LDAP Configuration example for new config
186 views
Skip to first unread message
thameem ansari
Mar 20, 2023, 8:49:25 AM3/20/23
to rabbitmq-users
Hi All,
I updated the RMQ to 3.10.X
I am not able to make ldap string to connect with ldap. i have the old config file integrated with LDAP. same thing need to be done on new config file. I am getting parsing error
Old config working fine
{rabbitmq_auth_backend_ldap,[
{servers, ["ldaphost01.example.com"]},
{user_dn_pattern, "uid=${username},ou=Users,o=org,dc=org,dc=com"},
{use_ssl, true},
{port, 693},
{ssl_options, [{ciphers, [{rsa,aes_256_cbc,sha256}]}]},
{log, false},
{group_lookup_base, "dc=org,dc=com"},
{vhost_access_query, {'or', [
{in_group_nested, "cn=admin,ou=vhost,ou=Rabbit,o=Systems,dc=org,dc=com", "uniquemember"},
{in_group_nested, "cn=${vhost}-vhost-admin,ou=vhost,ou=RabbitMQ,o=Systems,dc=org,dc=com", "uniquemember"},
{in_group_nested, "cn=${vhost}-vhost-user,ou=vhost,ou=RabbitMQ,o=Systems,dc=org,dc=com", "uniquemember"}
]}},
{resource_access_query,
{'or', [
{in_group_nested, "cn=rabbitmq,ou=vhost,ou=RabbitMQ,o=Systems,dc=org,dc=com", "uniquemember"},
{in_group_nested, "cn=${vhost}-vhost-admin,ou=vhost,ou=RabbitMQ,o=Systems,dc=org,dc=com", "uniquemember"},
{for, [
{permission, configure, {match, {string, "${name}"}, {string, "^${username}(-|\.).+$"}}},
{permission, write, {constant, true}},
{permission, read, {constant, true}}
please someone help with new config example
Old config working fine
{rabbitmq_auth_backend_ldap,[
{servers, ["ldaphost01.example.com"]},
{user_dn_pattern, "uid=${username},ou=Users,o=org,dc=org,dc=com"},
{use_ssl, true},
{port, 693},
{ssl_options, [{ciphers, [{rsa,aes_256_cbc,sha256}]}]},
{log, false},
{group_lookup_base, "dc=org,dc=com"},
{vhost_access_query, {'or', [
{in_group_nested, "cn=admin,ou=vhost,ou=Rabbit,o=Systems,dc=org,dc=com", "uniquemember"},
{in_group_nested, "cn=${vhost}-vhost-admin,ou=vhost,ou=RabbitMQ,o=Systems,dc=org,dc=com", "uniquemember"},
{in_group_nested, "cn=${vhost}-vhost-user,ou=vhost,ou=RabbitMQ,o=Systems,dc=org,dc=com", "uniquemember"}
]}},
{resource_access_query,
{'or', [
{in_group_nested, "cn=rabbitmq,ou=vhost,ou=RabbitMQ,o=Systems,dc=org,dc=com", "uniquemember"},
{in_group_nested, "cn=${vhost}-vhost-admin,ou=vhost,ou=RabbitMQ,o=Systems,dc=org,dc=com", "uniquemember"},
{for, [
{permission, configure, {match, {string, "${name}"}, {string, "^${username}(-|\.).+$"}}},
{permission, write, {constant, true}},
{permission, read, {constant, true}}
please someone help with new config example
Luke Bakken
Mar 20, 2023, 11:11:45 AM3/20/23
to rabbitmq-users
Hello,
Please ATTACH your complete configuration file that has issues. That's the only way I can be sure I have the same file as you.
Thanks,
Luke
thameem ansari
Mar 20, 2023, 2:49:05 PM3/20/23
to rabbitm...@googlegroups.com
Shall i send file only to you?
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/8da35838-81aa-4ec8-9d38-a4fa3349954bn%40googlegroups.com.
Luke Bakken
Mar 20, 2023, 2:52:02 PM3/20/23
to rabbitmq-users
Sure, that's fine.
Luke Bakken
Mar 20, 2023, 4:07:25 PM3/20/23
to rabbitmq-users
Hello,
You are running into problems because your LDAP configuration requires the use of the advanced.config file.
Bascially everything in the
rabbitmq_auth_backend_ldap section should be in the advanced.config file (see what I have attached). There is no way to configure LDAP using rabbitmq.conf
This is all documented - https://www.rabbitmq.com/ldap.html#authorisation-overview
Note that if this is a truly urgent situation there is paid support for RabbitMQ - https://www.rabbitmq.com/#support
Note that if this is a truly urgent situation there is paid support for RabbitMQ - https://www.rabbitmq.com/#support
Thanks,
Luke
Reply all
Reply to author
Forward
0 new messages