IBM Support

IT24055: AMQ5532 is reported during LDAP authorization if the DN of the LDAP user has an escape character in it.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • An attempt to perform an LDAP authorization at MQ 8.0.0.8
    results in the below error, if the DN name contains an escape
    character '\' in it.  Example: 'CN=Joe\, John,
    OU=People,DC=domain,DC=com'  and the AUTHORMD is set to
    SEARCHUSR in the authinfo definition for LDAP authorization.
    .
      AMQ5532: Error authorizing entity in LDAP
      .
      EXPLANATION:
      The LDAP authorization service has failed in the
      ldap_search call while trying to find user or group
      'Invalid DN syntax'. Returned count is 34.
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    Users using IBM MQ and have configured queue manager to
    authorize LDAP users with the AUTHORMD property in the AUTHIFO
    definition set to SEARCHUSR and if the LDAP user DN contains any
    of the following special characters ( '\',  '(' , ')', '*')  in
    it.
    
    
    Platforms affected:
    MultiPlatform
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    The LDAP search method invoked by MQ to retrieve the LDAP groups
    of which a user DN is a member, was called with an incorrect
    parameter value if special characters were present in the
    string. As a result of this, the search query failed.
    

Problem conclusion

  • The MQ OAM code is modified such that the LDAP search method is
    called with correct values.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v8.0       8.0.0.11
    v9.0 LTS   9.0.0.6
    v9.1 CD    9.1.1
    v9.1 LTS   9.1.0.1
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT24055

  • Reported component name

    IBM MQ BASE MP

  • Reported component ID

    5724H7251

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-02-13

  • Closed date

    2018-07-09

  • Last modified date

    2018-07-12

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    IBM MQ BASE MP

  • Fixed component ID

    5724H7251

Applicable component levels

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.0.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
12 July 2018