Optional: Configuring LDAP
The IBM® MQ Advanced certified container can be configured to use several different security approaches. Typically LDAP is the most effective for an enterprise deployment, and LDAP is used for this migration scenario.
Before you begin
About this task
Do I need to do this?
If you are already using LDAP for authentication and authorization then no changes are required.
If you are not sure if LDAP is being used, run the following command:
connauthname="$(grep CONNAUTH backup.mqsc | cut -d "(" -f2 | cut -d ")" -f1)"; grep -A 20 AUTHINFO\($connauthname\) backup.mqsc
Sample output:
DEFINE AUTHINFO('USE.LDAP') +
AUTHTYPE(IDPWLDAP) +
ADOPTCTX(YES) +
CONNAME('ldap-service.ldap(389)') +
CHCKCLNT(REQUIRED) +
CLASSGRP('groupOfUniqueNames') +
FINDGRP('uniqueMember') +
BASEDNG('ou=groups,dc=ibm,dc=com') +
BASEDNU('ou=people,dc=ibm,dc=com') +
LDAPUSER('cn=admin,dc=ibm,dc=com') +
* LDAPPWD('********************************') +
SHORTUSR('uid') +
GRPFIELD('cn') +
USRFIELD('uid') +
AUTHORMD(SEARCHGRP) +
* ALTDATE(2020-11-26) +
* ALTTIME(15.44.38) +
REPLACE
- AUTHTYPE
- If this has the value
IDPWLDAP
, then you are using LDAP for authentication. - AUTHORMD
- If this has the value
OS
, then you are not using LDAP for authorization.
To modify the authorization and authentication to use LDAP, complete the following tasks: