ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » MQ client security with LDAP

Post new topic  Reply to topic
 MQ client security with LDAP « View previous topic :: View next topic » 
Author Message
Sam Uppu
PostPosted: Thu Apr 28, 2011 4:35 pm    Post subject: MQ client security with LDAP Reply with quote

Yatiri

Joined: 11 Nov 2008
Posts: 610
Hi Guys,
We are using MQ v7 on Linux. The client wants to administer their QMgrs(running on Linux) from their desktop. For that I came up with creating a user group on the Qmgr server and added all the network users who wanted to administer the MQ. The permissions are provided for the group with setmqaut. Now we need to restrict the client channel from unauthorized users accessing the QMgrs. For this I suggested to use either SSL or security exit(BlockIP2) but the client wants to use LDAP. Not sure whether we can setup client channel security with LDAP.

Please advice.

Thanks.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Thu Apr 28, 2011 7:10 pm    Post subject: Re: MQ client security with LDAP Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20697
Location: LI,NY
Sam Uppu wrote:
Hi Guys,
We are using MQ v7 on Linux. The client wants to administer their QMgrs(running on Linux) from their desktop. For that I came up with creating a user group on the Qmgr server and added all the network users who wanted to administer the MQ. The permissions are provided for the group with setmqaut. Now we need to restrict the client channel from unauthorized users accessing the QMgrs. For this I suggested to use either SSL or security exit(BlockIP2) but the client wants to use LDAP. Not sure whether we can setup client channel security with LDAP.

Please advice.

Thanks.

The only way to secure a client channel is to use an mcauser WITH SSL OR use a security exit.

My guess is that your client is going with the security exit, expecting it to set the user on the channel. Thus the LDAP could specify to the system the user group the user is in and allow for corresponding authorizations on the box without the user having necessarily a traditional account on the box...

Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
RogerLacroix
PostPosted: Thu Apr 28, 2011 9:15 pm    Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3253
Location: London, ON Canada
Hello Sam,

Please have a look at MQ Authenticate User Security Exit (MQAUSX) at http://www.capitalware.biz/mqausx_overview.html as it does exactly what you are looking for.

We offer free trials of MQAUSX (which includes free support).

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » MQ client security with LDAP
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.