|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
|
|
providing access to an LDAP id for a QM |
« View previous topic :: View next topic » |
Author |
Message
|
miibm |
Posted: Thu Jun 03, 2021 7:08 pm Post subject: providing access to an LDAP id for a QM |
|
|
Newbie
Joined: 03 Jun 2021 Posts: 1
|
Hi, Anyone help me how to provide access to an LDAP id for a QM?
Thanks for support! |
|
Back to top |
|
|
exerk |
Posted: Fri Jun 04, 2021 5:13 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006 Posts: 6339
|
Amazingly the first hit from Mr. Google found me THIS... _________________ It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
Back to top |
|
|
hughson |
Posted: Fri Jun 04, 2021 10:24 pm Post subject: Re: providing access to an LDAP id for a QM |
|
|
Padawan
Joined: 09 May 2013 Posts: 1916 Location: Bay of Plenty, New Zealand
|
miibm wrote: |
Hi, Anyone help me how to provide access to an LDAP id for a QM? |
Please be a little more explicit, or more detailed. What exactly is this user id for? Are you, for example, asking how to run the queue manager using an LDAP id? Or do you just wish to authenticate an application to use queue manager resources by providing an LDAP id and password at connect time? Or is it something else?
Cheers,
Morag _________________ Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
Back to top |
|
|
blorro |
Posted: Fri Oct 08, 2021 1:00 am Post subject: |
|
|
Acolyte
Joined: 09 Jan 2014 Posts: 57 Location: Sweden
|
I'll gladly kick this thread to the 'live' lane.
Saw the excellent blogpost:
https://blogs.perficient.com/2019/08/05/how-to-configure-ibm-mq-authentication-os-and-ldap/
Also saw this thread :
http://www.mqseries.net/phpBB2/viewtopic.php?p=410623&sid=f39979b1c871997aec740d7ab4c1521f
Now for my own case:
A number of Queue managers. Majority running Windows , some system i and a handful of z/OS ones.
Windows ones use AD accounts for connection authentication paired with CHLAUTH records, backstop rules and all.
'system i' and z/OS are not connected to AD at all.
How huge of a task would it be to switch everything to LDAP ?
Where would one begin ?
(I'm pretty sure setting up Qmgr keystores is step1 as our LDAP requires it.)
Why ?
Two reasons:
1. We have a one-way domain trust between a number of Windows based Queuemanagers and doing Windows Pre-2000 -anonymous lookups towards the trusted domain is frowned upon.
Switching to LDAP authentication seems to provide needed granularity and the 'old-way-of-doing-lookups' can be binned.
2.Well, if we do 1, why not do the rest ?
LDAP authentication vs AD Authentication: Pros and cons in a mixed environment ? _________________ "Anything is possible, all the time." |
|
Back to top |
|
|
|
|
|
|
Page 1 of 1 |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|
|
|