Skip to content

LDAP: optional sensitive value tagging #12002

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Aug 14, 2024
Merged

LDAP: optional sensitive value tagging #12002

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
23ad641
Update deps/rabbitmq_management/selenium/test/authnz-msg-protocols/en…
michaelklishin Aug 14, 2024
15fe108
LDAP: allow tagged values to be used for sensitive settings
michaelklishin Aug 14, 2024
e51d3b8
Revert "Update deps/rabbitmq_management/selenium/test/authnz-msg-prot…
michaelklishin Aug 14, 2024
4ff90b4
LDAP: update config_schema_SUITE expectations
michaelklishin Aug 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions deps/rabbitmq_auth_backend_ldap/priv/schema/rabbitmq_auth_backend_ldap.schema
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ end}.
[{datatype, [string]}]}.

{mapping, "auth_ldap.dn_lookup_bind.password", "rabbitmq_auth_backend_ldap.dn_lookup_bind",
[{datatype, [string]}]}.
[{datatype, [tagged_binary, binary]}]}.

%% - as_user (to bind as the authenticated user - requires a password)
%% - anon (to bind anonymously)
Expand Down Expand Up @@ -161,7 +161,7 @@ end}.
[{datatype, string}]}.

{mapping, "auth_ldap.other_bind.password", "rabbitmq_auth_backend_ldap.other_bind",
[{datatype, string}]}.
[{datatype, [tagged_binary, binary]}]}.

{translation, "rabbitmq_auth_backend_ldap.other_bind",
fun(Conf) ->
Expand Down
1 change: 1 addition & 0 deletions deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap.erl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ user_login_authentication(Username, _AuthProps) ->
%% Credentials (i.e. password) maybe directly in the password attribute in AuthProps
%% or as a Function with the attribute rabbit_auth_backend_ldap if the user was already authenticated with http backend
%% or as a Function with the attribute rabbit_auth_backend_cache if the user was already authenticated via cache backend
-spec extractPassword(list()) -> rabbit_types:option(binary()).
extractPassword(AuthProps) ->
case proplists:get_value(password, AuthProps, none) of
none ->
Expand Down
4 changes: 2 additions & 2 deletions ...bitmq_auth_backend_ldap/test/config_schema_SUITE_data/rabbitmq_auth_backend_ldap.snippets
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@
{db_lookup_bind,
"auth_ldap.dn_lookup_bind.user_dn = username
auth_ldap.dn_lookup_bind.password = password",
[{rabbitmq_auth_backend_ldap,[{dn_lookup_bind,{"username","password"}}]}],
[{rabbitmq_auth_backend_ldap,[{dn_lookup_bind,{"username",<<"password">>}}]}],
[rabbitmq_auth_backend_ldap]},

{db_lookup_bind_anon,
Expand Down Expand Up @@ -147,7 +147,7 @@
{other_bind_pass,
"auth_ldap.other_bind.user_dn = username
auth_ldap.other_bind.password = password",
[{rabbitmq_auth_backend_ldap,[{other_bind,{"username","password"}}]}],
[{rabbitmq_auth_backend_ldap,[{other_bind,{"username",<<"password">>}}]}],
[rabbitmq_auth_backend_ldap]},

{ssl_options,
Expand Down
Loading