I am trying to figure out how to create some more granular authentication/authorization in rabbitmq.config
. I think the language it uses is referred to as Erlang (is that right?).
I tried the following in an attempt to use the conditionals, but it failed:
{vhost_access_query,
{in_group,
{'or', [
"CN=${vhost}-users,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com",
"CN=${vhost}-admins,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com",
"CN=${vhost}-consumers,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com",
"CN=${vhost}-producers,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com"
]}
}},
Anyway, it does not like it. What I was trying to do was say vhost access is allowed for any of the four groups-in that, group1
, or group2
, or group3
, etc.
Aside: RabbitMQ is written in Erlang. The configuration file uses Erlang-style terms ( {a, tuple}
, ["a", list]
), but it's not Erlang.
Looking at the RabbitMQ documentation for the LDAP plugin , it says that 'or'
takes a list of sub- queries :
{'or', [SubQuery1, SubQuery2, SubQuery3, ...]}
This implies that what you actually need is something like this:
{vhost_access_query,
{'or',
[
{in_group, "CN=${vhost}-users,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com"},
{in_group, "CN=${vhost}-admins,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com"},
{in_group, "CN=${vhost}-consumers,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com"},
{in_group, "CN=${vhost}-producers,ou=vhosts,ou=MIS,ou=ISD,ou=US,ou=Servers,dc=domain,dc=com"}
]
}
},
...but don't quote me on that (unless I'm right); I've never used the LDAP plugin.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.