| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Securing MQ with Active Directory |
« View previous topic :: View next topic » |
| Author |
Message
|
| RocknRambo |
 Posted: Fri Jun 03, 2011 7:28 am Post subject: Securing MQ with Active Directory |
 |
|
Partisan
Joined: 24 Sep 2003
Posts: 355
|
Can anyone point me to the documentation/article on securing WMQ with Active Directory.
Installs and configuration are complete, I'm assuming we still can secure the environment such as access control with Active Directory
environment:
Windows 2008 server
WMQ v7.x
we are getting push back on not use OAM.
Thanks for the help
-RR |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Fri Jun 03, 2011 7:43 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
There is not, AFAIK, an out of the box way to configure ActiveDirectory to act as an Authorization Service so that you can use it INSTEAD of OAM - that is so that AD would "know" what a queue was, and know that user A could PUT or GET from that queue.
You can certainly configure AD to act as a user repository so that the OAM knows that user A can PUT or GET from a given queue.
Which are you trying to do? |
|
| Back to top |
|
|
| RocknRambo |
| Posted: Fri Jun 03, 2011 8:59 am Post subject: |
|
|
Partisan
Joined: 24 Sep 2003
Posts: 355
|
Thanks Jeff,
yes, I'm looking to achieve what said
| Quote: |
| You can certainly configure AD to act as a user repository so that the OAM knows that user A can PUT or GET from a given queue. |
can you point me put some instructions, like what's needs to be done on AD and details we need on MQ in order complete the configuration.
Thanks
--
RR |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Jun 03, 2011 9:03 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9400
Location: US: west coast, almost. Otherwise, enroute.
|
Google wmq+active+directory
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| RocknRambo |
| Posted: Fri Jun 03, 2011 9:24 am Post subject: |
|
|
Partisan
Joined: 24 Sep 2003
Posts: 355
|
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Jun 03, 2011 10:36 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
That page describes how to retrieve information about what queue manager and queues an application should access. It does not describe how to configure AD to store information about what users can access what queues or queue managers, nor how to configure the OAM to know what groups a user belongs to.
| RocknRambo wrote: |
Yes, I kinda did some home work via googling .. (may be not enough)  , and tht's where need some additional help & thoughts |
If you want to know how to enable the OAM to talk to AD, so that it can verify that AD has authenticated a given user and find out what ids it belongs to, then start here
http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/index.jsp?topic=/com.ibm.mq.amqtac.doc/wq10820_.htm
If you want to configure MQ to ask AD what users are allowed to PUT or GET to a given queue, you're on your own. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
