e2d3d2e983
Kick off a travis build
2015-10-05 21:59:25 +03:00
6805c14b72
Make sure slapd is installed
2015-10-05 21:58:03 +03:00
7f8fe85518
Merge branch 'travis-ci-testing' of git://github.com/gmr/rabbitmq-auth-backend-ldap into gmr-travis-ci-testing
2015-10-05 21:57:15 +03:00
cd59c66c5a
Merge branch 'stable'
2015-10-05 21:56:33 +03:00
c599acdf33
Line things up a wee bit for consistency.
2015-10-05 18:17:50 +02:00
a240ecca34
Add test cases for mixed authentication&authorisation modules, check tags.
2015-10-05 17:47:25 +02:00
b862a6dfca
Allow test to specify backends dynamically.
2015-10-05 14:57:28 +02:00
018fae0c3f
Return the permission tags from an explicit separate authorization call.
2015-09-30 18:39:04 +02:00
c351b574a6
Add travis-ci configuration
2015-08-21 19:24:32 -04:00
ec977c4383
eldap-wrapper is useless now that Erlang R16B is required
...
Fixes #10 .
2015-08-03 18:55:25 +02:00
5fa779cdfa
(c) year
2015-05-24 04:48:04 +03:00
b50b8be85d
(c) year
2015-05-24 04:47:53 +03:00
44bad3a5ee
Extract seed.sh, add a couple more users for testing
2015-04-11 02:16:59 +03:00
5342ca95e3
Move connection error detection up a level to catch anon access error.
2015-03-30 17:45:10 +01:00
cf9789cf40
Move LDAP pool creation from app init to a boot step.
2015-03-30 16:45:44 +01:00
54ac8655d6
Recover from closed connection to server.
2015-03-30 15:11:25 +01:00
ecf97d5024
Minor cleanups
...
Factor out the rebinding bit to stop the function getting out of hand,
reinstate a TODO since while better it is still not perfect, clean up
a few indent issues to conform to our poorly documented code standards.
2015-03-27 12:38:19 +00:00
c8e08397e9
Merge branch 'master' into pull-request-83-fixups
2015-03-27 12:21:53 +00:00
4d2cb36283
Make LDAP worker pool size configurable.
2015-03-25 17:15:11 +00:00
1ea66f0ce9
use worker_pool from rabbitmq-server
...
...instead of the NIH worker pool implementation. This assumes an as-yet
hypothetical modification to rabbitmq-server.
2015-03-24 18:18:02 +00:00
f0d6fa4094
Fix crash when performing tag query using invalid other_bind creds
...
Not actually harmful since the crash was caught higher up and
reinterpreted as "permission denied" anyway, but this give us cleaner
logs.
2015-03-10 11:15:38 +00:00
afb38b8747
use a pool of workers which cache connections
2015-03-06 17:41:05 +00:00
e64c959d69
Sync CONTRIBUTING.md with the template one
2015-02-20 17:08:20 +03:00
d665d9e5c8
Merge branch 'stable'
2015-02-19 18:13:23 +01:00
49608a2e0e
Convert .hgignore to .gitignore
2015-02-19 17:26:02 +01:00
07b93ff379
Merge branch 'stable'
...
Conflicts:
src/rabbit_auth_backend_ldap.erl
2015-02-19 14:08:12 +00:00
0e4b00fc80
If other_bind is not set to as_user, establish a new LDAP connection to perform tag queries against.
2015-02-19 13:31:01 +00:00
f8af637da5
Sync CONTRIBUTING.md with the template one
2015-02-18 00:24:35 +03:00
b5b89cc6c9
Merge branch 'stable'
2015-02-17 21:09:57 +01:00
24070da6db
Remove the "moved to GitHub" warning.
2015-02-17 21:09:44 +01:00
e9874b1306
stable to default
2015-02-17 17:56:08 +01:00
76f5a0c5ee
README: Warn about the move to GitHub
2015-02-17 17:55:55 +01:00
a748c62326
stable to default
2015-01-09 13:23:46 +00:00
6989477b6e
Oops
2015-01-09 13:23:21 +00:00
3afc96688f
stable to default
2015-01-09 13:14:23 +00:00
20644f08d1
Fix fill escaping, plus a test.
2015-01-09 13:04:19 +00:00
384dddbbcd
Merge bug26469
2014-11-14 17:41:01 +00:00
253f3a2f46
API changes.
2014-11-14 14:18:10 +00:00
5f5cd354a6
Modern Debianbuntu packages ldapadd seperately.
2014-11-13 16:15:00 +00:00
0013748edd
API changes.
2014-11-13 16:14:20 +00:00
59fa43fb49
Warn on no LDAP server.
2014-11-13 16:06:48 +00:00
0493972c89
Fix the SSL options for TLS too. Make sure we compare the unfixed version with [], since the fixed version will never be [].
2014-10-20 16:11:12 +01:00
6896285abf
Disable SSLv3.
2014-10-20 14:47:21 +01:00
c10afcca73
We do xref checks against R13B03, stop breaking them.
2014-07-02 16:01:44 +01:00
6118a1598e
Ooops
2014-07-01 17:05:26 +01:00
e62de3b49a
StartTLS support
2014-07-01 17:02:23 +01:00
843a9bc76c
ensure_ssl/0 if we need to, and move a comment to where it should be.
2014-05-19 17:41:44 +01:00
09d4acdc82
Update copyright for 2014
2014-03-17 17:25:20 +00:00
e97a0d3b08
stable to default
2014-03-05 14:20:10 +00:00
f99e437af3
Ban unauthenticated logins.
2014-03-05 13:06:55 +00:00
4d18d982c1
Support connection timeout.
2014-02-19 11:08:41 +00:00
d49de1519a
Continue on our quest towards the world's most verbose logging.
2014-01-29 11:14:42 +00:00
f586ddd335
dn_lookup_bind option, and rather more tests for the login phase.
2014-01-28 17:56:25 +00:00
a4f581e9ed
Not sure of the value of this warning, but let's unbreak it anyway.
2014-01-20 15:16:15 +00:00
3a2986929a
stable to default
2014-01-14 16:08:34 +00:00
cc3f9c6b68
OpenLDAP is not guaranteed to return the DN as an attribute. AFAICS the object_name field should always be filled though, and always be the DN (RFC 4511, 4.5.2).
2014-01-14 16:08:10 +00:00
9cf92dbe3e
stable to default
2013-11-13 11:19:42 +00:00
e52bc903ac
Re-add the app module to do the backend check
2013-11-13 11:19:02 +00:00
fcfa83154a
stable to default (not like normal, many conflicts...)
2013-11-12 17:44:12 +00:00
c87a2e4d85
Merge in default.
2013-11-12 09:54:54 +00:00
de1c0d3c88
Merge in default.
2013-11-04 17:50:52 +00:00
c3ba7f6bc1
Correct version check.
2013-11-04 13:06:16 +00:00
f7f2d4661a
Oops, forgot to remove these.
2013-11-04 12:09:20 +00:00
dac1e06d12
Remove gen_server, just make LDAP calls direct from the channel.
2013-11-04 12:04:31 +00:00
053f8ad87d
Permit use of SSL options for LDAP client connections.
2013-10-24 14:49:10 +01:00
ff92510386
Don't attempt to define a default LDAP server that will likely be confusing.
2013-08-22 11:00:25 +01:00
927b32b191
Remove 3-tuple variants of 'and' and 'or'.
2013-08-13 11:19:01 +01:00
2cd07a3c07
Boolean logic, and some other small enhancements: an {equals, A, B} query which just compares strings for equality, and a shortcut ability to use a string constant "foo" instead of {string, "foo"}.
2013-08-07 17:02:12 +01:00
5e6ee7b90f
stable to default
2013-08-07 16:59:37 +01:00
e9bfbe5b04
Cope better with missing attributes.
2013-08-07 16:58:54 +01:00
27166aeb7c
emacs-mode for config.
2013-08-07 15:40:01 +01:00
8f70cf3ff5
s/VMware/GoPivotal/g
2013-07-01 10:49:10 +01:00
2cb55fd1c7
Better error message than 'as_user_no_password'.
2013-05-22 17:47:26 +01:00
9dae0ebe9b
cosmetic
2013-04-09 13:00:43 +01:00
b36c04540e
simplify
2013-04-09 13:00:20 +01:00
dbf909cb53
make macros referentially transparent
2013-04-09 12:19:55 +01:00
e0af90e920
cosmetic
2013-04-09 12:10:49 +01:00
0fdb311992
Some people are still linking to this in various repos, the web site is better.
2013-03-11 14:32:44 +00:00
a918b9ec5a
Update copyright 2013
2013-01-23 11:24:23 +00:00
f618ced77f
Remove docs since they're on the web now.
2012-12-14 10:13:45 +00:00
874b2f3c45
Merge default
2012-09-24 11:49:05 +01:00
25a1617924
Clarity
2012-09-21 14:39:31 +01:00
6dc59a5be2
Although this is not a doc bug, while I'm here expand the example a bit.
2012-09-21 14:29:31 +01:00
62819cb8e7
Doc tweak
2012-09-21 14:22:10 +01:00
77444d8787
Log as if your life depended on it.
2012-09-21 14:20:06 +01:00
9b63193228
Warn if we're started but not in auth_backends - probably a misconfiguration.
2012-09-21 12:00:12 +01:00
7863d08fe3
Add a version of in_group which allows you to specify the attribute name.
2012-09-19 16:20:48 +01:00
504cc4f65d
Removed behaviour .hrl
2012-04-12 11:14:43 +01:00
ab968472bd
Attempt to frighten the children less
2012-03-22 12:26:33 +00:00
a8603736e9
Update copyright 2012
2012-02-02 17:21:48 +00:00
d6d22dfd03
Update copyright 2012
2012-02-02 12:45:09 +00:00
bdcb12bac4
Small optimisation noticed while testing this: some queries (like in_group) can return a huge amount of data which we ignore.
2012-01-09 13:03:27 +00:00
f4ef39084f
Docs
2012-01-09 12:45:37 +00:00
ed7f53d448
This is probably a more sensible default.
2012-01-09 12:19:28 +00:00
ae289ab26d
dn_lookup_attribute / dn_lookup_base
2012-01-09 12:16:21 +00:00
b5ae6199a9
Merge in bug24663
2012-01-09 11:27:10 +00:00
316434f570
Simplify
2012-01-09 11:01:02 +00:00
f002a31e24
as_user mode
2012-01-06 18:00:00 +00:00
0b62fcde34
More error reporting.
2012-01-06 17:00:05 +00:00
d8a9e1a10a
Improve error reporting.
2012-01-06 16:41:07 +00:00
3511aafb28
Use netcat rather than nmap.
2012-01-05 13:26:44 +00:00
cf54588a05
Docs update.
2011-12-06 11:32:29 +00:00
6b3fb391d6
Tiny doc update.
2011-12-05 18:39:08 +00:00
cb72ea619e
Don't require a groupOfNames objectClass, other objectClasses (e.g. group) are available and may even be more popular in the Real World (or at least that part of it which installs Microsoft Active Directory 2012 Server Enterprise Edition™®).
2011-12-05 18:36:36 +00:00
f755a224b4
Let's make the query language more complicated (and featureful!)
...
This so needs better documentation...
2011-10-27 18:27:56 +01:00
8b6ab83b18
Disgraceful that we didn't have automated tests for so long! These are still pretty simple, but will have to do.
2011-10-27 16:52:58 +01:00
42cb140807
auth_backend_ldap needs eldap
2011-09-27 11:12:18 +01:00
2f6a2c0365
These got missed out during the Great Renaming. Oops.
2011-09-19 11:04:23 +01:00
7b54511464
merge default into bug24186
2011-08-16 14:02:38 +01:00
4acceb7985
update .app.src from default
2011-08-16 13:59:47 +01:00
2007816851
Clarifed documentation
2011-06-21 10:24:09 +01:00
85e695885d
Merge with default
2011-06-20 08:57:41 +01:00
4d7f856d3b
Revert bug24186
2011-06-18 00:46:10 +01:00
483ffeb7c6
The base .app file now lives in src/*.app.src
2011-06-17 14:43:47 +01:00
f56e0e6019
Add generated app file to .hgignore
2011-06-15 10:45:14 +01:00
e3b4a39895
Oops
2011-06-09 18:00:14 +01:00
eb9d63981f
Multiple tag queries, so we can actually decide on tags via LDAP.
2011-06-09 17:54:06 +01:00
6258a349b9
Can't leave well enough alone
2011-06-09 17:36:10 +01:00
47be41bc10
That crept in, but it's kinda useful since the underlying library won't log anything until the connection is up. Make it look right though.
2011-06-09 17:33:49 +01:00
6a380a5bfb
The simplest change to the ldap backend. It's hard to define tags via LDAP with this though.
2011-06-09 17:31:56 +01:00
10434d5495
Move .app to .app.in, remove module list
2011-05-12 12:50:24 +01:00
ad13b6d332
Application names: rabbit_foo -> rabbitmq_foo
2011-04-13 16:02:31 +01:00
ff5beca49c
Merge from default
2011-04-11 17:29:31 +01:00
6aa20d5f91
This warning is not really needed any more.
2011-03-22 12:42:54 +00:00
8dd910b241
Add erl_crash.dump to .hgignore
2011-02-20 14:51:46 +00:00
dc261890dc
Rename *_app.in to *.app
2011-02-16 15:02:16 +00:00
8c08393e72
Update .hgignore
2011-02-08 14:40:06 +00:00
b4d09e9a09
rabbitmq-auth-backend-ldap is releasable
2011-02-04 07:39:05 +00:00
2882028932
Merge default into bug23568
2011-01-28 17:10:42 +00:00
ff7bca8153
Debian Erlang packaging claims another victim.
2011-01-21 17:42:41 +00:00
c735ffe5fd
Remove outdated information on branches.
2011-01-21 10:09:51 +00:00
ed4638056d
Integrate with bug23568
2011-01-20 15:50:43 +00:00
367ebd1659
refused response is a 3 tuple now
2011-01-06 12:39:19 +00:00
b9aaa1d4fe
Don't default to logging LDAP queries.
2011-01-06 12:28:32 +00:00
45292f7801
Fix name of env var
2011-01-06 12:16:07 +00:00
f6fb7ebef2
Doc tweak.
2010-12-06 10:07:04 +00:00
03762fd12a
Remove ACL-based example; it no longer works and ACLs are probably a really bad way to do this.
2010-12-03 14:24:02 +00:00
aba9c0cabc
Tweak docs again.
2010-12-03 14:22:49 +00:00
e60c025fdc
Allow anonymous bind.
2010-12-03 14:11:56 +00:00
5c2e7b6522
Support login without password (for SASL EXTERNAL).
2010-12-03 13:36:24 +00:00
973d00ca4a
in_group query.
2010-12-03 13:05:48 +00:00
a989ddecc9
${user_dn}
2010-12-03 12:38:47 +00:00
faa8360b2a
Do authz queries with an admin account.
2010-12-03 12:35:17 +00:00
44b89568a6
Uh, bindings don't figure.
2010-12-03 10:41:32 +00:00
e669fe6e8b
More doc tweaks.
2010-12-03 10:25:14 +00:00
4174258312
Improvements to documentation
2010-12-02 18:29:56 +00:00
82f6b241e7
Allow queries to be different for different kinds of thing. TODO: explain what I'm on about.
2010-11-24 18:13:17 +00:00
9731096168
Simplify init/1.
2010-11-24 17:44:08 +00:00
69979e810c
Only use one microlanguage for variable substitution.
2010-11-24 16:56:52 +00:00
d5006b3a81
Use the new spec
2010-11-24 11:42:42 +00:00
6a8f5cf9e4
Rather more documentation.
2010-11-23 17:52:05 +00:00
1e1d79fc0a
Support a simple LDAP query. We can now control authorisation via LDAP.
2010-11-23 17:12:13 +00:00
f4cdf95d5b
Start of queries, only trivial ones for now.
2010-11-23 13:13:20 +00:00
ca26096067
Get ACLs working, add a less privileged user.
2010-11-23 11:57:30 +00:00
20eb189dbe
Make setup.sh really reset everything, start to set up some objects we could attach ACLs to.
2010-11-22 19:14:11 +00:00
f89d220ac6
Close the connection when done, does wonders for your number of file descriptors.
2010-11-22 17:18:03 +00:00
a3e8822019
Add more configuration.
2010-11-22 17:02:52 +00:00
3ad0564714
Compatibility.
2010-11-22 16:05:19 +00:00
d302c633b1
The simplest thing that could possibly work. You can authenticate as an LDAP user, but there are plenty of limitations.
2010-11-22 14:15:00 +00:00
7291e2cc25
Initial checkin. Nothing to see here.
2010-11-19 17:22:30 +00:00
Michael Klishin
Robby Raschke
Gavin M. Roy
Jean-Sébastien Pédron
Michael Klishin
Alex Thomas
Simon MacMullen
ash-lshift
Matthias Radestock
Emile Joubert
Francesco Mazzoli
Alexandru Scvortov
Rob Harrop
David Wragg