From e8a79c06bd7d0004b3a9089a3764745935d3d4a3 Mon Sep 17 00:00:00 2001 From: William Tan Date: Wed, 10 May 2017 17:05:01 +0000 Subject: [PATCH] Add option to enable anonymous authentication This will allow the user to enable the anon_auth flag in eldap in order to be able to do a dn lookup by using anonymous authentication instead of using a dedicated bind user. --- deps/rabbitmq_auth_backend_ldap/Makefile | 1 + .../src/rabbit_auth_backend_ldap.erl | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/deps/rabbitmq_auth_backend_ldap/Makefile b/deps/rabbitmq_auth_backend_ldap/Makefile index ee3843f7a0..ee1e92caf4 100644 --- a/deps/rabbitmq_auth_backend_ldap/Makefile +++ b/deps/rabbitmq_auth_backend_ldap/Makefile @@ -11,6 +11,7 @@ define PROJECT_ENV {group_lookup_base, none}, {dn_lookup_bind, as_user}, {other_bind, as_user}, + {anon_auth, false}, {vhost_access_query, {constant, true}}, {resource_access_query, {constant, true}}, {tag_queries, [{administrator, {constant, false}}]}, diff --git a/deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap.erl b/deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap.erl index 3f4f1240ee..6e14c8ca66 100644 --- a/deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap.erl +++ b/deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap.erl @@ -389,7 +389,8 @@ with_ldap({error, _} = E, _Fun, _State) -> %% of interest, so this could still be more efficient. with_ldap({ok, Creds}, Fun, Servers) -> Opts0 = [{port, env(port)}, - {idle_timeout, env(idle_timeout)}], + {idle_timeout, env(idle_timeout)}, + {anon_auth, env(anon_auth)}], Opts1 = case env(log) of network -> Pre = " LDAP network traffic: ",