3.13.2: LDAP client fails to connect on Erlang 26 #11283
Replies: 3 comments 5 replies
-
Team RabbitMQ does not troubleshoot LDAP installations per our community support policy. Erlang 26 does enable peer verification for all TLS clients. However, management UI has absolutely no role in whether connections to an LDAP server use TLS or not. The information provided here is insufficient to even suggest something specific to look into. Start with enabling traffic logging for LDAP and see what exactly is sent and logged. |
Beta Was this translation helpful? Give feedback.
-
The LDAP guide has a dedicated section on TLS, peer verification and how it can be disabled for LDAP client connections. The methodology our team uses and recommends for troubleshooting TLS connections is also documented. The same tools and principles can be applied to troubleshooting TLS connections to any TLS-enabled server, including an LDAP one. |
Beta Was this translation helpful? Give feedback.
-
@TruAmbition please upload your logs and your full RabbitMQ configuration and I'll take a look. Your management UI TLS settings should not have an effect on LDAP, and vice versa. |
Beta Was this translation helpful? Give feedback.
-
Describe the bug
Unable to authenticate with ldap via management UI.
Getting:
LDAP connect error: {error, "connect failed"}
User 'truman' failed authentication by backend rabbiq_auth_backend_ldap
HTTP access denied: rabbit_auth_backend_ldap failed authenticating truman: ldap_connect_error
I don't have TLS/SSL enabled on my management UI, so I go to http://rabbimq-instance.com. I'm pretty sure the error is due to erlang26 forcing TLS from the management UI such that ldap authentication will fail otherwise. Is it possible to disable this such that I can still use LDAP via the http endpoint?
This same configuration was fine under 3.11.2 with erlang 25. Everything else is the same configuration for the server using puppet outside of the rabbitmq version (3.13.2) and it's dependency erlang 26
For reference, I can log into the rabbitmq server using the same ldap authentication via SSH but not sure if that is at the server layer or application layer and therefore not valid for the ldap connection error I am having. I was able to create a local rabbitmq account on the server and login, but I need this manage this user access from ldap.
Reproduction steps
...
Expected behavior
I expect to be able to login using the valid ldap credentials.
Additional context
I'm trying solutions from the rabbitmq.conf and advanced.conf to try and by pass or fix this. I'm curious if I am on the right hunch that the issue is because i'm trying to do ldap auth on an insecure http protocol. I would like to maintain this behavior for the moment. I guess the other solution would be to enable TLS on the management dashboard and try to ldap auth via https. Am I correct in thinking so ?
Please advise...
Beta Was this translation helpful? Give feedback.
All reactions