How to use Erlang conditionals (RabbitMQ and Erlang)

Question

I am trying to figure out how to create some more granular authentication/authorization in rabbitmq.config . I think the language it uses is referred to as Erlang (is that right?).

I tried the following in an attempt to use the conditionals, but it failed:

{vhost_access_query,
  {in_group,
    {'or', [
      "CN=${vhost}-users,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com",
      "CN=${vhost}-admins,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com",
      "CN=${vhost}-consumers,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com",
      "CN=${vhost}-producers,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com"
    ]}
}},

Anyway, it does not like it. What I was trying to do was say vhost access is allowed for any of the four groups-in that, group1 , or group2 , or group3 , etc.

Answer 1

Aside: RabbitMQ is written in Erlang. The configuration file uses Erlang-style terms ( {a, tuple} , ["a", list] ), but it's not Erlang.

Looking at the RabbitMQ documentation for the LDAP plugin , it says that 'or' takes a list of sub- queries :

{'or', [SubQuery1, SubQuery2, SubQuery3, ...]}

This implies that what you actually need is something like this:

{vhost_access_query,
    {'or',
        [
         {in_group, "CN=${vhost}-users,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com"},
         {in_group, "CN=${vhost}-admins,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com"},
         {in_group, "CN=${vhost}-consumers,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com"},
         {in_group, "CN=${vhost}-producers,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com"}
        ]
    }
},

...but don't quote me on that (unless I'm right); I've never used the LDAP plugin.