MQSeries.net :: View topic - Using Security Profiles with LDAP Authentication

GeneRK4 · Posted: Tue Aug 19, 2014 4:48 am Post subject:

I am getting below error while using Security profile.

The security profile ''LDAPSP'' has specified ''LDAP'' for security processing. A message has entered a node that uses this profile and the provider is being invoked.
No action is required.
2014-08-16 21:49:27.778162 2596 UserTrace BIP2728E: Failed to search LDAP for user ''ldap://localhost:10389'' with user name ''anonymous'' for binding. The following explanation was returned: 'javax.naming.NoPermissionException: [LDAP: error code 50 - failed on search operation: Anonymous binds have been disabled!]'
An attempt was made to get the full Distinguished Name of ''ldap://localhost:10389'', using a bind with user name ''anonymous''.
Ensure that the user name supplied has permission to look up the given user. If necessary use mqsisetdbparms to specify a different user name and password to bind to the server.

=========================================
I executed
"mqsisetdbparms RadBRK1 -n ldap::localhost -u "uid=admin,ou=system" -p pass" now and still more errors are coming up,

2014-08-16 23:29:02.171981 12648 UserTrace BIP2735I: Identity has been passed to the ''LDAP'' security provider as instructed by security profile ''LDAPSP''. The following operations are requested: ''authentication'', '''', ''authorization''.
The security profile ''LDAPSP'' has specified ''LDAP'' for security processing. A message has entered a node that uses this profile and the provider is being invoked.
No action is required.
2014-08-16 23:29:02.308200 12648 UserTrace BIP2721E: Failed to bind to the LDAP server ''ldap://localhost:10389'' with user name ''uid=admin,ou=system''. Possible explanation: 'javax.naming.AuthenticationException: [LDAP: error code 49 - Bind failed: null]'
Ensure that the server address is correct.
Use mqsisetdbparms to check that the user name and password are valid.
If the user name is "anonymous", ensure that the LDAP server accepts anonymous binds.
2014-08-16 23:29:02.311482 12648 UserTrace BIP3145I: Message propagated to failure terminal; node 'SecurityTest.HTTP Input'.
Node 'SecurityTest.HTTP Input' has received an HTTP request message, but an error occurred before the message could be propagated to the output terminal. The message broker is propagating the message to the failure terminal of the node.
Examine the other messages and the message flow to determine why the message is not being received as expected. Correct this situation if possible. Perform any local error recovery processing required.
2014-08-16 23:29:02.311591 12648 SecurityException BIP2702W: The identity token type ''usernameAndPassword'', issued by ''Apache-HttpClient/4.1.1 (java 1.5)'', failed authentication with security provider ''LDAP''. (For a 'username' token type, the token is: ''wmbuser1''.)
The security provider specified failed to authenticate the provided identity token.
Ensure that the provided identity token is valid and that the specified security provider is configured to authenticate the specified identity token. If the security provider is shown as 'Cached', the authentication result is now being returned from the broker security cache. You can use the 'mqsireloadsecurity' command to clear the broker security cache. Check your security provider logs for information about why the identity token could not be authenticated.
=========================================

In LDAP ,I have checked the bind DN or user is,
uid=admin,ou=system
Password is correct as I have verified.

In SOAPUI tool,while trying to send Authentication headers for a message,
I have giving wmbuser1 which is already present LDAP.

Please let me know what I am missing here..