我正在通过LDAP授权设置RabbitMQ的过程中,但是运气不佳...知道的人可以,请看看我告诉我我做错了什么吗?我可以使用以下代码查询LDAP来获取用户对象:
var entry = new DirectoryEntry("LDAP://ourldapbox.ourcompany.co.uk:636/CN=Mark Twain,OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk");
尝试配置1
[
{rabbit, [{auth_backends, [rabbit_auth_backend_ldap, rabbit_auth_backend_internal]}]},
{rabbitmq_auth_backend_ldap,
[ {servers, ["ourldapbox.ourcompany.co.uk"]},
{user_dn_pattern, "CN=${username},OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk"},
{use_ssl, false},
{port, 636},
{log, true}
]
}
].
尝试配置2
[
{rabbit, [{auth_backends, [rabbit_auth_backend_ldap, rabbit_auth_backend_internal]}]},
{rabbitmq_auth_backend_ldap,
[ {servers, ["ourldapbox.ourcompany.co.uk"]},
{dn_lookup_attribute, "sAMAccountName"},
{dn_lookup_base, "DC=ourcompany,DC=co,DC=uk"},
{user_dn_pattern, "${username}@ourcompany.co.uk"},
{other_bind, anon},
{use_ssl, false},
{port, 636},
{log, true}
]
}
].
尝试配置3
[
{rabbit, [{auth_backends, [rabbit_auth_backend_ldap, rabbit_auth_backend_internal]}]},
{rabbitmq_auth_backend_ldap,
[ {servers, ["ourldapbox.ourcompany.co.uk"]},
{dn_lookup_attribute, "userPrincipalName"},
{dn_lookup_base, "dc=ourcompany,dc=co,dc=uk"},
{user_dn_pattern, "${username}@ourcompany.co.uk"},
{use_ssl, false},
{port, 636},
{log, true}
]
}
].
连接码
我正在尝试通过多种方式进行连接(均失败):
var connectionFactory = new ConnectionFactory
{
HostName = "localhost",
UserName = "twainm",
Password = "fred123",
};
using (connectionFactory.CreateConnection())
{
// fails with:
// None of the specified endpoints were reachable
// ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.
}
内部数据库回退配置正在运行,因此guest可以毫无问题地进行连接。
日志
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
accepting AMQP connection <0.1122.0> ([::1]:20117 -> [::1]:5672)
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP CHECK: login for Mark Twain
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP filling template "CN=${username},OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk" with
[{username,<<"Mark Twain">>}]
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP template result: "CN=Mark Twain,OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk"
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP CHECK: login for Mark Twain
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP filling template "CN=${username},OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk" with
[{username,<<"Mark Twain">>}]
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP template result: "CN=Mark Twain,OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk"
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP bind error: CN=Mark Twain,OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk {gen_tcp_error,
closed}
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP DECISION: login for Mark Twain: {error,{gen_tcp_error,closed}}
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP bind error: CN=Mark Twain,OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk {gen_tcp_error,
closed}
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP DECISION: login for Mark Twain: {error,{gen_tcp_error,closed}}
=ERROR REPORT==== 18-Feb-2015::10:38:16 ===
closing AMQP connection <0.1122.0> ([::1]:20117 -> [::1]:5672):
{handshake_error,starting,0,
{amqp_error,access_refused,
"PLAIN login refused: user 'Mark Twain' - invalid credentials",
'connection.start_ok'}}
对于“ LDAP绑定错误”,“ handshake_error,starting,0”和“ access_refused”,我有一个不错的Google,但找不到任何可以向正确方向指示的内容。
任何帮助,将不胜感激。
解决了!我意识到的组合use_ssl=false和port=636有点笨因为636是加密的(即SSL LDAP)端口。
这是我的LDAP配置(正在运行)。我希望这可以节省一些人几个小时:
[
{rabbit,
[ {auth_backends, [rabbit_auth_backend_ldap, rabbit_auth_backend_internal]}]},
{rabbitmq_auth_backend_ldap,
[ {servers, ["ourldapbox.ourcompany.co.uk"]},
{dn_lookup_attribute, "sAMAccountName"},
{dn_lookup_base, "DC=ourcompany,DC=co,DC=uk"},
{user_dn_pattern, "${username}@ourcompany.co.uk"},
{use_ssl, true},
{port, 636},
{log, true}
]
}
].
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句