#  ## ----------------------------------------------------------------------------
#  ## RabbitMQ LDAP Plugin
#  ##
#  ## See http://www.rabbitmq.com/ldap.html for details.
#  ##
#  ## ----------------------------------------------------------------------------


# =======================================
# LDAP section
# =======================================

# Should be defined in additional.conf maybe?

#  {rabbitmq_auth_backend_ldap,
#   [##
#    ## Connecting to the LDAP server(s)
#    ## ================================
#    ##

#    ## Specify servers to bind to. You *must* set this in order for the plugin
#    ## to work properly.
#    ##
#    ## {servers, ["your-server-name-goes-here"]},

ldap.servers.myserver = your-server-name-goes-here

#    ## Connect to the LDAP server using SSL
#    ##
#    ## {use_ssl, false},

ldap.use_ssl = false

#    ## Specify the LDAP port to connect to
#    ##
#    ## {port, 389},

ldap.port = 389

#    ## LDAP connection timeout, in milliseconds or 'infinity'
#    ##
#    ## {timeout, infinity},

ldap.timeout = infinity

# Or number
# ldap.timeout = 500

#    ## Enable logging of LDAP queries.
#    ## One of
#    ##   - false (no logging is performed)
#    ##   - true (verbose logging of the logic used by the plugin)
#    ##   - network (as true, but additionally logs LDAP network traffic)
#    ##
#    ## Defaults to false.
#    ##
#    ## {log, false},

ldap.log = false

# Also can be true or network
# ldap.log = true
# ldap.log = network

#    ##
#    ## Authentication
#    ## ==============
#    ##

#    ## Pattern to convert the username given through AMQP to a DN before
#    ## binding
#    ##
#    ## {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"},

ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com

#    ## Alternatively, you can convert a username to a Distinguished
#    ## Name via an LDAP lookup after binding. See the documentation for
#    ## full details.

#    ## When converting a username to a dn via a lookup, set these to
#    ## the name of the attribute that represents the user name, and the
#    ## base DN for the lookup query.
#    ##
#    ## {dn_lookup_attribute,   "userPrincipalName"},
#    ## {dn_lookup_base,        "DC=gopivotal,DC=com"},

ldap.dn_lookup_attribute = userPrincipalName
ldap.dn_lookup_base      = DC=gopivotal,DC=com

#    ## Controls how to bind for authorisation queries and also to
#    ## retrieve the details of users logging in without presenting a
#    ## password (e.g., SASL EXTERNAL).
#    ## One of
#    ##  - as_user (to bind as the authenticated user - requires a password)
#    ##  - anon    (to bind anonymously)
#    ##  - {UserDN, Password} (to bind with a specified user name and password)
#    ##
#    ## Defaults to 'as_user'.
#    ##
#    ## {other_bind, as_user},

ldap.other_bind = as_user

# Or can be more complex:
# ldap.other_bind.user_dn  = User
# ldap.other_bind.password = Password
# If user_dn and password defined - other options is ignored.

# -----------------------------
# Too complex section of LDAP
# -----------------------------

#    ##
#    ## Authorisation
#    ## =============
#    ##

#    ## The LDAP plugin can perform a variety of queries against your
#    ## LDAP server to determine questions of authorisation. See
#    ## http://www.rabbitmq.com/ldap.html#authorisation for more
#    ## information.

#    ## Set the query to use when determining vhost access
#    ##
#    ## {vhost_access_query, {in_group,
#    ##                       "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}},

#    ## Set the query to use when determining resource (e.g., queue) access
#    ##
#    ## {resource_access_query, {constant, true}},

#    ## Set queries to determine which tags a user has
#    ##
#    ## {tag_queries, []}
#   ]},
# -----------------------------