| Author |
Message
|
| cxzchen |
 Posted: Thu Apr 13, 2017 9:06 am Post subject: IIB - Java user-defined input Node with security identity |
 |
|
Newbie
Joined: 13 Apr 2017
Posts: 3
|
| Hi, I would like to develop a Java user-defined node to query AD(Active Directory), not for authentication. The LDAP API of java needs credential (user name and password) to set up a connection or session with AD server. I know I can set up user name and password as node properties but this is not preferred way. How can I do it like other input nodes like MQInputNode to have a security identity as property. thank you |
|
| Back to top |
|
 |
| Vitor |
| Posted: Thu Apr 13, 2017 9:11 am Post subject: Re: IIB - Java user-defined input Node with security identit |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| cxzchen wrote: |
| Hi, I would like to develop a Java user-defined node to query AD(Active Directory), not for authentication. |
Then why? What attributes are you after?
I wonder if there's an easier way to achieve your requirement - a user-defined node should be the last recourse (and not to say that's not where you'll end up eventually). Why not (spit-balling here) use a REST API to interrogate AD?
I leave my more Java literate associates to comment on your actual question.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| cxzchen |
| Posted: Thu Apr 13, 2017 9:49 am Post subject: Re: IIB - Java user-defined input Node with security identit |
|
|
Newbie
Joined: 13 Apr 2017
Posts: 3
|
| Vitor wrote: |
| cxzchen wrote: |
| Hi, I would like to develop a Java user-defined node to query AD(Active Directory), not for authentication. |
Then why? What attributes are you after?
I wonder if there's an easier way to achieve your requirement - a user-defined node should be the last recourse (and not to say that's not where you'll end up eventually). Why not (spit-balling here) use a REST API to interrogate AD?
I leave my more Java literate associates to comment on your actual question. |
Thank for the quick reply. For sure I will use user-defined node in Java. The property/attribute is "Security Identity". The problem here is how the node implementation look up the user name and password given the security identity. The security identity is set up by running mqsidbparams ... thanks again |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Apr 13, 2017 10:05 am Post subject: Re: IIB - Java user-defined input Node with security identit |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| cxzchen wrote: |
| The property/attribute is "Security Identity". |
Which I feel certain is available through the AD API.
| cxzchen wrote: |
| The problem here is how the node implementation look up the user name and password given the security identity. |
Like I said, outside my area of knowledge. Someone more helpful will undoubtedly be along in a moment.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Apr 13, 2017 10:15 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
What are you trying to get from AD?
Why are you trying to get it inside IIB?
Why are you trying to use Java code to get it?
Are there any methods in the Java user defined API for accessing security profiles?
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| cxzchen |
| Posted: Fri Apr 14, 2017 1:02 pm Post subject: |
|
|
Newbie
Joined: 13 Apr 2017
Posts: 3
|
| mqjeff wrote: |
What are you trying to get from AD?
Why are you trying to get it inside IIB?
Why are you trying to use Java code to get it?
Are there any methods in the Java user defined API for accessing security profiles? |
some attributes like email address etc.
I want to use user-defined node in Java. no current build-in nodes support this
That is the question I want to ask you if there is any API to get the credentail given the security identity |
|
| Back to top |
|
|
| joebuckeye |
| Posted: Mon Apr 17, 2017 4:49 am Post subject: |
|
|
Partisan
Joined: 24 Aug 2007
Posts: 365
Location: Columbus, OH
|
Doesn't it make it less secure if there is an API to access the security profile credentials (mainly password)?
I know you can use mqsireportdbparms to get the id used in a security profile but not the password.
I wish there was a way I could access security profiles via ESQL when building a non-SOAP request that needed username/password. It only works for protocols that have well defined places where username and passwords are needed. |
|
| Back to top |
|
|
|
|
