| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Issues configuring mq web console to use LDAP users |
« View previous topic :: View next topic » |
| Author |
Message
|
| gavze007 |
 Posted: Tue Jan 08, 2019 7:04 am Post subject: Issues configuring mq web console to use LDAP users |
 |
|
Novice
Joined: 28 Mar 2018
Posts: 19
|
Hi,
I'm running MQ 9.1.1 on a container, and I changed the mqwebuser.xml file to use ldap according to IBM's example.
My LDAP provider supports on TLSv1.2 over LDAPS (636)
When trying to login with an LDAP user, I get the following exceptions (I replaced the ldap server with <ldapserver>:
com.ibm.wsspi.security.wim.exception.WIMSystemException: CWIML4520E: The LDAP operation could not be completed. The LDAP naming exception javax.naming.CommunicationException: <ldapserver>:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty] occurred during processing.
These are the relevant parts on the configuration file, again, replaced the details with general names:
| Code: |
<ldapRegistry id="ldap" realm="ldapprovider"
host="ldapserver.com" port="636" ignoreCase="true"
baseDN="basedn"
bindDN="binduser"
bindPassword="bindpass"
ldapType="Microsoft Active Directory"
sslEnabled="true"
sslRef="LDAPSSLSettings">
<activedFilters
userFilter="(&(uid=%v)(objectcategory=inetOrgPerson))"
groupFilter="(&(cn=%v)(objectcategory=groupofUniqueNames))"
userIdMap="user:inetOrgPerson"
groupIdMap="*:cn"
groupMemberIdMap="memberOf:uniqueMember" >
</activedFilters>
</ldapRegistry>
<keyStore id="LDAPKeyStore" location="/var/mqm/web/installations/Installation1/servers/mqweb/LDAPkey.jks" type="JKS" password="xxx"/>
<keyStore id="LDAPTrustStore" location="/var/mqm/web/installations/Installation1/servers/mqweb/LDAPtrust.jks" type="JKS" password="xxx"/>
<ssl id="LDAPSSLSettings" clientAuthenticationSupported="true" keyStoreRef="LDAPKeyStore" trustStoreRef="LDAPTrustStore" sslProtocol="TLSv1.2" serverKeyAlias="webcert"/>
|
What am I missing?
mqm user has access to all relevant files.
Thanks |
|
| Back to top |
|
 |
| hughson |
| Posted: Tue Jan 08, 2019 3:03 pm Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
Is it possible that your truststore is empty? Assuming that it does exist and the user has access to it, empty is the other possibility for this error message.
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
