RabbitMQ LDAP configuration not working
160 views
Skip to first unread message
pvladMQ
Feb 1, 2023, 1:28:00 PM2/1/23
to rabbitmq-users
Hi everyone,
Running a RabbitMQ version: 3.11.2, with Erlang/OTP 25.
I am trying to get my RabbitMQ up and running with an OpenLDAP (both OpenLDAP and RabbitMQ are running in their own Docker container).
RabbitMQ configuration file here: https://pastebin.com/PwSkywMb
2023-02-01 18:20:37.065569+00:00 [info] <0.498.0> LDAP filling template "$${username}" with
2023-02-01 18:20:37.065569+00:00 [info] <0.498.0> [{username,<<"jdoe">>}]
2023-02-01 18:20:37.065754+00:00 [info] <0.498.0> LDAP template result: "$jdoe"
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> LDAP network traffic: search request = {'SearchRequest',
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> "ou=users,dc=datasolutions,dc=com",
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> wholeSubtree,derefAlways,0,0,
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> false,
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> {equalityMatch,
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> {'AttributeValueAssertion',
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> "uid","$jdoe"}},
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> ["distinguishedName"]}
Running a RabbitMQ version: 3.11.2, with Erlang/OTP 25.
I am trying to get my RabbitMQ up and running with an OpenLDAP (both OpenLDAP and RabbitMQ are running in their own Docker container).
RabbitMQ configuration file here: https://pastebin.com/PwSkywMb
And something is not working well.
So, let's have a look at the logs: https://pastebin.com/pV6u62VD
In the first part of the logs, I can see the binding to the LDAP server is alright. So, that part is good.
After that, it seems to happen something really strange which I can't explain: the LDAP query is searching for $jdoe instead of jdoe (maybe this is not the issue after all, but it's what caught my attention):
2023-02-01 18:20:37.065569+00:00 [info] <0.498.0> LDAP filling template "$${username}" with
2023-02-01 18:20:37.065569+00:00 [info] <0.498.0> [{username,<<"jdoe">>}]
2023-02-01 18:20:37.065754+00:00 [info] <0.498.0> LDAP template result: "$jdoe"
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> LDAP network traffic: search request = {'SearchRequest',
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> "ou=users,dc=datasolutions,dc=com",
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> wholeSubtree,derefAlways,0,0,
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> false,
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> {equalityMatch,
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> {'AttributeValueAssertion',
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> "uid","$jdoe"}},
2023-02-01 18:20:37.065848+00:00 [info] <0.920.0> ["distinguishedName"]}
But the user is there, in the same OU as the bind user (rabbitmq) which was used for the binding, please see the ldapsearch here: https://pastebin.com/aNv1whNE
Thus, the binding works, but the authentication doesn't and this has been driving me nuts for a day. Can anyone please give a helping hand on this?
Thanks in advance,
Thus, the binding works, but the authentication doesn't and this has been driving me nuts for a day. Can anyone please give a helping hand on this?
Thanks in advance,
Vlad
Luke Bakken
Feb 2, 2023, 11:26:40 AM2/2/23
to rabbitmq-users
Hi Vlad,
Yes the $${username} template is very odd. Could you please run rabbitmqctl environment, save the output to a file, and attach the file to your response?
Thanks,
Luke
Luke Bakken
Feb 2, 2023, 1:51:48 PM2/2/23
to rabbitmq-users
Hmm there may be a bug in RabbitMQ's build process.
For now, you can explicitly configure user_dn_pattern by adding the following to your LDAP configuration in advanced.config:
For now, you can explicitly configure user_dn_pattern by adding the following to your LDAP configuration in advanced.config:
{user_dn_pattern, "${username}"},
Note that the trailing comma is significant. This configuration should be placed as an item in the
rabbitmq_auth_backend_ldap configuration.
Restart RabbitMQ after applying it, then re-run "rabbitmqctl environment" to confirm the change.
I will follow up with a link to an issue if I confirm this is a bug.
Thanks,
Luke
Luke Bakken
Feb 2, 2023, 2:25:23 PM2/2/23
to rabbitmq-users
Vlad -
How did you download and install RabbitMQ?
pvladMQ
Feb 2, 2023, 2:30:17 PM2/2/23
to rabbitmq-users
Luke,
Downloaded the OCI image and ran it into Docker with:
docker run -it --rm --name rabbitmq1 -p 5680:5672 -p 15680:15672 --hostname rabbitmq1 --volume "/data/rabbitmq/mnesia/:/var/lib/rabbitmq/mnesia/" --volume "/data/rabbitmq/etc:/etc/rabbitmq/" registry.tanzu.vmware.com/rabbitmq/vmware-tanzu-rabbitmq:1.4.0
Downloaded the OCI image and ran it into Docker with:
docker run -it --rm --name rabbitmq1 -p 5680:5672 -p 15680:15672 --hostname rabbitmq1 --volume "/data/rabbitmq/mnesia/:/var/lib/rabbitmq/mnesia/" --volume "/data/rabbitmq/etc:/etc/rabbitmq/" registry.tanzu.vmware.com/rabbitmq/vmware-tanzu-rabbitmq:1.4.0
Best,
Vlad
Vlad
Luke Bakken
Feb 2, 2023, 2:33:54 PM2/2/23
to rabbitmq-users
Thanks Vlad, that confirms the bug - https://github.com/rabbitmq/rabbitmq-server/issues/7161
pvladMQ
Feb 2, 2023, 2:39:53 PM2/2/23
to rabbitmq-users
Thanks a lot Luke.
It drove me nuts for 2 days, until I noticed the extra "$".
Cheers!
It drove me nuts for 2 days, until I noticed the extra "$".
Cheers!
Vlad
Reply all
Reply to author
Forward
0 new messages