Implement LDAP credentials validation via HTTP API #14661

lukebakken · 2025-10-02T00:32:13Z

See discussion #14244

Follow-up to #14414

Cherry-picked from 9a4cb9c and then modified to move validation API endpoint to a separate plugin, rabbitmq_auth_backend_ldap_management.

These changes will allow a user to make an HTTP API request to...

/api/ldap/validate/simple-bind

...with an appropriate JSON body, and the plugin will attempt a connection to the specified LDAP server using the provided credentials. This allows validation that a connection can be made to an LDAP server from a RabbitMQ cluster environment.

the-mikedavis · 2025-10-03T19:23:12Z

Looks like the move of LDAP helpers into rabbitmq_ct_helpers makes dialyzer unhappy:

Unknown functions:
  eldap:add/3 (/home/runner/work/rabbitmq-server/rabbitmq-server/deps/rabbitmq_ct_helpers/src/rabbit_ct_ldap_seed.erl:191:10)
  eldap:close/1 (/home/runner/work/rabbitmq-server/rabbitmq-server/deps/rabbitmq_ct_helpers/src/rabbit_ct_ldap_seed.erl:43:10)
  eldap:delete/2 (/home/runner/work/rabbitmq-server/rabbitmq-server/deps/rabbitmq_ct_helpers/src/rabbit_ct_ldap_seed.erl:42:19)
  eldap:open/2 (/home/runner/work/rabbitmq-server/rabbitmq-server/deps/rabbitmq_ct_helpers/src/rabbit_ct_ldap_seed.erl:198:15)
  eldap:simple_bind/3 (/home/runner/work/rabbitmq-server/rabbitmq-server/deps/rabbitmq_ct_helpers/src/rabbit_ct_ldap_seed.erl:199:10)
  rabbit_ct_client_helpers:setup_steps/0 (/home/runner/work/rabbitmq-server/rabbitmq-server/deps/rabbitmq_ct_helpers/src/rabbit_ct_ldap_utils.erl:86:7)
  rabbit_ct_client_helpers:teardown_steps/0 (/home/runner/work/rabbitmq-server/rabbitmq-server/deps/rabbitmq_ct_helpers/src/rabbit_ct_ldap_utils.erl:91:7)
 done in 0m0.87s

Adding eldap as a dependency of rabbitmq_ct_helpers would be simple enough but adding rabbitmq_ct_client_helpers would make a circular dependency.

See discussion rabbitmq#14244 Follow-up to rabbitmq#14414 Cherry-picked from 9a4cb9c and then modified to move validation API endpoint to a separate plugin, `rabbitmq_auth_backend_ldap_management`. These changes will allow a user to make an HTTP API request to... ``` /api/ldap/validate/simple-bind ``` ...with an appropriate JSON body, and the plugin will attempt a connection to the specified LDAP server using the provided credentials. This allows validation that a connection can be made to an LDAP server from a RabbitMQ cluster environment.

lukebakken requested review from michaelklishin and the-mikedavis October 2, 2025 00:32

lukebakken self-assigned this Oct 2, 2025

mergify bot added the make label Oct 2, 2025

lukebakken force-pushed the lukebakken/ldap-validation-api-plugin branch from 88b03fa to c25f38f Compare October 2, 2025 14:08

lukebakken marked this pull request as draft October 3, 2025 16:07

lukebakken force-pushed the lukebakken/ldap-validation-api-plugin branch from 9df993f to 3acb159 Compare October 3, 2025 18:03

lukebakken marked this pull request as ready for review October 3, 2025 18:04

lukebakken force-pushed the lukebakken/ldap-validation-api-plugin branch from 3acb159 to c70b579 Compare October 3, 2025 18:18

lukebakken force-pushed the lukebakken/ldap-validation-api-plugin branch from c70b579 to 354172e Compare October 3, 2025 21:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Implement LDAP credentials validation via HTTP API #14661

Implement LDAP credentials validation via HTTP API #14661

Uh oh!

lukebakken commented Oct 2, 2025

Uh oh!

the-mikedavis commented Oct 3, 2025

Uh oh!

Uh oh!

Implement LDAP credentials validation via HTTP API #14661

Are you sure you want to change the base?

Implement LDAP credentials validation via HTTP API #14661

Uh oh!

Conversation

lukebakken commented Oct 2, 2025

Uh oh!

the-mikedavis commented Oct 3, 2025

Uh oh!

Uh oh!