Merge pull request #575 from rabbitmq/rabbitmq-server-550

Support new configuration format

2 files changed, 845 insertions, 0 deletions

diff --git a/docs/advanced.config.example b/docs/advanced.config.example
new file mode 100644
index 0000000000..82a1c000e1
--- /dev/null
+++ b/docs/advanced.config.example
@@ -0,0 +1,109 @@
+[
+
+
+ %% ----------------------------------------------------------------------------
+ %% Advanced Erlang Networking/Clustering Options.
+ %%
+ %% See http://www.rabbitmq.com/clustering.html for details
+ %% ----------------------------------------------------------------------------
+ %% Sets the net_kernel tick time.
+ %% Please see http://erlang.org/doc/man/kernel_app.html and
+ %% http://www.rabbitmq.com/nettick.html for further details.
+ %%
+ %% {kernel, [{net_ticktime, 60}]},
+ %% ----------------------------------------------------------------------------
+ %% RabbitMQ Shovel Plugin
+ %%
+ %% See http://www.rabbitmq.com/shovel.html for details
+ %% ----------------------------------------------------------------------------
+
+ {rabbitmq_shovel,
+  [{shovels,
+    [%% A named shovel worker.
+     %% {my_first_shovel,
+     %%  [
+
+     %% List the source broker(s) from which to consume.
+     %%
+     %%   {sources,
+     %%    [%% URI(s) and pre-declarations for all source broker(s).
+     %%     {brokers, ["amqp://user:password@host.domain/my_vhost"]},
+     %%     {declarations, []}
+     %%    ]},
+
+     %% List the destination broker(s) to publish to.
+     %%   {destinations,
+     %%    [%% A singular version of the 'brokers' element.
+     %%     {broker, "amqp://"},
+     %%     {declarations, []}
+     %%    ]},
+
+     %% Name of the queue to shovel messages from.
+     %%
+     %% {queue, <<"your-queue-name-goes-here">>},
+
+     %% Optional prefetch count.
+     %%
+     %% {prefetch_count, 10},
+
+     %% when to acknowledge messages:
+     %% - no_ack: never (auto)
+     %% - on_publish: after each message is republished
+     %% - on_confirm: when the destination broker confirms receipt
+     %%
+     %% {ack_mode, on_confirm},
+
+     %% Overwrite fields of the outbound basic.publish.
+     %%
+     %% {publish_fields, [{exchange,    <<"my_exchange">>},
+     %%                   {routing_key, <<"from_shovel">>}]},
+
+     %% Static list of basic.properties to set on re-publication.
+     %%
+     %% {publish_properties, [{delivery_mode, 2}]},
+
+     %% The number of seconds to wait before attempting to
+     %% reconnect in the event of a connection failure.
+     %%
+     %% {reconnect_delay, 2.5}
+
+     %% ]} %% End of my_first_shovel
+    ]}
+   %% Rather than specifying some values per-shovel, you can specify
+   %% them for all shovels here.
+   %%
+   %% {defaults, [{prefetch_count,     0},
+   %%             {ack_mode,           on_confirm},
+   %%             {publish_fields,     []},
+   %%             {publish_properties, [{delivery_mode, 2}]},
+   %%             {reconnect_delay,    2.5}]}
+  ]},
+
+  {rabbitmq_auth_backend_ldap, [
+    %%
+    %% Authorisation
+    %% =============
+    %%
+
+    %% The LDAP plugin can perform a variety of queries against your
+    %% LDAP server to determine questions of authorisation. See
+    %% http://www.rabbitmq.com/ldap.html#authorisation for more
+    %% information.
+
+    %% Set the query to use when determining vhost access
+    %%
+    %% {vhost_access_query, {in_group,
+    %%                       "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}},
+
+    %% Set the query to use when determining resource (e.g., queue) access
+    %%
+    %% {resource_access_query, {constant, true}},
+
+    %% Set queries to determine which tags a user has
+    %%
+    %% {tag_queries, []}
+  ]}
+].
+
+
+
diff --git a/docs/rabbitmq.conf.example b/docs/rabbitmq.conf.example
new file mode 100644
index 0000000000..5c92165f73
--- /dev/null
+++ b/docs/rabbitmq.conf.example
@@ -0,0 +1,736 @@
+# ======================================
+# RabbbitMQ broker section
+# ======================================
+
+## Network Connectivity
+## ====================
+##
+## By default, RabbitMQ will listen on all interfaces, using
+## the standard (reserved) AMQP port.
+##
+# listeners.tcp.default = 5672
+
+
+## To listen on a specific interface, provide an IP address with port.
+## For example, to listen only on localhost for both IPv4 and IPv6:
+##
+# IPv4
+# listeners.tcp.local    = 127.0.0.1:5672
+# IPv6
+# listeners.tcp.local_v6 = ::1:5672
+
+## You can define multiple listeners using listener names
+# listeners.tcp.other_port = 5673
+# listeners.tcp.other_ip   = 10.10.10.10:5672
+
+
+## SSL listeners are configured in the same fashion as TCP listeners,
+## including the option to control the choice of interface.
+##
+# listeners.ssl.default = 5671
+
+## Number of Erlang processes that will accept connections for the TCP
+## and SSL listeners.
+##
+# num_acceptors.tcp = 10
+# num_acceptors.ssl = 1
+
+
+## Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection
+## and SSL handshake), in milliseconds.
+##
+# handshake_timeout = 10000
+
+## Set to 'true' to perform reverse DNS lookups when accepting a
+## connection. Hostnames will then be shown instead of IP addresses
+## in rabbitmqctl and the management plugin.
+##
+# reverse_dns_lookups = true
+
+##
+## Security / AAA
+## ==============
+##
+
+## The default "guest" user is only permitted to access the server
+## via a loopback interface (e.g. localhost).
+## {loopback_users, [<<"guest">>]},
+##
+# loopback_users.guest = true
+
+## Uncomment the following line if you want to allow access to the
+## guest user from anywhere on the network.
+# loopback_users.guest = false
+
+## Configuring SSL.
+## See http://www.rabbitmq.com/ssl.html for full documentation.
+##
+# ssl_options.verify               = verify_peer
+# ssl_options.fail_if_no_peer_cert = false
+# ssl_options.cacertfile           = /path/to/cacert.pem
+# ssl_options.certfile             = /path/to/cert.pem
+# ssl_options.keyfile              = /path/to/key.pem
+
+## Select an authentication/authorisation backend to use.
+##
+## Alternative backends are provided by plugins, such as rabbitmq-auth-backend-ldap.
+##
+## NB: These settings require certain plugins to be enabled.
+## See http://www.rabbitmq.com/plugins.html and http://rabbitmq.com/access-control.html
+## for details.
+
+# auth_backends.1   = rabbit_auth_backend_internal
+
+## uses separate backends for authentication and authorisation,
+## see below.
+# auth_backends.1.authn = rabbit_auth_backend_ldap
+# auth_backends.1.authz = rabbit_auth_backend_internal
+
+## The rabbitmq_auth_backend_ldap plugin allows the broker to
+## perform authentication and authorisation by deferring to an
+## external LDAP server.
+##
+## For more information about configuring the LDAP backend, see
+## http://www.rabbitmq.com/ldap.html and http://rabbitmq.com/access-control.html.
+##
+## uses LDAP for both authentication and authorisation
+# auth_backends.1 = rabbit_auth_backend_ldap
+
+## uses HTTP service for both authentication and
+## authorisation
+# auth_backends.1 = rabbit_auth_backend_http
+
+## uses two backends in a chain: HTTP first, then internal
+# auth_backends.1   = rabbit_auth_backend_http
+# auth_backends.2   = rabbit_auth_backend_internal
+
+## Authentication
+## The built-in mechanisms are 'PLAIN',
+## 'AMQPLAIN', and 'EXTERNAL' Additional mechanisms can be added via
+## plugins.
+##
+## See http://www.rabbitmq.com/authentication.html for more details.
+##
+# auth_mechanisms.1 = PLAIN
+# auth_mechanisms.2 = AMQPLAIN
+
+## The rabbitmq-auth-mechanism-ssl plugin makes it possible to
+## authenticate a user based on the client's x509 (TLS) certificate.
+## See http://www.rabbitmq.com/authentication.html for more info.
+##
+## To use auth-mechanism-ssl, the EXTERNAL mechanism should
+## be enabled:
+##
+# auth_mechanisms.1 = PLAIN
+# auth_mechanisms.2 = AMQPLAIN
+# auth_mechanisms.3 = EXTERNAL
+
+## To force x509 certificate-based authentication on all clients,
+## exclude all other mechanisms (note: this will disable password-based
+## authentication even for the management UI!):
+##
+# auth_mechanisms.1 = EXTERNAL
+
+## This pertains to both the rabbitmq-auth-mechanism-ssl plugin and
+## STOMP ssl_cert_login configurations. See the rabbitmq_stomp
+## configuration section later in this file and the README in
+## https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further
+## details.
+##
+## To use the SSL cert's CN instead of its DN as the username
+##
+# ssl_cert_login_from   = common_name
+
+## SSL handshake timeout, in milliseconds.
+##
+# ssl_handshake_timeout = 5000
+
+
+## Password hashing implementation. Will only affect newly
+## created users. To recalculate hash for an existing user
+## it's necessary to update her password.
+##
+## To use SHA-512, set to rabbit_password_hashing_sha512.
+##
+# password_hashing_module = rabbit_password_hashing_sha256
+
+## When importing definitions exported from versions earlier
+## than 3.6.0, it is possible to go back to MD5 (only do this
+## as a temporary measure!) by setting this to rabbit_password_hashing_md5.
+##
+# password_hashing_module = rabbit_password_hashing_md5
+
+##
+## Default User / VHost
+## ====================
+##
+
+## On first start RabbitMQ will create a vhost and a user. These
+## config items control what gets created. See
+## http://www.rabbitmq.com/access-control.html for further
+## information about vhosts and access control.
+##
+# default_vhost = /
+# default_user = guest
+# default_pass = guest
+
+# default_permissions.configure = .*
+# default_permissions.read = .*
+# default_permissions.write = .*
+
+## Tags for default user
+##
+## For more details about tags, see the documentation for the
+## Management Plugin at http://www.rabbitmq.com/management.html.
+##
+# default_user_tags.administrator = true
+
+## Define other tags like this:
+# default_user_tags.management = true
+# default_user_tags.custom_tag = true
+
+##
+## Additional network and protocol related configuration
+## =====================================================
+##
+
+## Set the default AMQP 0-9-1 heartbeat interval (in seconds).
+## See http://rabbitmq.com/heartbeats.html for more details.
+##
+# heartbeat = 600
+
+## Set the max permissible size of an AMQP frame (in bytes).
+##
+# frame_max = 131072
+
+## Set the max frame size the server will accept before connection
+## tuning occurs
+##
+# initial_frame_max = 4096
+
+## Set the max permissible number of channels per connection.
+## 0 means "no limit".
+##
+# channel_max = 128
+
+## Customising Socket Options.
+##
+## See (http://www.erlang.org/doc/man/inet.html#setopts-2) for
+## further documentation.
+##
+
+# tcp_listen_options.backlog = 128
+# tcp_listen_options.nodelay = true
+# tcp_listen_options.exit_on_close = false
+
+##
+## Resource Limits & Flow Control
+## ==============================
+##
+## See http://www.rabbitmq.com/memory.html for full details.
+
+## Memory-based Flow Control threshold.
+##
+# vm_memory_high_watermark.relative = 0.4
+
+## Alternatively, we can set a limit (in bytes) of RAM used by the node.
+##
+# vm_memory_high_watermark.absolute = 1073741824
+
+## Or you can set absolute value using memory units (with RabbitMQ 3.6.0+).
+## Absolute watermark will be ignored if relative is defined!
+##
+# vm_memory_high_watermark.absolute = 2GB
+##
+## Supported units suffixes:
+##
+## kb, KB: kibibytes (2^10 bytes)
+## mb, MB: mebibytes (2^20)
+## gb, GB: gibibytes (2^30)
+
+
+
+## Fraction of the high watermark limit at which queues start to
+## page message out to disc in order to free up memory.
+##
+## Values greater than 0.9 can be dangerous and should be used carefully.
+##
+# vm_memory_high_watermark_paging_ratio = 0.5
+
+## Interval (in milliseconds) at which we perform the check of the memory
+## levels against the watermarks.
+##
+# memory_monitor_interval = 2500
+
+## Set disk free limit (in bytes). Once free disk space reaches this
+## lower bound, a disk alarm will be set - see the documentation
+## listed above for more details.
+##
+## Absolute watermark will be ignored if relative is defined!
+# disk_free_limit.absolute = 50000
+
+## Or you can set it using memory units (same as in vm_memory_high_watermark)
+## with RabbitMQ 3.6.0+.
+# disk_free_limit.absolute = 500KB
+# disk_free_limit.absolute = 50mb
+# disk_free_limit.absolute = 5GB
+
+## Alternatively, we can set a limit relative to total available RAM.
+##
+## Values lower than 1.0 can be dangerous and should be used carefully.
+# disk_free_limit.relative = 2.0
+
+##
+## Clustering
+## =====================
+##
+# cluster_partition_handling = ignore
+
+## pause_if_all_down strategy require additional configuration
+# cluster_partition_handling = pause_if_all_down
+
+## Recover strategy. Can be either 'autoheal' or 'ignore'
+# cluster_partition_handling.pause_if_all_down.recover = ignore
+
+## Node names to check
+# cluster_partition_handling.pause_if_all_down.nodes.1 = rabbit@localhost
+# cluster_partition_handling.pause_if_all_down.nodes.2 = hare@localhost
+
+## Mirror sync batch size, in messages. Increasing this will speed
+## up syncing but total batch size in bytes must not exceed 2 GiB.
+## Available in RabbitMQ 3.6.0 or later.
+##
+# mirroring_sync_batch_size = 4096
+
+## Make clustering happen *automatically* at startup - only applied
+## to nodes that have just been reset or started for the first time.
+## See http://www.rabbitmq.com/clustering.html#auto-config for
+## further details.
+##
+# cluster_nodes.disc.rabbit = rabbit@my.host.com
+
+## You can define multiple nodes
+# cluster_nodes.disc.hare = hare@my.host.com
+
+## There can be also ram nodes.
+## Ram nodes should not be defined together with disk nodes
+# cluster_nodes.ram.rabbit = rabbit@my.host.com
+
+## Interval (in milliseconds) at which we send keepalive messages
+## to other cluster members. Note that this is not the same thing
+## as net_ticktime; missed keepalive messages will not cause nodes
+## to be considered down.
+##
+# cluster_keepalive_interval = 10000
+
+##
+## Statistics Collection
+## =====================
+##
+
+## Set (internal) statistics collection granularity.
+##
+## Can be none, coarse or fine
+# collect_statistics = none
+
+# collect_statistics = coarse
+
+## Statistics collection interval (in milliseconds). Increasing
+## this will reduce the load on management database.
+##
+# collect_statistics_interval = 5000
+
+##
+## Misc/Advanced Options
+## =====================
+##
+## NB: Change these only if you understand what you are doing!
+##
+
+## Explicitly enable/disable hipe compilation.
+##
+# hipe_compile = false
+
+## Timeout used when waiting for Mnesia tables in a cluster to
+## become available.
+##
+# mnesia_table_loading_timeout = 30000
+
+## Size in bytes below which to embed messages in the queue index. See
+## http://www.rabbitmq.com/persistence-conf.html
+##
+# queue_index_embed_msgs_below = 4096
+
+## You can also set this size in memory units
+##
+# queue_index_embed_msgs_below = 4kb
+
+## ----------------------------------------------------------------------------
+## Advanced Erlang Networking/Clustering Options.
+##
+## See http://www.rabbitmq.com/clustering.html for details
+## ----------------------------------------------------------------------------
+
+# ======================================
+# Kernel section
+# ======================================
+
+# kernel.net_ticktime = 60
+
+## ----------------------------------------------------------------------------
+## RabbitMQ Management Plugin
+##
+## See http://www.rabbitmq.com/management.html for details
+## ----------------------------------------------------------------------------
+
+# =======================================
+# Management section
+# =======================================
+
+## Pre-Load schema definitions from the following JSON file. See
+## http://www.rabbitmq.com/management.html#load-definitions
+##
+# management.load_definitions = /path/to/schema.json
+
+## Log all requests to the management HTTP API to a file.
+##
+# management.http_log_dir = /path/to/access.log
+
+## Change the port on which the HTTP listener listens,
+## specifying an interface for the web server to bind to.
+## Also set the listener to use SSL and provide SSL options.
+##
+
+# QA: Maybe use IP type like in tcp_listener?
+# management.listeners.port = 12345
+# management.listeners.ip   = 127.0.0.1
+# management.listeners.ssl  = true
+
+# management.listeners.ssl_opts.cacertfile = /path/to/cacert.pem
+# management.listeners.ssl_opts.certfile   = /path/to/cert.pem
+# management.listeners.ssl_opts.keyfile    = /path/to/key.pem
+
+## One of 'basic', 'detailed' or 'none'. See
+## http://www.rabbitmq.com/management.html#fine-stats for more details.
+# management.rates_mode = basic
+
+## Configure how long aggregated data (such as message rates and queue
+## lengths) is retained. Please read the plugin's documentation in
+## http://www.rabbitmq.com/management.html#configuration for more
+## details.
+## Your can use 'minute', 'hour' and '24hours' keys or integer key (in seconds)
+# management.sample_retention_policies.global.minute    = 5
+# management.sample_retention_policies.global.hour  = 60
+# management.sample_retention_policies.global.24hours = 1200
+
+# management.sample_retention_policies.basic.minute   = 5
+# management.sample_retention_policies.basic.hour = 60
+
+# management.sample_retention_policies.detailed.10 = 5
+
+## ----------------------------------------------------------------------------
+## RabbitMQ Shovel Plugin
+##
+## See http://www.rabbitmq.com/shovel.html for details
+## ----------------------------------------------------------------------------
+
+## Shovel plugin config example is defined in additional.config file
+
+
+## ----------------------------------------------------------------------------
+## RabbitMQ Stomp Adapter
+##
+## See http://www.rabbitmq.com/stomp.html for details
+## ----------------------------------------------------------------------------
+
+# =======================================
+# STOMP section
+# =======================================
+
+## Network Configuration - the format is generally the same as for the broker
+##
+# stomp.listeners.tcp.default = 61613
+
+## Same for ssl listeners
+##
+# stomp.listeners.ssl.default = 61614
+
+## Number of Erlang processes that will accept connections for the TCP
+## and SSL listeners.
+##
+# stomp.num_acceptors.tcp = 10
+# stomp.num_acceptors.ssl = 1
+
+## Additional SSL options
+
+## Extract a name from the client's certificate when using SSL.
+##
+# stomp.ssl_cert_login = true
+
+## Set a default user name and password. This is used as the default login
+## whenever a CONNECT frame omits the login and passcode headers.
+##
+## Please note that setting this will allow clients to connect without
+## authenticating!
+##
+# stomp.default_user = guest
+# stomp.default_pass = guest
+
+## If a default user is configured, or you have configured use SSL client
+## certificate based authentication, you can choose to allow clients to
+## omit the CONNECT frame entirely. If set to true, the client is
+## automatically connected as the default user or user supplied in the
+## SSL certificate whenever the first frame sent on a session is not a
+## CONNECT frame.
+##
+# stomp.implicit_connect = true
+
+## ----------------------------------------------------------------------------
+## RabbitMQ MQTT Adapter
+##
+## See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md
+## for details
+## ----------------------------------------------------------------------------
+
+# =======================================
+# MQTT section
+# =======================================
+
+## Set the default user name and password. Will be used as the default login
+## if a connecting client provides no other login details.
+##
+## Please note that setting this will allow clients to connect without
+## authenticating!
+##
+# mqtt.default_user = guest
+# mqtt.default_pass = guest
+
+## Enable anonymous access. If this is set to false, clients MUST provide
+## login information in order to connect. See the default_user/default_pass
+## configuration elements for managing logins without authentication.
+##
+# mqtt.allow_anonymous = true
+
+## If you have multiple chosts, specify the one to which the
+## adapter connects.
+##
+# mqtt.vhost = /
+
+## Specify the exchange to which messages from MQTT clients are published.
+##
+# mqtt.exchange = amq.topic
+
+## Specify TTL (time to live) to control the lifetime of non-clean sessions.
+##
+# mqtt.subscription_ttl = 1800000
+
+## Set the prefetch count (governing the maximum number of unacknowledged
+## messages that will be delivered).
+##
+# mqtt.prefetch = 10
+
+## TCP/SSL Configuration (as per the broker configuration).
+##
+# mqtt.listeners.tcp.default = 1883
+
+## Same for ssl listener
+##
+# mqtt.listeners.ssl.default = 1884
+
+## Number of Erlang processes that will accept connections for the TCP
+## and SSL listeners.
+##
+# mqtt.num_acceptors.tcp = 10
+# mqtt.num_acceptors.ssl = 1
+
+## TCP/Socket options (as per the broker configuration).
+##
+# mqtt.tcp_listen_options.backlog = 128
+# mqtt.tcp_listen_options.nodelay = true
+
+## ----------------------------------------------------------------------------
+## RabbitMQ AMQP 1.0 Support
+##
+## See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md
+## for details
+## ----------------------------------------------------------------------------
+
+# =======================================
+# AMQP_1 section
+# =======================================
+
+
+## Connections that are not authenticated with SASL will connect as this
+## account. See the README for more information.
+##
+## Please note that setting this will allow clients to connect without
+## authenticating!
+##
+# amqp1_0.default_user = guest
+
+## Enable protocol strict mode. See the README for more information.
+##
+# amqp1_0.protocol_strict_mode = false
+
+## Lager controls logging.
+## See https://github.com/basho/lager for more documentation
+##
+## Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default.
+##
+# log.dir = /var/log/rabbitmq
+
+## Logging to console (can be true or false)
+##
+# log.console = false
+
+## Loglevel to log to console
+##
+# log.console.level = info
+
+## Logging to file. Can be false or filename.
+## Default:
+# log.file = rabbit.log
+
+## To turn off:
+# log.file = false
+
+## Loglevel to log to file
+##
+# log.file.level = info
+
+## File rotation config. No rotation by defualt.
+## DO NOT SET rotation date to ''. Leave unset if require "" value
+# log.file.rotation.date = $D0 
+# log.file.rotation.size = 0
+
+
+## QA: Config for syslog logging
+# log.syslog = false
+# log.syslog.identity = rabbitmq
+# log.syslog.level    = info
+# log.syslog.facility = daemon
+
+
+## ----------------------------------------------------------------------------
+## RabbitMQ LDAP Plugin
+##
+## See http://www.rabbitmq.com/ldap.html for details.
+##
+## ----------------------------------------------------------------------------
+
+# =======================================
+# LDAP section
+# =======================================
+
+##
+## Connecting to the LDAP server(s)
+## ================================
+##
+
+## Specify servers to bind to. You *must* set this in order for the plugin
+## to work properly.
+##
+# ldap.servers.1 = your-server-name-goes-here
+
+## You can define multiple servers
+# ldap.servers.2 = your-other-server
+
+## Connect to the LDAP server using SSL
+##
+# ldap.use_ssl = false
+
+## Specify the LDAP port to connect to
+##
+# ldap.port = 389
+
+## LDAP connection timeout, in milliseconds or 'infinity'
+##
+# ldap.timeout = infinity
+
+## Or number
+# ldap.timeout = 500
+
+## Enable logging of LDAP queries.
+## One of
+##   - false (no logging is performed)
+##   - true (verbose logging of the logic used by the plugin)
+##   - network (as true, but additionally logs LDAP network traffic)
+##
+## Defaults to false.
+##
+# ldap.log = false
+
+## Also can be true or network
+# ldap.log = true
+# ldap.log = network
+
+##
+## Authentication
+## ==============
+##
+
+## Pattern to convert the username given through AMQP to a DN before
+## binding
+##
+# ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com
+
+## Alternatively, you can convert a username to a Distinguished
+## Name via an LDAP lookup after binding. See the documentation for
+## full details.
+
+## When converting a username to a dn via a lookup, set these to
+## the name of the attribute that represents the user name, and the
+## base DN for the lookup query.
+##
+# ldap.dn_lookup_attribute = userPrincipalName
+# ldap.dn_lookup_base      = DC=gopivotal,DC=com
+
+## Controls how to bind for authorisation queries and also to
+## retrieve the details of users logging in without presenting a
+## password (e.g., SASL EXTERNAL).
+## One of
+##  - as_user (to bind as the authenticated user - requires a password)
+##  - anon    (to bind anonymously)
+##  - {UserDN, Password} (to bind with a specified user name and password)
+##
+## Defaults to 'as_user'.
+##
+# ldap.other_bind = as_user
+
+## Or can be more complex:
+# ldap.other_bind.user_dn  = User
+# ldap.other_bind.password = Password
+
+## If user_dn and password defined - other options is ignored.
+
+# -----------------------------
+# Too complex section of LDAP
+# -----------------------------
+
+##
+## Authorisation
+## =============
+##
+
+## The LDAP plugin can perform a variety of queries against your
+## LDAP server to determine questions of authorisation. See
+## http://www.rabbitmq.com/ldap.html#authorisation for more
+## information.
+
+## Following configuration should be defined in additional.config file
+## DO NOT UNCOMMENT THIS LINES!
+
+## Set the query to use when determining vhost access
+##
+## {vhost_access_query, {in_group,
+##                       "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}},
+
+## Set the query to use when determining resource (e.g., queue) access
+##
+## {resource_access_query, {constant, true}},
+
+## Set queries to determine which tags a user has
+##
+## {tag_queries, []}
+#   ]},
+# -----------------------------