0

Rabbit MQ set up in my organization uses LDAP for Authenticaton and Authorization.
How can I configure NServiceBus (or RabbitMQ) to use the credentials that the service is running under (- like integrated security for SQL Connections).

Rabbmit MQ Configuration

[
{rabbit,
   [{auth_backends, [rabbit_auth_backend_ldap]}]},
  {rabbitmq_auth_backend_ldap,
   [ {servers,               ["ad.xxxx.xxx"]},
     {dn_lookup_attribute,   "userPrincipalName"},
     {dn_lookup_base,        "OU=xxxx Users,DC=ad,DC=xxxx,DC=xxx"},
     {log,                   true},
     {group_lookup_base,     "OU=xxxx Users,DC=ad,DC=xxxx,DC=xxx"},
     {tag_queries,           [{administrator, {in_group, "CN=GRP_Name,OU=XXXX Users,DC=ad,DC=XXXX,DC=XXX"}},
                              {management, {in_group, in_group, "CN=GRP_Name,OU=XXXX Users,DC=ad,DC=XXXX,DC=XXX"}}]}
   ]
  }
].

NServiceBus Code:

var endpointConfiguration = new EndpointConfiguration("Receiver.Service");
            var transport = endpointConfiguration.UseTransport<RabbitMQTransport>();
            transport.UseConventionalRoutingTopology();
            transport.ConnectionString("host=rabbitmq.sb.xxxx.xxx");
Bitmask
  • 918
  • 2
  • 11
  • 22

1 Answers1

0

RabbitMQ's LDAP support requires that client applications pass a username and password. There is no equivalent to SQL's integrated security.

In your case, user's must have a DN whose value ends with OU=xxxx Users,DC=ad,DC=xxxx,DC=xxx. Your NServiceBus application will have to pass a username and password of an account with the expected DN.

https://www.rabbitmq.com/ldap.html

NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.

Luke Bakken
  • 8,993
  • 2
  • 20
  • 33
  • Thanks for the answer. The unfortunate part is when the service account password changes - it will require update across the board for all services. – Bitmask Aug 06 '18 at 15:59