Although this is not a doc bug, while I'm here expand the example a bit.

2012-09-21 14:29:31 +01:00 · 2012-09-21 14:29:31 +01:00 · 6dc59a5be2
parent 62819cb8e7
commit 6dc59a5be2
1 changed files with 13 additions and 3 deletions
--- a/deps/rabbitmq_auth_backend_ldap/README-authorisation
+++ b/deps/rabbitmq_auth_backend_ldap/README-authorisation
@ -142,12 +142,22 @@ TODO improve and explain this
                              "ou=${vhost},ou=vhosts,dc=example,dc=com"}},
     {resource_access_query,
      {for, [{resource, exchange,
-              {for, [{permission, configure,
-                      { in_group, "cn=wheel,ou=groups,dc=example,dc=com" }
+              {for, [
+                     %% Only allow "wheel" group to create exchanges
+                     {permission, configure,
+                      {in_group, "cn=wheel,ou=groups,dc=example,dc=com"}
                     },
-                     {permission, write, {constant, true}},
+
+                     %% Only allow publishing for people with surnames beginning
+                     %% with "Mac"
+                     {permission, write,
+                      {match, {attribute, "${user_dn}", "sn"}, {string, "^Mac.*"}}
+                     },
+
+                     %% Anyone can bind to exchanges
                     {permission, read,  {constant, true}}
                    ]}},
+             %% Anyone can do anything with queues
             {resource, queue, {constant, true}} ]}},
     {tag_queries,           [{administrator, {constant, false}}]},
     {use_ssl,               false},