Access refused when trying to get messages from a queue on Management plugin

[Roberto Pesce]

Hello,

I'm using RabbitMQ on many integration and production environments; I'm currently using version 3.8.27

I have, for all of them, the same authentication settings:

[
    {rabbitmq_auth_backend_ldap, [
        {log, network_unsafe},
        {servers, ["DC001.test.net"]},
        {use_ssl, true},
        {port, 636},
        {user_bind_pattern, "${username}"},
        {user_dn_pattern, "${ad_user}"},
        {dn_lookup_attribute, "sAMAccountName"},
        {dn_lookup_base, "DC=test,DC=net"},
        {group_lookup_base,"CN=Users,DC=test,DC=net"},
{vhost_access_query, {in_group, "cn=SAC-RabbitMQ${vhost},cn=Users,dc=test,dc=net"}},
{tag_queries, [ {administrator, {in_group, "CN=SAC-RabbitMQMgmt,cn=Users,DC=test,DC=net"}},
{management, {in_group, "CN=SAC-RabbitMQMgmt,cn=Users,DC=test,DC=net"}}
]}
]}
].

with these settings I can access the management page and perform all administrative tasks such as creating and deleting exchanges and queues etc... 

but if I select a queue and try to do the "Get Messages" command I get a "Access refused" error popup.

as I said this happens only on two systems where I'm using the Rabbit, do you have any clue about how to solve the issue?

thank you

Roberto

[Luke Bakken]

Hello,

I see that you're using ${vhost} as part of the vhost_access_query. Are you certain that the vhost to which the queue belongs has had the correct LDAP group set up?

You should enable network_unsafe logging to see exactly which LDAP queries are being sent.

Finally, your RabbitMQ version is out of date. This isn't related to your issue, but I thought I'd mention it.

Thanks,

Luke