Posted: Fri Jul 03, 2015 4:30 am Post subject: LDAP with SSL (LDAPS) in WMB 6.1.0.9
Novice
Joined: 04 Sep 2012 Posts: 15
Hello All,
We are facing a problem while connecting to LDAP server with SSL enabled. We are able to successfully connect to LDAP without SSL. However we are getting the following error when we are trying to connect to LDAP with SSL. Please find below the error message:
Code:
2015-07-03 08:24:55.569731 Execution group started. UUID is: 'e6f9c2cb-3f01-0000-0080-gdug'. Broker is: MBDX
Exception in thread "Thread-16" <com.ibm.broker.plugin.MbConfigurationException class:MbLDAPSecurityProvider method:authenticate source:BIPv610 key:2721 >
at com.ibm.broker.securityProviders.MbLDAPSecurityProvider.authenticate(MbLDAPSecurityProvider.java:449)
Exception in thread "Thread-16" <com.ibm.broker.plugin.MbConfigurationException class:MbLDAPSecurityProvider method:authenticate source:BIPv610 key:2721 >
at com.ibm.broker.securityProviders.MbLDAPSecurityProvider.authenticate(MbLDAPSecurityProvider.java:449)
Exception in thread "Thread-16" <com.ibm.broker.plugin.MbConfigurationException class:MbLDAPSecurityProvider method:authenticate source:BIPv610 key:2721 >
at com.ibm.broker.securityProviders.MbLDAPSecurityProvider.authenticate(MbLDAPSecurityProvider.java:449)
We are able to connect to LDAP using SSL from Windows XP machine but unable to do so in AIX box. Has anyone faced a similar issue. There is no documentation on LDAP with SSL by IBM.
We have configured the security profile as well as broker trust store properly.
Hi,
We have set up the SSL infrastructure for the broker.
We ran the following command to import the certificate into trust store:
keytool -import -trustcacerts -alias aliascert -file /var/tmp/certificate/ldap.cer -keystore cacerts
After which we set the path to the Broker registry using the following command:
mqsichangeproperties MBDX -o BrokerRegistry -n brokerTruststoreFile -v /opt/IBM/mqsi/6.1/jre15/lib/security/cacerts
We ran the below command to add certificate path to the LDAP profile which we created:
mqsichangeproperties MBDX -c SecurityProfiles -o Profile1 -n trustStore -v /opt/IBM/mqsi/6.1/jre15/lib/security/cacerts
and ran the mqsisetdbparms command to set the password to broker
mqsisetdbparms MBDX -n brokerTruststore::password -u ignore –p changeit
Please let me know if you need any other information.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum