55e95f466a
As mentioned in discussion #14426, the way that `cacerts` is handled by
cuttlefish schemas simply will not work if set.
If `cacerts` were set to a string value containing one X509 certificate,
it would eventually result in a crash because the `cacerts` ssl option
must be of [this type](https://www.erlang.org/doc/apps/ssl/ssl.html#t:client_option_cert/0):
```
{cacerts, CACerts :: [public_key:der_encoded()] | [public_key:combined_cert()]}
```
Neither of those are strings, of course.
This PR removes all use of `cacerts` in cuttlefish schemas. In addition,
it filters out `cacerts` and `certs_keys` from being JSON-encoded by an
HTTP API call to `/api/overview`. It _is_ technically possible to set
`cacerts` via `advanced.config`, so, if set, it would crash this API
call, as would `certs_keys`.
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| example | ||
| include | ||
| priv/schema | ||
| src | ||
| test | ||
| .gitignore | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| LICENSE-MPL-RabbitMQ | ||
| Makefile | ||
| README-authorisation.md | ||
| README.md | ||
| TESTING.md | ||
README.md
RabbitMQ LDAP Authentication Backend
This plugin provides authentication and authorisation backends for RabbitMQ that use LDAP.
Under a heavy load this plugin can put a higher than expected amount of load on it's backing LDAP service. We recommend using it together with rabbitmq_auth_backend_cache with a reasonable caching interval (e.g. 2-3 minutes).
Installation
This plugin ships with reasonably recent RabbitMQ versions
(e.g. 3.3.0 or later). Enable it with
rabbitmq-plugins enable rabbitmq_auth_backend_ldap
Documentation
See LDAP guide on rabbitmq.com.
Building from Source
TL;DR: running
make dist
will build the plugin and put build artifacts under the ./plugins directory.
Copyright and License
(c) 2007-2024 Broadcom. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved.
Released under the MPL, the same license as RabbitMQ.