I went on and got a bit further, was hoping "to be there" though. Yet, no
luck.

So far, what I've been able to gather from around the interwebs, along with
the new documentation (which is a huge step forward compared to the older
documentation):

I have configured openldap to use SASL (saslHost, extra mechanisms
installed, and rewrite with olcAuthzRegexp for various sasl mechanisms)

/etc/sasl2/qdrouterd.conf has been configured thus:

pwcheck_method: auxprop
auxprop_plugin: slapd
ldapdb_uri: ldap://ldap.host
# username and password are to be determined yet.
ldapdb_id: username
ldapdb_pw: password
ldapdb_mech: DIGEST-MD5

/etc/qpid-dispatch/qdrouterd.conf has the amqp listener configured thus:
listener {
        name: ontvangst
        host: 0.0.0.0
        port: 5672
        role: normal
        authenticatePeer: yes
        saslMechanisms: EXTERNAL DIGEST-MD5
}

Yet, when I try to run a "qdstat -a --sasl-username=username
--sasl-password=password --sasl-mechanisms=DIGEST-MD5" 
I get this response:
ConnectionException: Connection amqp://0.0.0.0:amqp/$management
disconnected: Condition('amqp:unauthorized-access', 'Authentication failed
[mech=none]')

I also added some log{ } entries, for a bunch of modules, but they don't
seem to tell me what exactly happens and what is going wrong. What module
should be used and probably also what level (could be I'm not seeing why due
to a log level that's not telling the reason)

The LDAP server itself is not the same server that hosts qpid-dispatch,
which may be making matters a bit more complicated, but there it is.




--
Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org

Reply via email to