| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Trying to Autheticate using LDAP , IIB9 |
« View previous topic :: View next topic » |
| Author |
Message
|
| stevarg |
 Posted: Fri Mar 07, 2014 1:24 am Post subject: Trying to Autheticate using LDAP , IIB9 |
 |
|
Novice
Joined: 20 Nov 2012
Posts: 24
|
Steps completed.
1 ) Created a Security Profile with the below attributes.
a) LDAP URL : ldap://<hostname>:389
b) LDAP Base DN : OU=XXX,OU=XXX,OC=XXX.... This is the once provided by the LDAP Admin Team
c) LDAP Search Scope : sub
2) ran mqsisetdbparms with the user id password to connect to the LDAP.
mqsisetdbparsm <broker_Name> -n ldap::ldap_hostname -u userid -p password.
3) Created Message flow using the SecurityPEP node to do the authentication. Added the securityProfile in the bar file and deployed to the broker.
User Id password to be authenticated are placed in IdentitySourceToken and IdentitySourcePassword.
for eg.
User Id : ABC123
Password : 123ABC
Now authentication is not happening and getting the below mentioned error in the service Trace.
| Code: |
>> MbLDAPSecurityProvider.authenticate 'Successfully bound to LDAP server using Broker credentials'
2014-03-07 14:36:05.652224 7208 >> { MbLDAPSecurityProvider.getUserDNFromBrokerBind
2014-03-07 14:36:05.652243 7208 >> MbLDAPSecurityProvider.getUserDNFromBrokerBind 'Search for user DN under:' , 'OU=XXX,OU=XXX,OC=XXX,OU=XX,OU=XX,DC=XX,DC=XX'
2014-03-07 14:36:05.663963 7208 >> MbLDAPSecurityProvider.getUserDNFromBrokerBind file:F:\build\slot1\S000_P\src\DataFlowEngine\NativeTrace\ImbNativeTrace.cpp line:175 message:2728.BIPmsgs 'Exception searching ldap for full DN of user' , 'ldap://eabp01dc01.abrac.net:389', XXXXXXX', 'javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
'
?0000?]'
2014-03-07 14:36:05.663963 7208 >> UserTrace BIP2728E: Failed to search LDAP for user ''ldap://hostname:389'' with user name ''XXXXXX'' for binding. The following explanation was returned: 'javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
'OU=XXX,OU=XXX,DC=XXX,DC=XXX'
?0000?]'
An attempt was made to get the full Distinguished Name of ''ldap://hostname:389'', using a bind with user name ''XXXXX''.
Ensure that the user name supplied has permission to look up the given user. If necessary use mqsisetdbparms to specify a different user name and password to bind to the server. |
I tried testing throug an LDAP Client and was successful in querying using the CN attribute along with the baseDN.
I made the change in the Security Profile configuration to include CN as the LDAP Uid Attr , But still getting the above Error.... |
|
| Back to top |
|
 |
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
