[Questions] How do i set users & permissions in the rabbitmq topology operator when my users are managed by ldap,oauth, etc ?

[fgava90]

Community Support Policy

• I have read RabbitMQ's Community Support Policy
• I run RabbitMQ 4.x, the only series currently covered by community support
• I promise to provide all relevant information (versions, logs from all nodes, rabbitmq-diagnostics output, detailed reproduction steps)

RabbitMQ version used

4.1.2

Erlang version used

27.3.x

Operating system (distribution) used

Openshift 4.19

How is RabbitMQ deployed?

Kubernetes Operator(s) from Team RabbitMQ

rabbitmq-diagnostics status output

See https://www.rabbitmq.com/docs/cli to learn how to use rabbitmq-diagnostics

# PASTE OUTPUT HERE, BETWEEN BACKTICKS

Logs from node 1 (with sensitive values edited out)

See https://www.rabbitmq.com/docs/logging to learn how to collect logs

# PASTE LOG HERE, BETWEEN BACKTICKS

Logs from node 2 (if applicable, with sensitive values edited out)

See https://www.rabbitmq.com/docs/logging to learn how to collect logs

# PASTE LOG HERE, BETWEEN BACKTICKS

Logs from node 3 (if applicable, with sensitive values edited out)

See https://www.rabbitmq.com/docs/logging to learn how to collect logs

# PASTE LOG HERE, BETWEEN BACKTICKS

rabbitmq.conf

See https://www.rabbitmq.com/docs/configure#config-location to learn how to find rabbitmq.conf file location

# PASTE rabbitmq.conf HERE, BETWEEN BACKTICKS

Steps to deploy RabbitMQ cluster

Installed the rabbitmq-cluster-operator and rabbitmq-topology-operator via helm chart

Steps to reproduce the behavior in question

Have the rabbitmq cluster configured to use an ldap authentication server

advanced.config

See https://www.rabbitmq.com/docs/configure#config-location to learn how to find advanced.config file location

# PASTE advanced.config HERE, BETWEEN BACKTICKS

Application code

# PASTE CODE HERE, BETWEEN BACKTICKS

Kubernetes deployment file

# Relevant parts of K8S deployment that demonstrate how RabbitMQ is deployed
# PASTE YAML HERE, BETWEEN BACKTICKS

What problem are you trying to solve?

My users are managed by an external LDAP server.
I want to know how to set permisssions for some of them to access my rabbitmq resources.
I am using the rabbitmq topology operator to create vhosts etc.
Should i create users in the topology operator and set the permissions for those users or is there a way to pick the users directly from ldap without creating a User object in the topology operator?

[MirahImage]

Topology operator users and permissions are for the basic auth backend. Assuming you have configured the LDAP backend for both AuthN and AuthZ, then all users and permissions should be created in the LDAP server.

[fgava90]

Hi,
Thank you for your reply, it pointed me in the correct direction.
I just found the documentation page to set that up: https://www.rabbitmq.com/docs/ldap#authorisation