【发布时间】:2015-04-19 12:00:38
【问题描述】:
我正在经历使用 LDAP 授权设置 RabbitMQ 的过程,但运气不太好......知道的人可以看看并告诉我我做错了什么吗?我可以使用以下代码查询 LDAP 以获取用户对象:
var entry = new DirectoryEntry("LDAP://ourldapbox.ourcompany.co.uk:636/CN=Mark Twain,OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk");
配置尝试 1
[
{rabbit, [{auth_backends, [rabbit_auth_backend_ldap, rabbit_auth_backend_internal]}]},
{rabbitmq_auth_backend_ldap,
[ {servers, ["ourldapbox.ourcompany.co.uk"]},
{user_dn_pattern, "CN=${username},OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk"},
{use_ssl, false},
{port, 636},
{log, true}
]
}
].
配置尝试 2
[
{rabbit, [{auth_backends, [rabbit_auth_backend_ldap, rabbit_auth_backend_internal]}]},
{rabbitmq_auth_backend_ldap,
[ {servers, ["ourldapbox.ourcompany.co.uk"]},
{dn_lookup_attribute, "sAMAccountName"},
{dn_lookup_base, "DC=ourcompany,DC=co,DC=uk"},
{user_dn_pattern, "${username}@ourcompany.co.uk"},
{other_bind, anon},
{use_ssl, false},
{port, 636},
{log, true}
]
}
].
配置尝试 3
[
{rabbit, [{auth_backends, [rabbit_auth_backend_ldap, rabbit_auth_backend_internal]}]},
{rabbitmq_auth_backend_ldap,
[ {servers, ["ourldapbox.ourcompany.co.uk"]},
{dn_lookup_attribute, "userPrincipalName"},
{dn_lookup_base, "dc=ourcompany,dc=co,dc=uk"},
{user_dn_pattern, "${username}@ourcompany.co.uk"},
{use_ssl, false},
{port, 636},
{log, true}
]
}
].
连接代码
我正在尝试以多种方式连接(全部失败):
var connectionFactory = new ConnectionFactory
{
HostName = "localhost",
UserName = "twainm",
Password = "fred123",
};
using (connectionFactory.CreateConnection())
{
// fails with:
// None of the specified endpoints were reachable
// ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.
}
内部数据库后备配置正在运行,因此guest 能够毫无问题地连接。
日志
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
accepting AMQP connection <0.1122.0> ([::1]:20117 -> [::1]:5672)
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP CHECK: login for Mark Twain
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP filling template "CN=${username},OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk" with
[{username,<<"Mark Twain">>}]
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP template result: "CN=Mark Twain,OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk"
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP CHECK: login for Mark Twain
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP filling template "CN=${username},OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk" with
[{username,<<"Mark Twain">>}]
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP template result: "CN=Mark Twain,OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk"
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP bind error: CN=Mark Twain,OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk {gen_tcp_error,
closed}
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP DECISION: login for Mark Twain: {error,{gen_tcp_error,closed}}
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP bind error: CN=Mark Twain,OU=Development,OU=OurCompany Employees,DC=OurCompany,DC=co,DC=uk {gen_tcp_error,
closed}
=INFO REPORT==== 18-Feb-2015::10:38:13 ===
LDAP DECISION: login for Mark Twain: {error,{gen_tcp_error,closed}}
=ERROR REPORT==== 18-Feb-2015::10:38:16 ===
closing AMQP connection <0.1122.0> ([::1]:20117 -> [::1]:5672):
{handshake_error,starting,0,
{amqp_error,access_refused,
"PLAIN login refused: user 'Mark Twain' - invalid credentials",
'connection.start_ok'}}
“LDAP 绑定错误”、“handshake_error,starting,0”和“access_refused”的 Google 搜索结果不错,但找不到任何可以为我指明正确方向的内容。
任何帮助将不胜感激。
【问题讨论】:
标签: ldap rabbitmq ldap-query easynetq