Rename auth backends prefixes to auth_X

4 files changed, 46 insertions, 901 deletions

diff --git a/docs/rabbitmq.conf.example b/docs/rabbitmq.conf.example
index 96d0967db7..de59985471 100644
--- a/docs/rabbitmq.conf.example
+++ b/docs/rabbitmq.conf.example
@@ -660,25 +660,25 @@
 ## Specify servers to bind to. You *must* set this in order for the plugin
 ## to work properly.
 ##
-# ldap.servers.1 = your-server-name-goes-here
+# auth_ldap.servers.1 = your-server-name-goes-here
 
 ## You can define multiple servers
-# ldap.servers.2 = your-other-server
+# auth_ldap.servers.2 = your-other-server
 
 ## Connect to the LDAP server using SSL
 ##
-# ldap.use_ssl = false
+# auth_ldap.use_ssl = false
 
 ## Specify the LDAP port to connect to
 ##
-# ldap.port = 389
+# auth_ldap.port = 389
 
 ## LDAP connection timeout, in milliseconds or 'infinity'
 ##
-# ldap.timeout = infinity
+# auth_ldap.timeout = infinity
 
 ## Or number
-# ldap.timeout = 500
+# auth_ldap.timeout = 500
 
 ## Enable logging of LDAP queries.
 ## One of
@@ -688,11 +688,11 @@
 ##
 ## Defaults to false.
 ##
-# ldap.log = false
+# auth_ldap.log = false
 
 ## Also can be true or network
-# ldap.log = true
-# ldap.log = network
+# auth_ldap.log = true
+# auth_ldap.log = network
 
 ##
 ## Authentication
@@ -702,7 +702,7 @@
 ## Pattern to convert the username given through AMQP to a DN before
 ## binding
 ##
-# ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com
+# auth_ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com
 
 ## Alternatively, you can convert a username to a Distinguished
 ## Name via an LDAP lookup after binding. See the documentation for
@@ -712,8 +712,8 @@
 ## the name of the attribute that represents the user name, and the
 ## base DN for the lookup query.
 ##
-# ldap.dn_lookup_attribute = userPrincipalName
-# ldap.dn_lookup_base      = DC=gopivotal,DC=com
+# auth_ldap.dn_lookup_attribute = userPrincipalName
+# auth_ldap.dn_lookup_base      = DC=gopivotal,DC=com
 
 ## Controls how to bind for authorisation queries and also to
 ## retrieve the details of users logging in without presenting a
@@ -725,11 +725,11 @@
 ##
 ## Defaults to 'as_user'.
 ##
-# ldap.other_bind = as_user
+# auth_ldap.other_bind = as_user
 
 ## Or can be more complex:
-# ldap.other_bind.user_dn  = User
-# ldap.other_bind.password = Password
+# auth_ldap.other_bind.user_dn  = User
+# auth_ldap.other_bind.password = Password
 
 ## If user_dn and password defined - other options is ignored.
 
diff --git a/rabbitmq.conf.d/ldap.conf b/rabbitmq.conf.d/ldap.conf
deleted file mode 100644
index 2f51cbb409..0000000000
--- a/rabbitmq.conf.d/ldap.conf
+++ /dev/null
@@ -1,138 +0,0 @@
-#  ## ----------------------------------------------------------------------------
-#  ## RabbitMQ LDAP Plugin
-#  ##
-#  ## See http://www.rabbitmq.com/ldap.html for details.
-#  ##
-#  ## ----------------------------------------------------------------------------
-
-
-# =======================================
-# LDAP section
-# =======================================
-
-# Should be defined in additional.conf maybe?
-
-#  {rabbitmq_auth_backend_ldap,
-#   [##
-#    ## Connecting to the LDAP server(s)
-#    ## ================================
-#    ##
-
-#    ## Specify servers to bind to. You *must* set this in order for the plugin
-#    ## to work properly.
-#    ##
-#    ## {servers, ["your-server-name-goes-here"]},
-
-ldap.servers.myserver = your-server-name-goes-here
-
-#    ## Connect to the LDAP server using SSL
-#    ##
-#    ## {use_ssl, false},
-
-ldap.use_ssl = false
-
-#    ## Specify the LDAP port to connect to
-#    ##
-#    ## {port, 389},
-
-ldap.port = 389
-
-#    ## LDAP connection timeout, in milliseconds or 'infinity'
-#    ##
-#    ## {timeout, infinity},
-
-ldap.timeout = infinity
-
-# Or number
-# ldap.timeout = 500
-
-#    ## Enable logging of LDAP queries.
-#    ## One of
-#    ##   - false (no logging is performed)
-#    ##   - true (verbose logging of the logic used by the plugin)
-#    ##   - network (as true, but additionally logs LDAP network traffic)
-#    ##
-#    ## Defaults to false.
-#    ##
-#    ## {log, false},
-
-ldap.log = false
-
-# Also can be true or network
-# ldap.log = true
-# ldap.log = network
-
-#    ##
-#    ## Authentication
-#    ## ==============
-#    ##
-
-#    ## Pattern to convert the username given through AMQP to a DN before
-#    ## binding
-#    ##
-#    ## {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"},
-
-ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com
-
-#    ## Alternatively, you can convert a username to a Distinguished
-#    ## Name via an LDAP lookup after binding. See the documentation for
-#    ## full details.
-
-#    ## When converting a username to a dn via a lookup, set these to
-#    ## the name of the attribute that represents the user name, and the
-#    ## base DN for the lookup query.
-#    ##
-#    ## {dn_lookup_attribute,   "userPrincipalName"},
-#    ## {dn_lookup_base,        "DC=gopivotal,DC=com"},
-
-ldap.dn_lookup_attribute = userPrincipalName
-ldap.dn_lookup_base      = DC=gopivotal,DC=com
-
-#    ## Controls how to bind for authorisation queries and also to
-#    ## retrieve the details of users logging in without presenting a
-#    ## password (e.g., SASL EXTERNAL).
-#    ## One of
-#    ##  - as_user (to bind as the authenticated user - requires a password)
-#    ##  - anon    (to bind anonymously)
-#    ##  - {UserDN, Password} (to bind with a specified user name and password)
-#    ##
-#    ## Defaults to 'as_user'.
-#    ##
-#    ## {other_bind, as_user},
-
-ldap.other_bind = as_user
-
-# Or can be more complex:
-# ldap.other_bind.user_dn  = User
-# ldap.other_bind.password = Password
-# If user_dn and password defined - other options is ignored.
-
-# -----------------------------
-# Too complex section of LDAP
-# -----------------------------
-
-#    ##
-#    ## Authorisation
-#    ## =============
-#    ##
-
-#    ## The LDAP plugin can perform a variety of queries against your
-#    ## LDAP server to determine questions of authorisation. See
-#    ## http://www.rabbitmq.com/ldap.html#authorisation for more
-#    ## information.
-
-#    ## Set the query to use when determining vhost access
-#    ##
-#    ## {vhost_access_query, {in_group,
-#    ##                       "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}},
-
-#    ## Set the query to use when determining resource (e.g., queue) access
-#    ##
-#    ## {resource_access_query, {constant, true}},
-
-#    ## Set queries to determine which tags a user has
-#    ##
-#    ## {tag_queries, []}
-#   ]},
-# -----------------------------
-
diff --git a/rabbitmq.conf.d/rabbitmq.conf b/rabbitmq.conf.d/rabbitmq.conf
deleted file mode 100644
index 6d43dc9f7f..0000000000
--- a/rabbitmq.conf.d/rabbitmq.conf
+++ /dev/null
@@ -1,731 +0,0 @@
-# ======================================
-# RabbbitMQ broker section
-# ======================================
-
-## Network Connectivity
-## ====================
-##
-## By default, RabbitMQ will listen on all interfaces, using
-## the standard (reserved) AMQP port.
-##
-listener.tcp.default = 5672
-
-
-## To listen on a specific interface, provide an IP address with port.
-## For example, to listen only on localhost for both IPv4 and IPv6:
-##
-# IPv4
-# listener.tcp.local    = 127.0.0.1:5672
-# IPv6
-# listener.tcp.local_v6 = ::1:5672
-
-## You can define multiple listeners using listener names
-# listener.tcp.other_port = 5673
-# listener.tcp.other_ip   = 10.10.10.10:5672
-
-
-## SSL listeners are configured in the same fashion as TCP listeners,
-## including the option to control the choice of interface.
-##
-# listener.ssl.default = 5671
-
-## Number of Erlang processes that will accept connections for the TCP
-## and SSL listeners.
-##
-num_acceptors.tcp = 10
-num_acceptors.ssl = 1
-
-
-## Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection
-## and SSL handshake), in milliseconds.
-##
-handshake_timeout = 10000
-
-## Set to 'true' to perform reverse DNS lookups when accepting a
-## connection. Hostnames will then be shown instead of IP addresses
-## in rabbitmqctl and the management plugin.
-##
-reverse_dns_lookups = true
-
-##
-## Security / AAA
-## ==============
-##
-
-## The default "guest" user is only permitted to access the server
-## via a loopback interface (e.g. localhost).
-## {loopback_users, [<<"guest">>]},
-##
-loopback_user.guest = true
-
-## Uncomment the following line if you want to allow access to the
-## guest user from anywhere on the network.
-# loopback_user.guest = false
-
-## Configuring SSL.
-## See http://www.rabbitmq.com/ssl.html for full documentation.
-##
-ssl_option.verify               = verify_peer
-ssl_option.fail_if_no_peer_cert = false
-# ssl_option.cacertfile           = /path/to/rabbitmq.crt
-# ssl_option.certfile             = /path/to/rabbitmq.crt
-# ssl_option.keyfile              = /path/to/rabbitmq.key
-
-## Choose the available SASL mechanism(s) to expose.
-## The two default (built in) mechanisms are 'PLAIN' and
-## 'AMQPLAIN'. Additional mechanisms can be added via
-## plugins.
-##
-## See http://www.rabbitmq.com/authentication.html for more details.
-##
-auth_mechanism.plain = PLAIN
-auth_mechanism.amqplain = AMQPLAIN
-
-## Select an authentication database to use. RabbitMQ comes bundled
-## with a built-in auth-database, based on mnesia.
-##
-auth_backends.1   = internal
-
-auth_backends.2.authn = ldap
-auth_backends.2.authz = internal
-
-auth_backends.3.authz = rabbit_auth_backend_uaa
-
-## Configurations supporting the rabbitmq_auth_mechanism_ssl and
-## rabbitmq_auth_backend_ldap plugins.
-##
-## NB: These options require that the relevant plugin is enabled.
-## See http://www.rabbitmq.com/plugins.html for further details.
-
-
-## The RabbitMQ-auth-mechanism-ssl plugin makes it possible to
-## authenticate a user based on the client's SSL certificate.
-##
-## To use auth-mechanism-ssl, add to or replace the auth_mechanisms
-## with EXTERNAL value.
-##
-#auth_mechanism.external = EXTERNAL
-
-## The rabbitmq_auth_backend_ldap plugin allows the broker to
-## perform authentication and authorisation by deferring to an
-## external LDAP server.
-##
-## For more information about configuring the LDAP backend, see
-## http://www.rabbitmq.com/ldap.html.
-##
-## Enable the LDAP auth backend by adding to or replacing the
-## auth_backends entry:
-##
-# auth_backends.2 = rabbit_auth_backend_ldap
-
-## Add another backend
-# auth_backend.3 = rabbit_auth_backend_http
-
-
-## This pertains to both the rabbitmq_auth_mechanism_ssl plugin and
-## STOMP ssl_cert_login configurations. See the rabbitmq_stomp
-## configuration section later in this file and the README in
-## https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further
-## details.
-##
-## To use the SSL cert's CN instead of its DN as the username
-##
-# ssl_cert_login_from   = common_name
-
-## SSL handshake timeout, in milliseconds.
-##
-# ssl_handshake_timeout = 5000
-
-
-## Password hashing implementation. Will only affect newly
-## created users. To recalculate hash for an existing user
-## it's necessary to update her password.
-##
-## To use SHA-512, set to rabbit_password_hashing_sha512.
-##
-password_hashing_module = rabbit_password_hashing_sha256
-
-## When importing definitions exported from versions earlier
-## than 3.6.0, it is possible to go back to MD5 (only do this
-## as a temporary measure!) by setting this to rabbit_password_hashing_md5.
-##
-# password_hashing_module = rabbit_password_hashing_md5
-
-##
-## Default User / VHost
-## ====================
-##
-
-## On first start RabbitMQ will create a vhost and a user. These
-## config items control what gets created. See
-## http://www.rabbitmq.com/access-control.html for further
-## information about vhosts and access control.
-##
-default_vhost = /
-default_user = guest
-default_pass = guest
-
-default_permissions.configure = .*
-default_permissions.read = .*
-default_permissions.write = .*
-
-## Tags for default user
-##
-## For more details about tags, see the documentation for the
-## Management Plugin at http://www.rabbitmq.com/management.html.
-##
-default_user_tags.administrator = true
-
-## Define other tags like this:
-# default_user_tags.management = true
-# default_user_tags.custom_tag = true
-
-##
-## Additional network and protocol related configuration
-## =====================================================
-##
-
-## Set the default AMQP heartbeat delay (in seconds).
-##
-heartbeat = 600
-
-## Set the max permissible size of an AMQP frame (in bytes).
-##
-frame_max = 131072
-
-## Set the max frame size the server will accept before connection
-## tuning occurs
-##
-initial_frame_max = 4096
-
-## Set the max permissible number of channels per connection.
-## 0 means "no limit".
-##
-channel_max = 128
-
-## Customising Socket Options.
-##
-## See (http://www.erlang.org/doc/man/inet.html#setopts-2) for
-## further documentation.
-##
-
-tcp_listen_option.backlog = 128
-tcp_listen_option.nodelay = true
-tcp_listen_option.exit_on_close = false
-
-##
-## Resource Limits & Flow Control
-## ==============================
-##
-## See http://www.rabbitmq.com/memory.html for full details.
-
-## Memory-based Flow Control threshold.
-##
-vm_memory_high_watermark.relative = 0.4
-
-## Alternatively, we can set a limit (in bytes) of RAM used by the node.
-##
-# vm_memory_high_watermark.absolute = 1073741824
-
-## Or you can set absolute value using memory units (with RabbitMQ 3.6.0+).
-## Absolute watermark will be ignored if relative is defined!
-##
-# vm_memory_high_watermark.absolute = 2GB
-##
-## Supported units suffixes:
-##
-## kb, KB: kibibytes (2^10 bytes)
-## mb, MB: mebibytes (2^20)
-## gb, GB: gibibytes (2^30)
-
-
-
-## Fraction of the high watermark limit at which queues start to
-## page message out to disc in order to free up memory.
-##
-## Values greater than 0.9 can be dangerous and should be used carefully.
-##
-vm_memory_high_watermark_paging_ratio = 0.5
-
-## Interval (in milliseconds) at which we perform the check of the memory
-## levels against the watermarks.
-##
-memory_monitor_interval = 2500
-
-## Set disk free limit (in bytes). Once free disk space reaches this
-## lower bound, a disk alarm will be set - see the documentation
-## listed above for more details.
-##
-## Absolute watermark will be ignored if relative is defined!
-disk_free_limit.absolute = 50000
-
-## Or you can set it using memory units (same as in vm_memory_high_watermark)
-## with RabbitMQ 3.6.0+.
-# disk_free_limit.absolute = 500KB
-# disk_free_limit.absolute = 50mb
-# disk_free_limit.absolute = 5GB
-
-## Alternatively, we can set a limit relative to total available RAM.
-##
-## Values lower than 1.0 can be dangerous and should be used carefully.
-disk_free_limit.relative = 2.0
-
-##
-## Clustering
-## =====================
-##
-cluster_partition_handling = ignore
-
-## pause_if_all_down strategy require additional configuration
-# cluster_partition_handling = pause_if_all_down
-
-## Recover strategy. Can be either 'autoheal' or 'ignore'
-# cluster_partition_handling.pause_if_all_down.recover = ignore
-
-## Node names to check
-# cluster_partition_handling.pause_if_all_down.node.rabbit = rabbit@localhost
-# cluster_partition_handling.pause_if_all_down.node.hare   = hare@localhost
-
-## Mirror sync batch size, in messages. Increasing this will speed
-## up syncing but total batch size in bytes must not exceed 2 GiB.
-## Available in RabbitMQ 3.6.0 or later.
-##
-mirroring_sync_batch_size = 4096
-
-## Make clustering happen *automatically* at startup - only applied
-## to nodes that have just been reset or started for the first time.
-## See http://www.rabbitmq.com/clustering.html#auto-config for
-## further details.
-##
-# cluster_nodes.disc.1 = rabbit@my.host.com
-
-## You can define multiple nodes
-# cluster_nodes.disc.2 = hare@my.host.com
-
-## There can be also ram nodes.
-## Ram nodes should not be defined together with disk nodes
-# cluster_nodes.ram.1 = rabbit@my.host.com
-
-## Interval (in milliseconds) at which we send keepalive messages
-## to other cluster members. Note that this is not the same thing
-## as net_ticktime; missed keepalive messages will not cause nodes
-## to be considered down.
-##
-# cluster_keepalive_interval = 10000
-
-##
-## Statistics Collection
-## =====================
-##
-
-## Set (internal) statistics collection granularity.
-##
-## Can be none, coarse or fine
-collect_statistics = none
-
-# collect_statistics = coarse
-
-## Statistics collection interval (in milliseconds). Increasing
-## this will reduce the load on management database.
-##
-collect_statistics_interval = 5000
-
-##
-## Misc/Advanced Options
-## =====================
-##
-## NB: Change these only if you understand what you are doing!
-##
-
-## Explicitly enable/disable hipe compilation.
-##
-hipe_compile = false
-
-## Timeout used when waiting for Mnesia tables in a cluster to
-## become available.
-##
-mnesia_table_loading_retry_timeout = 30000
-
-## Retries when waiting for Mnesia tables in the cluster startup. Note that
-## this setting is not applied to Mnesia upgrades or node deletions.
-##
-## mnesia_table_loading_retry_limit = 10
-
-## Size in bytes below which to embed messages in the queue index. See
-## http://www.rabbitmq.com/persistence-conf.html
-##
-queue_index_embed_msgs_below = 4096
-
-## You can also set this size in memory units
-##
-queue_index_embed_msgs_below = 4kb
-
-## ----------------------------------------------------------------------------
-## Advanced Erlang Networking/Clustering Options.
-##
-## See http://www.rabbitmq.com/clustering.html for details
-## ----------------------------------------------------------------------------
-
-# ======================================
-# Kernel section
-# ======================================
-
-# kernel.net_ticktime = 60
-
-## ----------------------------------------------------------------------------
-## RabbitMQ Management Plugin
-##
-## See http://www.rabbitmq.com/management.html for details
-## ----------------------------------------------------------------------------
-
-# =======================================
-# Management section
-# =======================================
-
-## Pre-Load schema definitions from the following JSON file. See
-## http://www.rabbitmq.com/management.html#load-definitions
-##
-# management.load_definitions = /path/to/schema.json
-
-## Log all requests to the management HTTP API to a file.
-##
-# management.http_log_dir = /path/to/access.log
-
-## Change the port on which the HTTP listener listens,
-## specifying an interface for the web server to bind to.
-## Also set the listener to use SSL and provide SSL options.
-##
-
-# QA: Maybe use IP type like in tcp_listener?
-management.listener.port = 12345
-management.listener.ip   = 127.0.0.1
-# management.listener.ssl  = true
-
-# management.listener.ssl_opts.cacertfile = /path/to/cacert.pem
-# management.listener.ssl_opts.certfile   = /path/to/cert.pem
-# management.listener.ssl_opts.keyfile    = /path/to/key.pem
-
-## One of 'basic', 'detailed' or 'none'. See
-## http://www.rabbitmq.com/management.html#fine-stats for more details.
-management.rates_mode = basic
-
-## Configure how long aggregated data (such as message rates and queue
-## lengths) is retained. Please read the plugin's documentation in
-## http://www.rabbitmq.com/management.html#configuration for more
-## details.
-## Your can use 'minute', 'hour' and '24hours' keys or integer key (in seconds)
-management.sample_retention_policies.global.minute    = 5
-management.sample_retention_policies.global.hour  = 60
-management.sample_retention_policies.global.day = 1200
-
-management.sample_retention_policies.basic.minute   = 5
-management.sample_retention_policies.basic.hour = 60
-
-management.sample_retention_policies.detailed.10 = 5
-
-## ----------------------------------------------------------------------------
-## RabbitMQ Shovel Plugin
-##
-## See http://www.rabbitmq.com/shovel.html for details
-## ----------------------------------------------------------------------------
-
-## Shovel plugin config example is defined in additional.config file
-
-
-## ----------------------------------------------------------------------------
-## RabbitMQ Stomp Adapter
-##
-## See http://www.rabbitmq.com/stomp.html for details
-## ----------------------------------------------------------------------------
-
-# =======================================
-# STOMP section
-# =======================================
-
-## Network Configuration - the format is generally the same as for the broker
-##
-stomp.listener.tcp.default = 61613
-
-## Same for ssl listeners
-##
-# stomp.listener.ssl.default = 61614
-
-## Number of Erlang processes that will accept connections for the TCP
-## and SSL listeners.
-##
-stomp.num_acceptors.tcp = 10
-stomp.num_acceptors.ssl = 1
-
-## Additional SSL options
-
-## Extract a name from the client's certificate when using SSL.
-##
-stomp.ssl_cert_login = true
-
-## Set a default user name and password. This is used as the default login
-## whenever a CONNECT frame omits the login and passcode headers.
-##
-## Please note that setting this will allow clients to connect without
-## authenticating!
-##
-# stomp.default_user = guest
-# stomp.default_pass = guest
-
-## If a default user is configured, or you have configured use SSL client
-## certificate based authentication, you can choose to allow clients to
-## omit the CONNECT frame entirely. If set to true, the client is
-## automatically connected as the default user or user supplied in the
-## SSL certificate whenever the first frame sent on a session is not a
-## CONNECT frame.
-##
-# stomp.implicit_connect = true
-
-## ----------------------------------------------------------------------------
-## RabbitMQ MQTT Adapter
-##
-## See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md
-## for details
-## ----------------------------------------------------------------------------
-
-# =======================================
-# MQTT section
-# =======================================
-
-## Set the default user name and password. Will be used as the default login
-## if a connecting client provides no other login details.
-##
-## Please note that setting this will allow clients to connect without
-## authenticating!
-##
-# mqtt.default_user = guest
-# mqtt.default_pass = guest
-
-## Enable anonymous access. If this is set to false, clients MUST provide
-## login information in order to connect. See the default_user/default_pass
-## configuration elements for managing logins without authentication.
-##
-# mqtt.allow_anonymous = true
-
-## If you have multiple chosts, specify the one to which the
-## adapter connects.
-##
-mqtt.vhost = /
-
-## Specify the exchange to which messages from MQTT clients are published.
-##
-mqtt.exchange = amq.topic
-
-## Specify TTL (time to live) to control the lifetime of non-clean sessions.
-##
-# mqtt.subscription_ttl = 1800000
-
-## Set the prefetch count (governing the maximum number of unacknowledged
-## messages that will be delivered).
-##
-mqtt.prefetch = 10
-
-## TCP/SSL Configuration (as per the broker configuration).
-##
-mqtt.listener.tcp.default = 1883
-
-## Same for ssl listener
-##
-# mqtt.listener.ssl.default = 1884
-
-## Number of Erlang processes that will accept connections for the TCP
-## and SSL listeners.
-##
-mqtt.num_acceptors.tcp = 10
-mqtt.num_acceptors.ssl = 1
-
-## TCP/Socket options (as per the broker configuration).
-##
-# mqtt.tcp_listen_option.backlog = 128
-# mqtt.tcp_listen_option.nodelay = true
-
-## ----------------------------------------------------------------------------
-## RabbitMQ AMQP 1.0 Support
-##
-## See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md
-## for details
-## ----------------------------------------------------------------------------
-
-# =======================================
-# AMQP_1 section
-# =======================================
-
-
-## Connections that are not authenticated with SASL will connect as this
-## account. See the README for more information.
-##
-## Please note that setting this will allow clients to connect without
-## authenticating!
-##
-amqp1_0.default_user = guest
-
-## Enable protocol strict mode. See the README for more information.
-##
-amqp1_0.protocol_strict_mode = false
-
-## Lager controls logging.
-## See https://github.com/basho/lager for more documentation
-##
-## Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default.
-##
-# log.dir = /var/log/rabbitmq
-
-## Logging to console (can be true or false)
-##
-# log.console = false
-
-## Loglevel to log to console
-##
-# log.console.level = info
-
-## Logging to file. Can be false or filename.
-## Default:
-# log.file = rabbit.log
-
-## To turn off:
-# log.file = false
-
-## Loglevel to log to file
-##
-# log.file.level = info
-
-## File rotation config. No rotation by defualt.
-## DO NOT SET rotation date to ''. Leave unset if require "" value
-# log.file.rotation.date = $D0 
-# log.file.rotation.size = 0
-
-
-## QA: Config for syslog logging
-# log.syslog = false
-# log.syslog.identity = rabbitmq
-# log.syslog.level    = info
-# log.syslog.facility = daemon
-
-
-## ----------------------------------------------------------------------------
-## RabbitMQ LDAP Plugin
-##
-## See http://www.rabbitmq.com/ldap.html for details.
-##
-## ----------------------------------------------------------------------------
-
-# =======================================
-# LDAP section
-# =======================================
-
-##
-## Connecting to the LDAP server(s)
-## ================================
-##
-
-## Specify servers to bind to. You *must* set this in order for the plugin
-## to work properly.
-##
-# ldap.servers.1 = your-server-name-goes-here
-
-## You can define multiple servers
-# ldap.servers.2 = your-other-server
-
-## Connect to the LDAP server using SSL
-##
-# ldap.use_ssl = false
-
-## Specify the LDAP port to connect to
-##
-# ldap.port = 389
-
-## LDAP connection timeout, in milliseconds or 'infinity'
-##
-# ldap.timeout = infinity
-
-## Or number
-# ldap.timeout = 500
-
-## Enable logging of LDAP queries.
-## One of
-##   - false (no logging is performed)
-##   - true (verbose logging of the logic used by the plugin)
-##   - network (as true, but additionally logs LDAP network traffic)
-##
-## Defaults to false.
-##
-# ldap.log = false
-
-## Also can be true or network
-# ldap.log = true
-# ldap.log = network
-
-##
-## Authentication
-## ==============
-##
-
-## Pattern to convert the username given through AMQP to a DN before
-## binding
-##
-# ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com
-
-## Alternatively, you can convert a username to a Distinguished
-## Name via an LDAP lookup after binding. See the documentation for
-## full details.
-
-## When converting a username to a dn via a lookup, set these to
-## the name of the attribute that represents the user name, and the
-## base DN for the lookup query.
-##
-# ldap.dn_lookup_attribute = userPrincipalName
-# ldap.dn_lookup_base      = DC=gopivotal,DC=com
-
-## Controls how to bind for authorisation queries and also to
-## retrieve the details of users logging in without presenting a
-## password (e.g., SASL EXTERNAL).
-## One of
-##  - as_user (to bind as the authenticated user - requires a password)
-##  - anon    (to bind anonymously)
-##  - {UserDN, Password} (to bind with a specified user name and password)
-##
-## Defaults to 'as_user'.
-##
-# ldap.other_bind = as_user
-
-## Or can be more complex:
-# ldap.other_bind.user_dn  = User
-# ldap.other_bind.password = Password
-
-## If user_dn and password defined - other options is ignored.
-
-# -----------------------------
-# Too complex section of LDAP
-# -----------------------------
-
-##
-## Authorisation
-## =============
-##
-
-## The LDAP plugin can perform a variety of queries against your
-## LDAP server to determine questions of authorisation. See
-## http://www.rabbitmq.com/ldap.html#authorisation for more
-## information.
-
-## Following configuration should be defined in additional.config file
-## DO NOT UNCOMMENT THIS LINES!
-
-## Set the query to use when determining vhost access
-##
-## {vhost_access_query, {in_group,
-##                       "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}},
-
-## Set the query to use when determining resource (e.g., queue) access
-##
-## {resource_access_query, {constant, true}},
-
-## Set queries to determine which tags a user has
-##
-## {tag_queries, []}
-#   ]},
-# -----------------------------
diff --git a/test/config_schema_SUITE_data/snippets.config b/test/config_schema_SUITE_data/snippets.config
index 4f7a25b110..92504b8c0d 100644
--- a/test/config_schema_SUITE_data/snippets.config
+++ b/test/config_schema_SUITE_data/snippets.config
@@ -135,46 +135,46 @@ auth_backends.2 = internal",
                                                       rabbit_auth_backend_internal]}]}],[]}
 ,
 {16.1,
-"ldap.servers.1 = DC1.domain.com
- ldap.servers.2 = DC1.eng.domain.com",
+"auth_ldap.servers.1 = DC1.domain.com
+ auth_ldap.servers.2 = DC1.eng.domain.com",
 [{rabbitmq_auth_backend_ldap, [{servers, ["DC1.domain.com", "DC1.eng.domain.com"]}]}],
 [rabbitmq_auth_backend_ldap]}
 ,
 {16.2,
-"ldap.servers.1 = hostname1
- ldap.servers.2 = hostname2",
+"auth_ldap.servers.1 = hostname1
+ auth_ldap.servers.2 = hostname2",
 [{rabbitmq_auth_backend_ldap, [{servers, ["hostname1", "hostname2"]}]}],
 [rabbitmq_auth_backend_ldap]}
 ,
 {17,
-"ldap.dn_lookup_attribute = userPrincipalName
-ldap.dn_lookup_base = DC=gopivotal,DC=com
-ldap.dn_lookup_bind = as_user",
+"auth_ldap.dn_lookup_attribute = userPrincipalName
+auth_ldap.dn_lookup_base = DC=gopivotal,DC=com
+auth_ldap.dn_lookup_bind = as_user",
 [{rabbitmq_auth_backend_ldap, [{dn_lookup_attribute,   "userPrincipalName"},
 {dn_lookup_base,        "DC=gopivotal,DC=com"},
 {dn_lookup_bind, as_user}]}],
 [rabbitmq_auth_backend_ldap]}
 ,
 {18,
-"ldap.dn_lookup_bind.user_dn = username
-ldap.dn_lookup_bind.password = password",
+"auth_ldap.dn_lookup_bind.user_dn = username
+auth_ldap.dn_lookup_bind.password = password",
 [{rabbitmq_auth_backend_ldap, [
 {dn_lookup_bind, {"username", "password"}}]}],
 [rabbitmq_auth_backend_ldap]}
 ,
 {19,
-"ldap.other_bind = anon",
+"auth_ldap.other_bind = anon",
 [{rabbitmq_auth_backend_ldap, [{other_bind, anon}]}],
 [rabbitmq_auth_backend_ldap]}
 ,
 {20,
-"ldap.other_bind = as_user",
+"auth_ldap.other_bind = as_user",
 [{rabbitmq_auth_backend_ldap, [{other_bind, as_user}]}],
 [rabbitmq_auth_backend_ldap]}
 ,
 {21,
-"ldap.other_bind.user_dn = username
-ldap.other_bind.password = password",
+"auth_ldap.other_bind.user_dn = username
+auth_ldap.other_bind.password = password",
 [{rabbitmq_auth_backend_ldap, [{other_bind, {"username", "password"}}]}],
 [rabbitmq_auth_backend_ldap]}
 ,
@@ -727,9 +727,9 @@ web_stomp.ssl.password   = changeme",
 [rabbitmq_web_stomp]},
 {69,
 "auth_backends.1 = http
-rabbitmq_auth_backend_http.user_path     = http://some-server/auth/user
-rabbitmq_auth_backend_http.vhost_path    = http://some-server/auth/vhost
-rabbitmq_auth_backend_http.resource_path = http://some-server/auth/resource",
+auth_http.user_path     = http://some-server/auth/user
+auth_http.vhost_path    = http://some-server/auth/vhost
+auth_http.resource_path = http://some-server/auth/resource",
 [{rabbit, [{auth_backends, [rabbit_auth_backend_http]}]},
   {rabbitmq_auth_backend_http,
    [{user_path,     "http://some-server/auth/user"},
@@ -812,6 +812,20 @@ credential_validator.regexp = ^abc\\d+",
       {validation_backend, rabbit_credential_validator_password_regexp},
       {regexp,             "^abc\\d+"}
     ]}
-]}],[]}
+]}],[]},
+
+{79,
+"auth_backends.1 = amqp
+auth_amqp.username = user
+auth_amqp.vhost    = my_vhost
+auth_amqp.exchange = exchange_name
+auth_amqp.timeout  = 100",
+[{rabbit, [{auth_backends, [rabbit_auth_backend_amqp]}]},
+  {rabbitmq_auth_backend_amqp,
+   [{username, <<"user">>},
+    {vhost,    <<"my_vhost">>},
+    {exchange, <<"exchange_name">>},
+    {timeout,  100}]}],
+[rabbitmq_auth_backend_amqp]}
 
 ].