APAR status
Closed as requirement.
Error description
Additional Symptom(s) Search Keyword(s): Currently, the security profile doesn't have a provision to specify multiple ldap servers so that a user can switch to a different sever when the primary ldap server fails. A new property named 'AlternateServers' is to be introduced which can be used to refer multiple ldap servers. The AlternateServers property value can be specified in a comma separated format ldap(s)://abc.com,ldap(s)://efg.com,ldap(s)://xyz.com e.g: mqsichangeproperties IBNODE -c SecurityProfiles -o SecProfMultiServer -n AlternateServers -v \" ldap://localhost:10372,ldap://localhost:10373\"
Local fix
Problem summary
**************************************************************** USERS AFFECTED: All Users of IBM Integration Bus V10 and App Connect Enterprise V11 with Security Profile configured for LDAP authentication and/or authorization Platforms affected: z/OS, MultiPlatform **************************************************************** PROBLEM DESCRIPTION: Security profile does not provide an option to use alternate LDAP servers to failover when the primary LDAP server is not available
Problem conclusion
A new property named 'AlternateServers' introduced for Security profile configurable service and policy. The property takes the value in the form of a comma separated list. For example : <span style="background-color:rgb(255, 255, 255)"> </span><span style="background-color:rgb(255, 255, 255)">ldap[</span><span style="background-color:rgb(255, 255, 255)">s]</span>://host1:[port1<span style="background-color:rgb(255, 255, 255)">]</span><span style="background-color:rgb(255, 255, 255)">, </span><span style="background-color:rgb(255, 255, 255)">ldap[</span><span style="background-color:rgb(255, 255, 255)">s]</span>://host2:[port2<span style="background-color:rgb(255, 255, 255)">]</span><span style="background-color:rgb(255, 255, 255)">,</span><span style="background-color:rgb(255, 255, 255)"> </span><span style="background-color:rgb(255, 255, 255)">ldap[s]</span>://host3:[port3<span style="background-color:rgb(255, 255, 255)">]</span> In ACE V11, it is specified in the Security profile policy property named 'Alternate server list'. In IIB v10, it is specified in the Security profile configurable service as below mqsichangeproperties -c SecurityProfiles -o MyFirstSecurityProfile -n AlternateServers -v <span style="background-color:rgb(255, 255, 255)">ldap[</span><span style="background-color:rgb(255, 255, 255)">s]</span>://host1:[port1<span style="background-color:rgb(255, 255, 255)">]</span><span style="background-color:rgb(255, 255, 255)">, </span><span style="background-color:rgb(255, 255, 255)">ldap[</span><span style="background-color:rgb(255, 255, 255)">s]</span>://host2:[port2<span style="background-color:rgb(255, 255, 255)">]</span><span style="background-color:rgb(255, 255, 255)">,</span><span style="background-color:rgb(255, 255, 255)"> </span><span style="background-color:rgb(255, 255, 255)">ldap[s]</span>://host3:[port3<span style="background-color:rgb(255, 255, 255)">]</span>
Temporary fix
Comments
OPTION TO SPECIFY MULTIPLE LDAP SERVERS, FOR HIGH AVAILABILITY, IN SECURITY PROFILE
APAR Information
APAR number
IT27376
Reported component name
INTEGRATION BUS
Reported component ID
5724J0540
Reported release
A00
Status
CLOSED REQ
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-12-17
Closed date
2021-01-29
Last modified date
2021-02-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSNQK6","label":"IBM Integration Bus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0"}]
Document Information
Modified date:
04 February 2021