ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexWebSphere Message Broker SupportCannot set up LDAP authentication with ACE

Post new topicReply to topic
Cannot set up LDAP authentication with ACE View previous topic :: View next topic
Author Message
pmarie
PostPosted: Wed Oct 23, 2019 3:03 am Post subject: Cannot set up LDAP authentication with ACE Reply with quote

Novice

Joined: 04 Apr 2002
Posts: 22

I am working with ACE 11.0.0.5 at a customer's and I am requested to set up LDAP authentication with ACE.

I first tried to change the contents of the "node.conf.yaml" file with the following statements:

Admin Security:
# Authentication
basicAuth: true # Clients web user name and password will be authenticated when set true
ldapUrl: 'ldap://***' # ldap search url
ldapBindDn: 'ldap::*****' # Resource alias
ldapBindPassword: 'ldap::****' # Resource alias
# Authorization
#adminSecurity: 'inactive' # Used to enable Authorization. Clients web user role will be authorized when set active
#authMode: 'file' # Set admin authorization mode. Choose 1 of : file or mq

This produced the following error messages in the log:

Oct 23 12:09:12 lxasdkpww20005 ACE[128392]: IBM App Connect Enterprise v11005 (DEV-NODE.HTTPListener) [Thread 128481] (Msg 1/1) BIP2785W: An unexpected object name 'Admin Security' was encountered whilst loading a YAML configuration.
Oct 23 12:09:12 lxasdkpww20005 ACE[128392]: IBM App Connect Enterprise v11005 (DEV-NODE.HTTPListener) [Thread 128481] (Msg 1/1) BIP2786W: An unexpected property 'Admin Security/basicAuth' with value 'true' was encountered when loading a YAML configuration.
Oct 23 12:09:12 lxasdkpww20005 ACE[128392]: IBM App Connect Enterprise v11005 (DEV-NODE.HTTPListener) [Thread 128481] (Msg 1/1) BIP2786W: An unexpected property 'Admin Security/ldapBindDn' with value 'ldap::***' was encountered when loading a YAML configuration.
Oct 23 12:09:12 lxasdkpww20005 ACE[128392]: IBM App Connect Enterprise v11005 (DEV-NODE.HTTPListener) [Thread 128481] (Msg 1/1) BIP2786W: An unexpected property 'Admin Security/ldapBindPassword' with value 'ldap::****' was encountered when loading a YAML configuration.
Oct 23 12:09:12 lxasdkpww20005 ACE[128392]: IBM App Connect Enterprise v11005 (DEV-NODE.HTTPListener) [Thread 128481] (Msg 1/1) BIP2786W: An unexpected property 'Admin Security/ldapUrl' with value '****' was encountered when loading a YAML configuration.

I also tried with to change the section title to "AdminSecurity:" (no blank in the middle), with no more success.

Then I tried to do the same using the "mqsichangeproperties" command:
mqsichangeproperties DEV-NODE -b webadmin -o server -n ldapUrl -v \"ldap://***\"

I had no more error messages in the log, but a connection test from the Web User Interface failed:

Oct 23 12:42:26 lxasdkpww20005 ACE[15834]: IBM App Connect Enterprise v11005 (DEV-NODE) [Thread 15839] (Msg 1/1) BIP2775E: There was an error when attempting to authenticate user 'ldap://***' with the LDAP server '{1}'.

Any idea?
Back to top
View user's profile Send private message
joebuckeye
PostPosted: Thu Oct 24, 2019 5:10 am Post subject: Reply with quote

Partisan

Joined: 24 Aug 2007
Posts: 347
Location: Columbus, OH

I think you uncommented too much from your yaml file. The below is from the default yaml.

Code:

# Admin Security
#  Authentication
#basicAuth: true                                                    # Clients web user name and password will be authenticated when set true
#ldapUrl: ldap[s]://server[:port]/baseDN[?[uid_attr][?[base|sub]]]  # ldap search url
#ldapBindDn: ldap::adminAuthentication                              # Resource alias
#ldapBindPassword: ldap::adminAuthentication                        # Resource alias
#  Authorization
#adminSecurity: 'inactive'                  # Used to enable Authorization. Clients web user role will be authorized when set active
#authMode: 'file'                           # Set admin authorization mode to file


I would only uncomment the fields you need to change and only the property names with a ':' in them.

"# Admin Security" is a comment and not something that should be uncommented.
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexWebSphere Message Broker SupportCannot set up LDAP authentication with ACE
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.