无法为ldap组设置对rabbitmq中的vhost的访问

Question

我正在探索Rabbitmq，无法使用ldap安全插件的设置来处理。 我想为Active Directory中的某些组提供对vhost的访问权限，并为此编写了简单的配置。

[{rabbitmq_auth_backend_ldap,[
{vhost_access_query,    {in_group, "cn=${vhost}_Test_RMQ,ou=...,ou=...,ou=...,ou=...,dc=...,dc=..."}},
{tag_queries,           [{administrator,  {in_group, "cn=Test_RMQ_Admins,ou=...,ou=...,ou=...,ou=...,dc=...,dc=..."}},
                          {management,    {constant, true}}]}
]}].

$ {vhost} _Test_RMQ的成员应该有权访问$ {vhost}。 但是，当它登录管理时，它无权访问任何虚拟主机。 无法得到什么是错的。 在Rabbitmq日志中，我看到了

2018-11-01 17:50:36.015 [info] <0.363.0>     LDAP CHECK: does testrmq@xxx.xxx have tag management?
2018-11-01 17:50:36.015 [info] <0.363.0>     LDAP evaluating query: {constant,txxxe}
2018-11-01 17:50:36.015 [info] <0.363.0>     LDAP evaluated constant: txxxe
2018-11-01 17:50:36.015 [info] <0.363.0>     LDAP DECISION: does testrmq@xxx.xxx have tag management? txxxe
2018-11-01 17:50:36.015 [info] <0.826.0> LDAP DECISION: login for testrmq@xxx.xxx: ok
2018-11-01 17:50:36.015 [info] <0.826.0> LDAP CHECK: access to vhost "Vhost1" for "testrmq@xxx.xxx"
2018-11-01 17:50:36.020 [info] <0.363.0>     LDAP bind succeeded: CN=xxxx,OU=xxxx,OU=xxxx,OU=xxxx,DC=xxxx,DC=xxxx
2018-11-01 17:50:36.021 [info] <0.363.0>     LDAP evaluating query: {in_group,"cn=${vhost}_Test_RMQ,ou=xxx,ou=Groups,ou=xxx,ou=xxx,dc=xxx,dc=xxx"}
2018-11-01 17:50:36.021 [info] <0.363.0>     LDAP evaluating query: {in_group,"cn=${vhost}_Test_RMQ,ou=xxx,ou=Groups,ou=xxx,ou=xxx,dc=xxx,dc=xxx","member"}
2018-11-01 17:50:36.021 [info] <0.363.0>         LDAP filling template "cn=${vhost}_Test_RMQ,ou=xxx,ou=Groups,ou=xxx,ou=xxx,dc=xxx,dc=xxx" with
        [{username,<<"testrmq@xxx.xxx">>},{user_dn,"CN=testrmq,OU=Accounts,OU=xxx,OU=xxx,DC=xxx,DC=xxx"},{vhost,<<"Vhost1">>}]
2018-11-01 17:50:36.021 [info] <0.363.0>         LDAP template result: "cn=Vhost1_Test_RMQ,ou=xxx,ou=Groups,ou=xxx,ou=xxx,dc=xxx,dc=xxx"
2018-11-01 17:50:36.022 [info] <0.363.0>     LDAP evaluated in_group for "cn=Vhost1_Test_RMQ,ou=xxx,ou=Groups,ou=xxx,ou=xxx,dc=xxx,dc=xxx": {error,noSuchObject}
2018-11-01 17:50:36.022 [info] <0.363.0>     LDAP evaluate error: CN=xxxx,OU=xxxx,OU=xxxx,OU=xxxx,DC=xxxx,DC=xxxx noSuchObject
2018-11-01 17:50:36.022 [info] <0.826.0> LDAP DECISION: access to vhost "Vhost1" for "testrmq@xxx.xxx": {error,ldap_evaluate_error}
2018-11-01 17:50:36.022 [error] <0.826.0> access to vhost 'Vhost1' refused for user 'testrmq@xxx.xxx', backend rabbit_auth_backend_ldap returned an error: ldap_evaluate_error