IBM Support

IT27376: OPTION TO SPECIFY MULTIPLE LDAP SERVERS, FOR HIGH AVAILABILITY, IN SECURITY PROFILE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as requirement.

Error description

  • Additional Symptom(s) Search Keyword(s):
    Currently, the security profile doesn't have a provision to
    specify multiple ldap servers so that a user can switch to a
    different sever when the primary ldap server fails.
    A new property named 'AlternateServers' is to be introduced
    which can be used to refer multiple ldap servers.
    The AlternateServers property value can be specified in a comma
    separated format
      ldap(s)://abc.com,ldap(s)://efg.com,ldap(s)://xyz.com
    e.g:
      mqsichangeproperties IBNODE -c SecurityProfiles -o
    SecProfMultiServer -n AlternateServers -v \"
    ldap://localhost:10372,ldap://localhost:10373\"
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    All Users of IBM Integration Bus V10 and App Connect Enterprise
    V11 with Security Profile configured for LDAP authentication
    and/or authorization
    
    
    Platforms affected:
    z/OS, MultiPlatform
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    Security profile does not provide an option to use alternate
    LDAP servers to failover when the primary LDAP server is not
    available
    

Problem conclusion

  • A new property named 'AlternateServers' introduced for Security
    profile configurable service and policy.
    
    The property takes the value in the form of a comma separated
    list.
    For example :   <span style="background-color:rgb(255, 255,
    255)"> </span><span style="background-color:rgb(255, 255,
    255)">ldap[</span><span style="background-color:rgb(255, 255,
    255)">s]</span>://host1:[port1<span
    style="background-color:rgb(255, 255, 255)">]</span><span
    style="background-color:rgb(255, 255, 255)">, </span><span
    style="background-color:rgb(255, 255, 255)">ldap[</span><span
    style="background-color:rgb(255, 255,
    255)">s]</span>://host2:[port2<span
    style="background-color:rgb(255, 255, 255)">]</span><span
    style="background-color:rgb(255, 255, 255)">,</span><span
    style="background-color:rgb(255, 255, 255)"> </span><span
    style="background-color:rgb(255, 255,
    255)">ldap[s]</span>://host3:[port3<span
    style="background-color:rgb(255, 255, 255)">]</span>
    
    In ACE V11, it is specified in the Security profile policy
    property named 'Alternate server list'.
    
    In IIB v10, it is specified in the Security profile configurable
    service as below
    
    mqsichangeproperties -c SecurityProfiles -o
    MyFirstSecurityProfile -n AlternateServers -v
    <span style="background-color:rgb(255, 255,
    255)">ldap[</span><span style="background-color:rgb(255, 255,
    255)">s]</span>://host1:[port1<span
    style="background-color:rgb(255, 255, 255)">]</span><span
    style="background-color:rgb(255, 255, 255)">, </span><span
    style="background-color:rgb(255, 255, 255)">ldap[</span><span
    style="background-color:rgb(255, 255,
    255)">s]</span>://host2:[port2<span
    style="background-color:rgb(255, 255, 255)">]</span><span
    style="background-color:rgb(255, 255, 255)">,</span><span
    style="background-color:rgb(255, 255, 255)"> </span><span
    style="background-color:rgb(255, 255,
    255)">ldap[s]</span>://host3:[port3<span
    style="background-color:rgb(255, 255, 255)">]</span>
    

Temporary fix

Comments

  • OPTION TO SPECIFY MULTIPLE LDAP SERVERS, FOR HIGH AVAILABILITY,
     IN SECURITY PROFILE
    

APAR Information

  • APAR number

    IT27376

  • Reported component name

    INTEGRATION BUS

  • Reported component ID

    5724J0540

  • Reported release

    A00

  • Status

    CLOSED REQ

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-12-17

  • Closed date

    2021-01-29

  • Last modified date

    2021-02-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSNQK6","label":"IBM Integration Bus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0"}]

Document Information

Modified date:
04 February 2021