lukebakken/advanced.config

## advanced.config
[
    {rabbit, [
        {tcp_listeners, [{"127.0.0.1", 1672}]},
        {ssl_listeners, [1671]}, % This needs to be unique on each node
        {log_levels, [{connection, debug}]},
        {heartbeat, 30},
        {handshake_timeout, 20000},
        {consumer_timeout, 86400000},
        {ssl_handshake_timeout, 20000},
        {default_vhost, <<"default">>},
        {cluster_partition_handling, autoheal},
        {ssl_options, [
            {cacertfile, "root.pem"},
            {certfile, "server.pem"},
            {keyfile, "key.pem"},
            {verify, verify_peer},
            {fail_if_no_peer_cert, false}
        ]},
        {auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_ldap]}]
    },
    {rabbitmq_management, [
        {listener, [
            {port, 1673}, % This needs to be unique on each node.
            {ssl, true},
            {ssl_options, [
                {cacertfile, "root.pem"},
                {certfile, "server.pem"},
                {keyfile, "key.pem"},
                {verify, verify_peer},
                {fail_if_no_peer_cert, false}
            ]}
        ]}
    ]},
    {lager, [
        {error_logger_hwm, 1024},
        {handlers, [
            {lager_file_backend, [
                {file, "../logs/npd.log"},
                {level, debug},
                {formatter_config, [date," ",time," ",color,"[",severity,"] ", {pid,[]}, " ",message,"\n"]},
                {date,""},
                {size,1073741824},
                {count,5}
            ]}
        ]}
    ]},
    {rabbitmq_auth_backend_ldap, [
        {servers, ["ldapserver.org.com"]},
        {dn_lookup_attribute, "userPrincipalName"},
        {dn_lookup_base, "DC=org,DC=com"},
        {user_dn_pattern, "uid=${username},ou=people,dc=org,dc=com"},
        {use_ssl, true},
        {port, 636},
        {ssl_options, [
            {cacertfile, "root.pem"},
            {certfile, "server.pem"},
            {keyfile, "key.pem"},
            {verify, verify_peer},
            {fail_if_no_peer_cert, false}
        ]},
        {timeout, 60000},
        {log, network},
        {other_bind, as_user},
        {vhost_access_query, {in_group, "cn=rmq-${vhost}-access-dev,ou=groups,dc=org,dc=com"}},
        {resource_access_query, {for, [
            {permission, configure, {for, [
                            {resource, queue, {in_group, "cn=rmq-${vhost}-${prefix}-queue,ou=groups,dc=org,dc=com"}},
                            {resource, exchange, {in_group, "cn=rmq-${vhost}-${prefix}-exch,ou=groups,dc=org,dc=com"}}]}},
            {permission, write, {for, [
                            {resource, queue, {in_group, "cn=rmq-${vhost}-${prefix}-write,ou=groups,dc=org,dc=com"}},
                            {resource, exchange, {in_group, "cn=rmq-${vhost}-${prefix}-write,ou=groups,dc=org,dc=com"}}]}},
            {permission, read, {for, [
                            {resource, exchange, {in_group, "cn=rmq-${vhost}-${prefix}-read,ou=groups,dc=org,dc=com"}},
                            {resource, queue, {in_group, "cn=rmq-${vhost}-${prefix}-read,ou=groups,dc=org,dc=com"}}]}}
            ]},
        },
        {tag_queries, [
            {administrator, {in_group, "cn=rmq-adm,ou=groups,dc=org,dc=com"}},
            {monitor, {in_group, "cn=rmq-monitor,ou=groups,dc=org,dc=com"}},
            {management, {in_group, "cn=rmq-mgmt,ou=groups,dc=org,dc=com"}}
        ]}]
    }
].
	[
	{rabbit, [
	{tcp_listeners, [{"127.0.0.1", 1672}]},
	{ssl_listeners, [1671]}, % This needs to be unique on each node
	{log_levels, [{connection, debug}]},
	{heartbeat, 30},
	{handshake_timeout, 20000},
	{consumer_timeout, 86400000},
	{ssl_handshake_timeout, 20000},
	{default_vhost, <<"default">>},
	{cluster_partition_handling, autoheal},
	{ssl_options, [
	{cacertfile, "root.pem"},
	{certfile, "server.pem"},
	{keyfile, "key.pem"},
	{verify, verify_peer},
	{fail_if_no_peer_cert, false}
	]},
	{auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_ldap]}]
	},
	{rabbitmq_management, [
	{listener, [
	{port, 1673}, % This needs to be unique on each node.
	{ssl, true},
	{ssl_options, [
	{cacertfile, "root.pem"},
	{certfile, "server.pem"},
	{keyfile, "key.pem"},
	{verify, verify_peer},
	{fail_if_no_peer_cert, false}
	]}
	]}
	]},
	{lager, [
	{error_logger_hwm, 1024},
	{handlers, [
	{lager_file_backend, [
	{file, "../logs/npd.log"},
	{level, debug},
	{formatter_config, [date," ",time," ",color,"[",severity,"] ", {pid,[]}, " ",message,"\n"]},
	{date,""},
	{size,1073741824},
	{count,5}
	]}
	]}
	]},
	{rabbitmq_auth_backend_ldap, [
	{servers, ["ldapserver.org.com"]},
	{dn_lookup_attribute, "userPrincipalName"},
	{dn_lookup_base, "DC=org,DC=com"},
	{user_dn_pattern, "uid=${username},ou=people,dc=org,dc=com"},
	{use_ssl, true},
	{port, 636},
	{ssl_options, [
	{cacertfile, "root.pem"},
	{certfile, "server.pem"},
	{keyfile, "key.pem"},
	{verify, verify_peer},
	{fail_if_no_peer_cert, false}
	]},
	{timeout, 60000},
	{log, network},
	{other_bind, as_user},
	{vhost_access_query, {in_group, "cn=rmq-${vhost}-access-dev,ou=groups,dc=org,dc=com"}},
	{resource_access_query, {for, [
	{permission, configure, {for, [
	{resource, queue, {in_group, "cn=rmq-${vhost}-${prefix}-queue,ou=groups,dc=org,dc=com"}},
	{resource, exchange, {in_group, "cn=rmq-${vhost}-${prefix}-exch,ou=groups,dc=org,dc=com"}}]}},
	{permission, write, {for, [
	{resource, queue, {in_group, "cn=rmq-${vhost}-${prefix}-write,ou=groups,dc=org,dc=com"}},
	{resource, exchange, {in_group, "cn=rmq-${vhost}-${prefix}-write,ou=groups,dc=org,dc=com"}}]}},
	{permission, read, {for, [
	{resource, exchange, {in_group, "cn=rmq-${vhost}-${prefix}-read,ou=groups,dc=org,dc=com"}},
	{resource, queue, {in_group, "cn=rmq-${vhost}-${prefix}-read,ou=groups,dc=org,dc=com"}}]}}
	]},
	},
	{tag_queries, [
	{administrator, {in_group, "cn=rmq-adm,ou=groups,dc=org,dc=com"}},
	{monitor, {in_group, "cn=rmq-monitor,ou=groups,dc=org,dc=com"}},
	{management, {in_group, "cn=rmq-mgmt,ou=groups,dc=org,dc=com"}}
	]}]
	}
	].