ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » LDAP Auth problem - WMB 6.1.0.5

Post new topic  Reply to topic
 LDAP Auth problem - WMB 6.1.0.5 « View previous topic :: View next topic » 
Author Message
tucanen
PostPosted: Thu Jun 17, 2010 11:45 pm    Post subject: LDAP Auth problem - WMB 6.1.0.5 Reply with quote

Novice

Joined: 27 Jun 2005
Posts: 22
Location: Sweden
Hi,

I get the error message "Unprocessed Continuation Reference(s)" when the security manager component of the message broker is trying to look up the Distinguished Name of the user to be authenticated.

The LDAP Directory server is MS Active Directory.

I've set up a TCP tunnel and run the LDAP communications between the broker and Active Directory through the tunnel to see what happens.

AD actually returns the proper DN of the user to be authenticated.
But it also returns an ldap:// address to another ldap server. I guess that this is an ldap referral.

Is it possible to configure the broker security manager so that it disregards from ldap referrals?

I'm also curious to find out why a referral is included in the LDAP search respose, when it already has returned the DN of the user...

As far as I can see, the broker security manager should have enough information to be able to continue with the authentication process by binding as the user id to be authenticated. But the referral seem to cause the authentication to be aborted.

Any help, tips and insights appreciated.

Kind regards,
contact admin
Back to top
View user's profile Send private message
martinb
PostPosted: Sat Jun 19, 2010 1:08 am    Post subject: Reply with quote

Master

Joined: 09 Nov 2006
Posts: 210
Location: UK
Hi contact admin,

I think perhaps the thing to focus on here to get you up and running is why the Active Directory is returning this referral to another LDAP address.

It is possible that this occurs because the BaseDN you have provided for the search to resolve the user is the same as the RootDN for the directory. In this case the Active Directory is likely returning a referral to an LDAP address that is the root DNS domain for the AD server(s). Eg if the LDAP url you gave to Broker was myad1.mycompany.com and search using a BaseDN that is to "high", (not specific to a domain in the directory) the referral is likely to be for an ldap at the DNS root mycompany.com.

I would suggest you investigate the BaseDN you have provided to the Broker for resolving your user to ensure it is unique enough to resolve to a specific domain in your directory.

HTH
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » LDAP Auth problem - WMB 6.1.0.5
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.