ce86fb989e
As mentioned in discussion #14426, the way that `cacerts` is handled by cuttlefish schemas simply will not work if set. If `cacerts` were set to a string value containing one X509 certificate, it would eventually result in a crash because the `cacerts` ssl option must be of [this type](https://www.erlang.org/doc/apps/ssl/ssl.html#t:client_option_cert/0): ``` {cacerts, CACerts :: [public_key:der_encoded()] | [public_key:combined_cert()]} ``` Neither of those are strings, of course. This PR removes all use of `cacerts` in cuttlefish schemas. In addition, it filters out `cacerts` and `certs_keys` from being JSON-encoded by an HTTP API call to `/api/overview`. It _is_ technically possible to set `cacerts` via `advanced.config`, so, if set, it would crash this API call, as would `certs_keys`. |
||
|---|---|---|
| .. | ||
| example | ||
| include | ||
| priv/schema | ||
| src | ||
| test | ||
| .gitignore | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| LICENSE-MPL-RabbitMQ | ||
| Makefile | ||
| README-authorisation.md | ||
| README.md | ||
| TESTING.md | ||
README.md
RabbitMQ LDAP Authentication Backend
This plugin provides authentication and authorisation backends for RabbitMQ that use LDAP.
Under a heavy load this plugin can put a higher than expected amount of load on it's backing LDAP service. We recommend using it together with rabbitmq_auth_backend_cache with a reasonable caching interval (e.g. 2-3 minutes).
Installation
This plugin ships with reasonably recent RabbitMQ versions
(e.g. 3.3.0 or later). Enable it with
rabbitmq-plugins enable rabbitmq_auth_backend_ldap
Documentation
See LDAP guide on rabbitmq.com.
Building from Source
TL;DR: running
make dist
will build the plugin and put build artifacts under the ./plugins directory.
Copyright and License
(c) 2007-2024 Broadcom. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved.
Released under the MPL, the same license as RabbitMQ.