ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » LDAP with SSL (LDAPS) in WMB 6.1.0.9

Post new topic  Reply to topic
 LDAP with SSL (LDAPS) in WMB 6.1.0.9 « View previous topic :: View next topic » 
Author Message
ravilegolas
PostPosted: Fri Jul 03, 2015 4:30 am    Post subject: LDAP with SSL (LDAPS) in WMB 6.1.0.9 Reply with quote

Novice

Joined: 04 Sep 2012
Posts: 15
Hello All,
We are facing a problem while connecting to LDAP server with SSL enabled. We are able to successfully connect to LDAP without SSL. However we are getting the following error when we are trying to connect to LDAP with SSL. Please find below the error message:

Code:
2015-07-03 08:24:55.569731 Execution group started. UUID is: 'e6f9c2cb-3f01-0000-0080-gdug'. Broker is: MBDX
Exception in thread "Thread-16" <com.ibm.broker.plugin.MbConfigurationException class:MbLDAPSecurityProvider method:authenticate source:BIPv610 key:2721 >
        at com.ibm.broker.securityProviders.MbLDAPSecurityProvider.authenticate(MbLDAPSecurityProvider.java:449)
Exception in thread "Thread-16" <com.ibm.broker.plugin.MbConfigurationException class:MbLDAPSecurityProvider method:authenticate source:BIPv610 key:2721 >
        at com.ibm.broker.securityProviders.MbLDAPSecurityProvider.authenticate(MbLDAPSecurityProvider.java:449)
Exception in thread "Thread-16" <com.ibm.broker.plugin.MbConfigurationException class:MbLDAPSecurityProvider method:authenticate source:BIPv610 key:2721 >
        at com.ibm.broker.securityProviders.MbLDAPSecurityProvider.authenticate(MbLDAPSecurityProvider.java:449)


We are able to connect to LDAP using SSL from Windows XP machine but unable to do so in AIX box. Has anyone faced a similar issue. There is no documentation on LDAP with SSL by IBM.

We have configured the security profile as well as broker trust store properly.

Thanks,
Ravi
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Fri Jul 03, 2015 5:04 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
Did you set up the SSL infrastructure for the broker? For the eg?
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
ravilegolas
PostPosted: Fri Jul 03, 2015 6:57 am    Post subject: Reply with quote

Novice

Joined: 04 Sep 2012
Posts: 15
Hi,
We have set up the SSL infrastructure for the broker.

We ran the following command to import the certificate into trust store:
keytool -import -trustcacerts -alias aliascert -file /var/tmp/certificate/ldap.cer -keystore cacerts

After which we set the path to the Broker registry using the following command:
mqsichangeproperties MBDX -o BrokerRegistry -n brokerTruststoreFile -v /opt/IBM/mqsi/6.1/jre15/lib/security/cacerts

We ran the below command to add certificate path to the LDAP profile which we created:
mqsichangeproperties MBDX -c SecurityProfiles -o Profile1 -n trustStore -v /opt/IBM/mqsi/6.1/jre15/lib/security/cacerts

and ran the mqsisetdbparms command to set the password to broker
mqsisetdbparms MBDX -n brokerTruststore::password -u ignore –p changeit

Please let me know if you need any other information.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » LDAP with SSL (LDAPS) in WMB 6.1.0.9
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.