aboutsummaryrefslogtreecommitdiffhomepage
path: root/templates/etc/rabbitmq/rabbitmq.config
diff options
context:
space:
mode:
authorLarry Smith Jr <mrlesmithjr@gmail.com>2017-05-20 21:23:32 -0400
committerGitHub <noreply@github.com>2017-05-20 21:23:32 -0400
commite21afd9063945e9825e4fe541244bc788a15590f (patch)
tree2971e931788eddf51b9ec71ac063bfb951215d0c /templates/etc/rabbitmq/rabbitmq.config
parent3a55d2ab8ab3a399faaf25c4f46e7f2ea142edc6 (diff)
parenta67dde50f26e0f76d91f0744e8e8341dac95dae2 (diff)
downloadansible-rabbitmq-e21afd9063945e9825e4fe541244bc788a15590f.tar.gz
ansible-rabbitmq-e21afd9063945e9825e4fe541244bc788a15590f.tar.zst
ansible-rabbitmq-e21afd9063945e9825e4fe541244bc788a15590f.zip
Merge pull request #12 from mrlesmithjr/enhancements/issues-9-10-11
Enhancements/issues 9 10 11
Diffstat (limited to 'templates/etc/rabbitmq/rabbitmq.config')
-rw-r--r--templates/etc/rabbitmq/rabbitmq.config677
1 files changed, 677 insertions, 0 deletions
diff --git a/templates/etc/rabbitmq/rabbitmq.config b/templates/etc/rabbitmq/rabbitmq.config
new file mode 100644
index 0000000..221da01
--- /dev/null
+++ b/templates/etc/rabbitmq/rabbitmq.config
@@ -0,0 +1,677 @@
1%% -*- mode: erlang -*-
2%% ----------------------------------------------------------------------------
3%% RabbitMQ Sample Configuration File.
4%%
5%% See http://www.rabbitmq.com/configure.html for details.
6%% ----------------------------------------------------------------------------
7[
8 {rabbit,
9 [%%
10 %% Network Connectivity
11 %% ====================
12 %%
13
14 %% By default, RabbitMQ will listen on all interfaces, using
15 %% the standard (reserved) AMQP port.
16 %%
17 %% {tcp_listeners, [5672]},
18
19 %% To listen on a specific interface, provide a tuple of {IpAddress, Port}.
20 %% For example, to listen only on localhost for both IPv4 and IPv6:
21 %%
22 %% {tcp_listeners, [{"127.0.0.1", 5672},
23 %% {"::1", 5672}]},
24
25 %% SSL listeners are configured in the same fashion as TCP listeners,
26 %% including the option to control the choice of interface.
27 %%
28 %% {ssl_listeners, [5671]},
29
30 %% Number of Erlang processes that will accept connections for the TCP
31 %% and SSL listeners.
32 %%
33 %% {num_tcp_acceptors, 10},
34 %% {num_ssl_acceptors, 1},
35
36 %% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection
37 %% and SSL handshake), in milliseconds.
38 %%
39 %% {handshake_timeout, 10000},
40
41 %% Log levels (currently just used for connection logging).
42 %% One of 'debug', 'info', 'warning', 'error' or 'none', in decreasing
43 %% order of verbosity. Defaults to 'info'.
44 %%
45 %% {log_levels, [{connection, info}, {channel, info}]},
46
47 %% Set to 'true' to perform reverse DNS lookups when accepting a
48 %% connection. Hostnames will then be shown instead of IP addresses
49 %% in rabbitmqctl and the management plugin.
50 %%
51 %% {reverse_dns_lookups, true},
52
53 %%
54 %% Security / AAA
55 %% ==============
56 %%
57
58 %% The default "guest" user is only permitted to access the server
59 %% via a loopback interface (e.g. localhost).
60 %% {loopback_users, [<<"guest">>]},
61 %%
62 %% Uncomment the following line if you want to allow access to the
63 %% guest user from anywhere on the network.
64 %% {loopback_users, []},
65
66 %% Configuring SSL.
67 %% See http://www.rabbitmq.com/ssl.html for full documentation.
68 %%
69 %% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"},
70 %% {certfile, "/path/to/server/cert.pem"},
71 %% {keyfile, "/path/to/server/key.pem"},
72 %% {verify, verify_peer},
73 %% {fail_if_no_peer_cert, false}]},
74
75 %% Choose the available SASL mechanism(s) to expose.
76 %% The two default (built in) mechanisms are 'PLAIN' and
77 %% 'AMQPLAIN'. Additional mechanisms can be added via
78 %% plugins.
79 %%
80 %% See http://www.rabbitmq.com/authentication.html for more details.
81 %%
82 %% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']},
83
84 %% Select an authentication database to use. RabbitMQ comes bundled
85 %% with a built-in auth-database, based on mnesia.
86 %%
87 %% {auth_backends, [rabbit_auth_backend_internal]},
88
89 %% Configurations supporting the rabbitmq_auth_mechanism_ssl and
90 %% rabbitmq_auth_backend_ldap plugins.
91 %%
92 %% NB: These options require that the relevant plugin is enabled.
93 %% See http://www.rabbitmq.com/plugins.html for further details.
94
95 %% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to
96 %% authenticate a user based on the client's SSL certificate.
97 %%
98 %% To use auth-mechanism-ssl, add to or replace the auth_mechanisms
99 %% list with the entry 'EXTERNAL'.
100 %%
101 %% {auth_mechanisms, ['EXTERNAL']},
102
103 %% The rabbitmq_auth_backend_ldap plugin allows the broker to
104 %% perform authentication and authorisation by deferring to an
105 %% external LDAP server.
106 %%
107 %% For more information about configuring the LDAP backend, see
108 %% http://www.rabbitmq.com/ldap.html.
109 %%
110 %% Enable the LDAP auth backend by adding to or replacing the
111 %% auth_backends entry:
112 %%
113 %% {auth_backends, [rabbit_auth_backend_ldap]},
114
115 %% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and
116 %% STOMP ssl_cert_login configurations. See the rabbitmq_stomp
117 %% configuration section later in this file and the README in
118 %% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further
119 %% details.
120 %%
121 %% To use the SSL cert's CN instead of its DN as the username
122 %%
123 %% {ssl_cert_login_from, common_name},
124
125 %% SSL handshake timeout, in milliseconds.
126 %%
127 %% {ssl_handshake_timeout, 5000},
128
129 %% Password hashing implementation. Will only affect newly
130 %% created users. To recalculate hash for an existing user
131 %% it's necessary to update her password.
132 %%
133 %% {password_hashing_module, rabbit_password_hashing_sha256},
134
135 %% Configuration entry encryption.
136 %% See http://www.rabbitmq.com/configure.html#configuration-encryption
137 %%
138 %% To specify the passphrase in the configuration file:
139 %%
140 %% {config_entry_decoder, [{passphrase, <<"mypassphrase">>}]}
141 %%
142 %% To specify the passphrase in an external file:
143 %%
144 %% {config_entry_decoder, [{passphrase, {file, "/path/to/passphrase/file"}}]}
145 %%
146 %% To make the broker request the passphrase when it starts:
147 %%
148 %% {config_entry_decoder, [{passphrase, prompt}]}
149 %%
150 %% To change encryption settings:
151 %%
152 %% {config_entry_decoder, [{cipher, aes_cbc256},
153 %% {hash, sha512},
154 %% {iterations, 1000}]}
155
156 %%
157 %% Default User / VHost
158 %% ====================
159 %%
160
161 %% On first start RabbitMQ will create a vhost and a user. These
162 %% config items control what gets created. See
163 %% http://www.rabbitmq.com/access-control.html for further
164 %% information about vhosts and access control.
165 %%
166 %% {default_vhost, <<"/">>},
167 %% {default_user, <<"guest">>},
168 %% {default_pass, <<"guest">>},
169 %% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]},
170
171 %% Tags for default user
172 %%
173 %% For more details about tags, see the documentation for the
174 %% Management Plugin at http://www.rabbitmq.com/management.html.
175 %%
176 %% {default_user_tags, [administrator]},
177
178 %%
179 %% Additional network and protocol related configuration
180 %% =====================================================
181 %%
182
183 %% Set the default AMQP heartbeat delay (in seconds).
184 %%
185 %% {heartbeat, 60},
186
187 %% Set the max permissible size of an AMQP frame (in bytes).
188 %%
189 %% {frame_max, 131072},
190
191 %% Set the max frame size the server will accept before connection
192 %% tuning occurs
193 %%
194 %% {initial_frame_max, 4096},
195
196 %% Set the max permissible number of channels per connection.
197 %% 0 means "no limit".
198 %%
199 %% {channel_max, 128},
200
201 %% Customising Socket Options.
202 %%
203 %% See (http://www.erlang.org/doc/man/inet.html#setopts-2) for
204 %% further documentation.
205 %%
206 %% {tcp_listen_options, [{backlog, 128},
207 %% {nodelay, true},
208 %% {exit_on_close, false}]},
209
210 %%
211 %% Resource Limits & Flow Control
212 %% ==============================
213 %%
214 %% See http://www.rabbitmq.com/memory.html for full details.
215
216 %% Memory-based Flow Control threshold.
217 %%
218 %% {vm_memory_high_watermark, 0.4},
219
220 %% Alternatively, we can set a limit (in bytes) of RAM used by the node.
221 %%
222 %% {vm_memory_high_watermark, {absolute, 1073741824}},
223 %%
224 %% Or you can set absolute value using memory units.
225 %%
226 %% {vm_memory_high_watermark, {absolute, "1024M"}},
227 %%
228 %% Supported units suffixes:
229 %%
230 %% k, kiB: kibibytes (2^10 bytes)
231 %% M, MiB: mebibytes (2^20)
232 %% G, GiB: gibibytes (2^30)
233 %% kB: kilobytes (10^3)
234 %% MB: megabytes (10^6)
235 %% GB: gigabytes (10^9)
236
237 %% Fraction of the high watermark limit at which queues start to
238 %% page message out to disc in order to free up memory.
239 %%
240 %% Values greater than 0.9 can be dangerous and should be used carefully.
241 %%
242 %% {vm_memory_high_watermark_paging_ratio, 0.5},
243
244 %% Interval (in milliseconds) at which we perform the check of the memory
245 %% levels against the watermarks.
246 %%
247 %% {memory_monitor_interval, 2500},
248
249 %% Set disk free limit (in bytes). Once free disk space reaches this
250 %% lower bound, a disk alarm will be set - see the documentation
251 %% listed above for more details.
252 %%
253 %% {disk_free_limit, 50000000},
254 %%
255 %% Or you can set it using memory units (same as in vm_memory_high_watermark)
256 %% {disk_free_limit, "50MB"},
257 %% {disk_free_limit, "50000kB"},
258 %% {disk_free_limit, "2GB"},
259
260 %% Alternatively, we can set a limit relative to total available RAM.
261 %%
262 %% Values lower than 1.0 can be dangerous and should be used carefully.
263 %% {disk_free_limit, {mem_relative, 2.0}},
264
265 %%
266 %% Misc/Advanced Options
267 %% =====================
268 %%
269 %% NB: Change these only if you understand what you are doing!
270 %%
271
272 %% To announce custom properties to clients on connection:
273 %%
274 %% {server_properties, []},
275
276 %% How to respond to cluster partitions.
277 %% See http://www.rabbitmq.com/partitions.html for further details.
278 %%
279 %% {cluster_partition_handling, ignore},
280
281 %% Make clustering happen *automatically* at startup - only applied
282 %% to nodes that have just been reset or started for the first time.
283 %% See http://www.rabbitmq.com/clustering.html#auto-config for
284 %% further details.
285 %%
286 %% {cluster_nodes, {['rabbit@my.host.com'], disc}},
287
288 %% Interval (in milliseconds) at which we send keepalive messages
289 %% to other cluster members. Note that this is not the same thing
290 %% as net_ticktime; missed keepalive messages will not cause nodes
291 %% to be considered down.
292 %%
293 %% {cluster_keepalive_interval, 10000},
294
295 %% Set (internal) statistics collection granularity.
296 %%
297 %% {collect_statistics, none},
298
299 %% Statistics collection interval (in milliseconds).
300 %%
301 %% {collect_statistics_interval, 5000},
302
303 %% Explicitly enable/disable hipe compilation.
304 %%
305 %% {hipe_compile, true},
306
307 %% Number of times to retry while waiting for Mnesia tables in a cluster to
308 %% become available.
309 %%
310 %% {mnesia_table_loading_retry_limit, 10},
311
312 %% Time to wait per retry for Mnesia tables in a cluster to become
313 %% available.
314 %%
315 %% {mnesia_table_loading_retry_timeout, 30000},
316
317 %% Size in bytes below which to embed messages in the queue index. See
318 %% http://www.rabbitmq.com/persistence-conf.html
319 %%
320 %% {queue_index_embed_msgs_below, 4096},
321
322 %% Whether or not to enable background GC.
323 %%
324 %% {background_gc_enabled, true},
325 %%
326 %% Interval (in milliseconds) at which we run background GC.
327 %%
328 %% {background_gc_target_interval, 60000}
329
330 ]},
331
332 %% ----------------------------------------------------------------------------
333 %% Advanced Erlang Networking/Clustering Options.
334 %%
335 %% See http://www.rabbitmq.com/clustering.html for details
336 %% ----------------------------------------------------------------------------
337 {kernel,
338 [%% Sets the net_kernel tick time.
339 %% Please see http://erlang.org/doc/man/kernel_app.html and
340 %% http://www.rabbitmq.com/nettick.html for further details.
341 %%
342 %% {net_ticktime, 60}
343 ]},
344
345 %% ----------------------------------------------------------------------------
346 %% RabbitMQ Management Plugin
347 %%
348 %% See http://www.rabbitmq.com/management.html for details
349 %% ----------------------------------------------------------------------------
350
351 {rabbitmq_management,
352 [%% Pre-Load schema definitions from the following JSON file. See
353 %% http://www.rabbitmq.com/management.html#load-definitions
354 %%
355 %% {load_definitions, "/path/to/schema.json"},
356
357 %% Log all requests to the management HTTP API to a file.
358 %%
359 %% {http_log_dir, "/path/to/access.log"},
360
361 %% Change the port on which the HTTP listener listens,
362 %% specifying an interface for the web server to bind to.
363 %% Also set the listener to use SSL and provide SSL options.
364 %%
365 %% {listener, [{port, 12345},
366 %% {ip, "127.0.0.1"},
367 %% {ssl, true},
368 %% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"},
369 %% {certfile, "/path/to/cert.pem"},
370 %% {keyfile, "/path/to/key.pem"}]}]},
371
372 %% One of 'basic', 'detailed' or 'none'. See
373 %% http://www.rabbitmq.com/management.html#fine-stats for more details.
374 %% {rates_mode, basic},
375
376 %% Configure how long aggregated data (such as message rates and queue
377 %% lengths) is retained. Please read the plugin's documentation in
378 %% http://www.rabbitmq.com/management.html#configuration for more
379 %% details.
380 %%
381 %% {sample_retention_policies,
382 %% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]},
383 %% {basic, [{60, 5}, {3600, 60}]},
384 %% {detailed, [{10, 5}]}]}
385 ]},
386
387 %% ----------------------------------------------------------------------------
388 %% RabbitMQ Shovel Plugin
389 %%
390 %% See http://www.rabbitmq.com/shovel.html for details
391 %% ----------------------------------------------------------------------------
392
393 {rabbitmq_shovel,
394 [{shovels,
395 [%% A named shovel worker.
396 %% {my_first_shovel,
397 %% [
398
399 %% List the source broker(s) from which to consume.
400 %%
401 %% {sources,
402 %% [%% URI(s) and pre-declarations for all source broker(s).
403 %% {brokers, ["amqp://user:password@host.domain/my_vhost"]},
404 %% {declarations, []}
405 %% ]},
406
407 %% List the destination broker(s) to publish to.
408 %% {destinations,
409 %% [%% A singular version of the 'brokers' element.
410 %% {broker, "amqp://"},
411 %% {declarations, []}
412 %% ]},
413
414 %% Name of the queue to shovel messages from.
415 %%
416 %% {queue, <<"your-queue-name-goes-here">>},
417
418 %% Optional prefetch count.
419 %%
420 %% {prefetch_count, 10},
421
422 %% when to acknowledge messages:
423 %% - no_ack: never (auto)
424 %% - on_publish: after each message is republished
425 %% - on_confirm: when the destination broker confirms receipt
426 %%
427 %% {ack_mode, on_confirm},
428
429 %% Overwrite fields of the outbound basic.publish.
430 %%
431 %% {publish_fields, [{exchange, <<"my_exchange">>},
432 %% {routing_key, <<"from_shovel">>}]},
433
434 %% Static list of basic.properties to set on re-publication.
435 %%
436 %% {publish_properties, [{delivery_mode, 2}]},
437
438 %% The number of seconds to wait before attempting to
439 %% reconnect in the event of a connection failure.
440 %%
441 %% {reconnect_delay, 2.5}
442
443 %% ]} %% End of my_first_shovel
444 ]}
445 %% Rather than specifying some values per-shovel, you can specify
446 %% them for all shovels here.
447 %%
448 %% {defaults, [{prefetch_count, 0},
449 %% {ack_mode, on_confirm},
450 %% {publish_fields, []},
451 %% {publish_properties, [{delivery_mode, 2}]},
452 %% {reconnect_delay, 2.5}]}
453 ]},
454
455 %% ----------------------------------------------------------------------------
456 %% RabbitMQ Stomp Adapter
457 %%
458 %% See http://www.rabbitmq.com/stomp.html for details
459 %% ----------------------------------------------------------------------------
460
461 {rabbitmq_stomp,
462 [%% Network Configuration - the format is generally the same as for the broker
463
464 %% Listen only on localhost (ipv4 & ipv6) on a specific port.
465 %% {tcp_listeners, [{"127.0.0.1", 61613},
466 %% {"::1", 61613}]},
467
468 %% Listen for SSL connections on a specific port.
469 %% {ssl_listeners, [61614]},
470
471 %% Number of Erlang processes that will accept connections for the TCP
472 %% and SSL listeners.
473 %%
474 %% {num_tcp_acceptors, 10},
475 %% {num_ssl_acceptors, 1},
476
477 %% Additional SSL options
478
479 %% Extract a name from the client's certificate when using SSL.
480 %%
481 %% {ssl_cert_login, true},
482
483 %% Set a default user name and password. This is used as the default login
484 %% whenever a CONNECT frame omits the login and passcode headers.
485 %%
486 %% Please note that setting this will allow clients to connect without
487 %% authenticating!
488 %%
489 %% {default_user, [{login, "guest"},
490 %% {passcode, "guest"}]},
491
492 %% If a default user is configured, or you have configured use SSL client
493 %% certificate based authentication, you can choose to allow clients to
494 %% omit the CONNECT frame entirely. If set to true, the client is
495 %% automatically connected as the default user or user supplied in the
496 %% SSL certificate whenever the first frame sent on a session is not a
497 %% CONNECT frame.
498 %%
499 %% {implicit_connect, true}
500 ]},
501
502 %% ----------------------------------------------------------------------------
503 %% RabbitMQ MQTT Adapter
504 %%
505 %% See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md
506 %% for details
507 %% ----------------------------------------------------------------------------
508
509 {rabbitmq_mqtt,
510 [%% Set the default user name and password. Will be used as the default login
511 %% if a connecting client provides no other login details.
512 %%
513 %% Please note that setting this will allow clients to connect without
514 %% authenticating!
515 %%
516 %% {default_user, <<"guest">>},
517 %% {default_pass, <<"guest">>},
518
519 %% Enable anonymous access. If this is set to false, clients MUST provide
520 %% login information in order to connect. See the default_user/default_pass
521 %% configuration elements for managing logins without authentication.
522 %%
523 %% {allow_anonymous, true},
524
525 %% If you have multiple chosts, specify the one to which the
526 %% adapter connects.
527 %%
528 %% {vhost, <<"/">>},
529
530 %% Specify the exchange to which messages from MQTT clients are published.
531 %%
532 %% {exchange, <<"amq.topic">>},
533
534 %% Specify TTL (time to live) to control the lifetime of non-clean sessions.
535 %%
536 %% {subscription_ttl, 1800000},
537
538 %% Set the prefetch count (governing the maximum number of unacknowledged
539 %% messages that will be delivered).
540 %%
541 %% {prefetch, 10},
542
543 %% TCP/SSL Configuration (as per the broker configuration).
544 %%
545 %% {tcp_listeners, [1883]},
546 %% {ssl_listeners, []},
547
548 %% Number of Erlang processes that will accept connections for the TCP
549 %% and SSL listeners.
550 %%
551 %% {num_tcp_acceptors, 10},
552 %% {num_ssl_acceptors, 1},
553
554 %% TCP/Socket options (as per the broker configuration).
555 %%
556 %% {tcp_listen_options, [{backlog, 128},
557 %% {nodelay, true}]}
558 ]},
559
560 %% ----------------------------------------------------------------------------
561 %% RabbitMQ AMQP 1.0 Support
562 %%
563 %% See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md
564 %% for details
565 %% ----------------------------------------------------------------------------
566
567 {rabbitmq_amqp1_0,
568 [%% Connections that are not authenticated with SASL will connect as this
569 %% account. See the README for more information.
570 %%
571 %% Please note that setting this will allow clients to connect without
572 %% authenticating!
573 %%
574 %% {default_user, "guest"},
575
576 %% Enable protocol strict mode. See the README for more information.
577 %%
578 %% {protocol_strict_mode, false}
579 ]},
580
581 %% ----------------------------------------------------------------------------
582 %% RabbitMQ LDAP Plugin
583 %%
584 %% See http://www.rabbitmq.com/ldap.html for details.
585 %%
586 %% ----------------------------------------------------------------------------
587
588 {rabbitmq_auth_backend_ldap,
589 [%%
590 %% Connecting to the LDAP server(s)
591 %% ================================
592 %%
593
594 %% Specify servers to bind to. You *must* set this in order for the plugin
595 %% to work properly.
596 %%
597 %% {servers, ["your-server-name-goes-here"]},
598
599 %% Connect to the LDAP server using SSL
600 %%
601 %% {use_ssl, false},
602
603 %% Specify the LDAP port to connect to
604 %%
605 %% {port, 389},
606
607 %% LDAP connection timeout, in milliseconds or 'infinity'
608 %%
609 %% {timeout, infinity},
610
611 %% Enable logging of LDAP queries.
612 %% One of
613 %% - false (no logging is performed)
614 %% - true (verbose logging of the logic used by the plugin)
615 %% - network (as true, but additionally logs LDAP network traffic)
616 %%
617 %% Defaults to false.
618 %%
619 %% {log, false},
620
621 %%
622 %% Authentication
623 %% ==============
624 %%
625
626 %% Pattern to convert the username given through AMQP to a DN before
627 %% binding
628 %%
629 %% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"},
630
631 %% Alternatively, you can convert a username to a Distinguished
632 %% Name via an LDAP lookup after binding. See the documentation for
633 %% full details.
634
635 %% When converting a username to a dn via a lookup, set these to
636 %% the name of the attribute that represents the user name, and the
637 %% base DN for the lookup query.
638 %%
639 %% {dn_lookup_attribute, "userPrincipalName"},
640 %% {dn_lookup_base, "DC=gopivotal,DC=com"},
641
642 %% Controls how to bind for authorisation queries and also to
643 %% retrieve the details of users logging in without presenting a
644 %% password (e.g., SASL EXTERNAL).
645 %% One of
646 %% - as_user (to bind as the authenticated user - requires a password)
647 %% - anon (to bind anonymously)
648 %% - {UserDN, Password} (to bind with a specified user name and password)
649 %%
650 %% Defaults to 'as_user'.
651 %%
652 %% {other_bind, as_user},
653
654 %%
655 %% Authorisation
656 %% =============
657 %%
658
659 %% The LDAP plugin can perform a variety of queries against your
660 %% LDAP server to determine questions of authorisation. See
661 %% http://www.rabbitmq.com/ldap.html#authorisation for more
662 %% information.
663
664 %% Set the query to use when determining vhost access
665 %%
666 %% {vhost_access_query, {in_group,
667 %% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}},
668
669 %% Set the query to use when determining resource (e.g., queue) access
670 %%
671 %% {resource_access_query, {constant, true}},
672
673 %% Set queries to determine which tags a user has
674 %%
675 %% {tag_queries, []}
676 ]}
677].