl = false
auth_ldap.port = 389
auth_ldap.log = false
3. prepare the advanced.config
[{rabbitmq_auth_backend_ldap,[
{tag_queries, [{administrator, {constant, false}},
{management, {constant, true}}]}
]}].
5. copy the both files in to container at location of /etc/rabbitmq
6. restart the container.
7. enable the plugin: rabbitmq-plugins enable rabbitmq_auth_backend_ldap
6. i am getting HTTP Access denied warning while trying to enter the username from the rabbitmq console
1. Run the container docker run -d --hostname my-rabbit --name MfgiotRabbitmq -p 15672:15672 -p 5672:5672 -p 1883:1883 -p 389:389 rabbitmq:3.9-management
2. prepare the rabbitmq.config
[
{rabbit, [
{auth_backends, [rabbit_auth_backend_ldap]}
]},
{rabbitmq_auth_backend_ldap, [
{servers, ["corporate server name"]},
{user_dn_pattern, "CN=${username},OU=Standard,OU=Users,DC=cor,DC=cor,DC=com"},
{port,389},
{tag_queries, [
{administrator, {constant, false}},
{management, {constant, true }}
]}
]}
].
3. copy the file to container at location of /etc/rabbitmq
4. Restart the container
5. enable the plugin: rabbitmq-plugins enable rabbitmq_auth_backend_ldap
6. i am getting HTTP Access denied warning while trying to enter the username from the rabbitmq console
option-B
1. Run the container docker run -d --hostname my-rabbit --name MfgiotRabbitmq -p 15672:15672 -p 5672:5672 -p 1883:1883 -p 389:389 rabbitmq:3.9-management
2. prepare the rabbitmq.conf
auth_backends.1 = ldap
auth_ldap.servers.1 = query.jdnet.deere.com
auth_ldap.user_dn_pattern = CN=${username},OU=Standard,OU=JDUsers,DC=jdnet,DC=deere,DC=com
auth_ldap.use_ssl = false
auth_ldap.port = 389
auth_ldap.log = false
3. prepare the advanced.config
[{rabbitmq_auth_backend_ldap,[
{tag_queries, [{administrator, {constant, false}},
{management, {constant, true}}]}
]}].
5. copy the both files in to container at location of /etc/rabbitmq
6. restart the container.
7. enable the plugin: rabbitmq-plugins enable rabbitmq_auth_backend_ldap
6. i am getting HTTP Access denied warning while trying to enter the username from the rabbitmq console
Thanks in advance .....
Luke Bakken
Jan 26, 2023, 10:58:58 AM1/26/23
to rabbitmq-users
You need to turn on network_unsafe logging to see what is being sent to and returned from your LDAP server -
Bharadwaj G
Jan 26, 2023, 11:10:05 AM1/26/23
to rabbitmq-users
Thanks luker for your reply, kindly help me, where can i check the logs....
Luke Bakken
Jan 26, 2023, 11:13:43 AM1/26/23
to rabbitmq-users
Luke Bakken
Jan 26, 2023, 11:15:26 AM1/26/23
to rabbitmq-users
Hello,
Based on this part of your LDAP configuration ....
OU=JDUsers,DC=jdnet,DC=deere,DC=com
...I'm guessing you're doing this work on behalf of an employer. May I suggest that a support contract would be appropriate?
Thanks,
Luke
Message has been deleted
Bharadwaj G
Jan 27, 2023, 8:36:59 AM1/27/23
to rabbitmq-users
Hey Thanks for your Great suggestion "Enable Log with Network Unsafe".....
auth_ldap.use_ssl = false
auth_ldap.port = 389
with below code am able to login using the user name and its working fine...
When am trying with MY RACF ID it throwing the invalid credentials, pls suggest which configuration required to achieve that,
rabbitmq.conf
auth_ldap.dn_lookup_attribute = sAMAccountName
auth_ldap.dn_lookup_base = DC=example,DC=example,DC=com
auth_ldap.user_dn_pattern = ${username}
auth_ldap.dn_lookup_base = DC=example,DC=example,DC=com
auth_ldap.user_dn_pattern = ${username}
auth_ldap.use_ssl = false
auth_ldap.port = 389
auth_ldap.log = network_unsafe
Luke Bakken
Jan 27, 2023, 10:55:06 AM1/27/23
to rabbitmq-users
Hello,
I don't know what "
MY RACF ID" nor what the specific error is. It is impossible for me to help.
Since your user name works correctly, my guess is that the LDAP lookup for the other identifier fails. You'll have to debug that yourself.
Windows includes the ldp.exe tool which allows you to specify very complex LDAP queries. You should be able to use it to see the difference between logging in with one user name vs the other.
Bharadwaj G
Feb 3, 2023, 9:56:42 AM2/3/23
to rabbitmq-users
Hello Thanks for reply,
auth_ldap.use_ssl = false
auth_ldap.port = 389
my bad, while drafting message made mistake as MY RACF ID.
1. Firstly, in my organization will use RACF ID instead User Name for Authentication.
2. to point RACF ID in AD group will use sAMAccountName attribute in all application and its working fine.
3. coming RabbitMQ LDAP Authentication, its giving invalid credentials with RACF ID and its working fine with username.
rabbitmq.conf
auth_ldap.dn_lookup_attribute = sAMAccountName
auth_ldap.dn_lookup_base = DC=example,DC=example,DC=com
auth_ldap.user_dn_pattern = ${username}
auth_ldap.dn_lookup_base = DC=example,DC=example,DC=com
auth_ldap.user_dn_pattern = ${username}
auth_ldap.use_ssl = false
auth_ldap.port = 389
auth_ldap.log = network_unsafe
please help me to solve this one ...
Reply all
Reply to author
Forward
0 new messages