Password encryption for LDAP authentication.

[parvvam]

Is your feature request related to a problem? Please describe.

I have configured LDAP authentication for RabbitMQ server and below is the configuration overview.

In rabbitmq.conf, i have enabled the parameters

auth_backends.1   = rabbit_auth_backend_ldap
auth_backends.2   = rabbit_auth_backend_internal

The advanced.config file has the following configuration.

[
 {rabbitmq_auth_backend_ldap, [

   {servers, ["servername"]},
   {port, 636},
   {use_ssl, true},
   {ssl_options, [{verify, verify_none}]},

   {dn_lookup_bind,
    {"username", "password"}},

   {dn_lookup_base, "dc=domain name,dc=com"},
   {dn_lookup_attribute, "sAMAccountName"},

     {tag_queries, [
      {management, {in_group, "cn=cn name,ou=users,dc=domain name,dc=com"}}
   ]}
 ]}
].

The configuration only works when the password is provided in clear text in dn_lookup_bind.

Describe the solution you'd like

Please let me know how the password can be encrypted or any other possible solution where the passwords in not exposed in clear text in the advanced.config

Update after applying the mentioned steps,

Step 1: I've followed the gemini link and observed that the password is not getting decrypted after it is provided in the encrypted values in the advanced.config.

Tried the Step 2 as well where the passoword is provided through a file.

Still it is unable to decrypt and login.

Also applied the config_entry_decoder parameter as per the official document link. Please find the updated advanced.config.

[
{rabbitmq_auth_backend_ldap, [

{servers, ["ldap server"]},
{port, 636},
{use_ssl, true},
{ssl_options, [{verify, verify_none}]},

{config_entry_decoder, [
{passphrase, {file, "/path/to/passphrasefile"}}
]},

{dn_lookup_bind,
{"username",
{encrypted,
<<"password">>}}},

{dn_lookup_base, "dc=dc name,dc=com"},
{dn_lookup_attribute, "sAMAccountName"},

{tag_queries, [
{management,
{in_group,
"cn=cn name,ou=,users,dc=dc,dc=com"}}
]}
]}
].

Please guide for the same.

[lukebakken]

This is documented on rabbitmq.com. In addition, I had good luck using a genie to get the answer:

https://gemini.google.com/share/677dceb476d5

[michaelklishin]

@parvvam there is a section called Configuration Value Encryption in the configuration guide.

I am linking to the 4.2.x doc edition, there is a version selector at the top, older versions do not support encrypted:{value} in rabbitmq.conf.

rabbitmq.com has decent built-in search:

Your Google-as-a-Service, the RabbitMQ Core Team.