IT29662: AMQ8871E error reported when creating an authority record with authority 'crt' in an LDAP OAM configuration

APAR status

Closed as program error.

Error description

In an LDAP Object Authority Manager (OAM) configuration when a
user tries to create an authority record with 'crt' authority
for valid user/group, the command fails with unknown entity
error and AMQ8871 error is reported.

For example:

set authrec profile('qname') objtype(queue)
principal('CN=xxxx,OU=xxxx,OU=xxxx,DC=xxxx,DC=xxxx')
authadd(crt)
     1 : set authrec profile('qname') objtype(queue)
principal('CN=xxxx,OU=xxxx,OU=xxxx,DC=xxxx,DC=xxxx')
authadd(crt)
AMQ8871E: Entity, principal or group not known.

Local fix

Use the setmqaut command instead of the SET AUTHREC MQSC or PCF
command.

Problem summary

****************************************************************
USERS AFFECTED:
Users using LDAP for authorization, who attempt to add an
authority record with authority 'crt' using the SET AUTHREC
runmqsc command or MQCMD_SET_AUTH_REC PCF command.


Platforms affected:
Windows

****************************************************************
PROBLEM DESCRIPTION:
In an LDAP setup when setting an authority record for a
principal/group with 'crt' authority, a lookup for principal SID
was incorrectly performed on the localhost by the queue
manager's command server process. Since the user details are
stored on the LDAP server, the search failed with unknown entity
error.

Problem conclusion

The queue manager command server code has been modified to look
for principal/group details on LDAP server as expected.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v9.0 LTS   9.0.0.11
v9.1 LTS   9.1.0.7
v9.x CD    T.B.C.

The latest available maintenance can be obtained from
'WebSphere MQ Recommended Fixes'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037

If the maintenance level is not yet available information on
its planned availability can be found in 'WebSphere MQ
Planned Maintenance Release Dates'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
---------------------------------------------------------------

Temporary fix

Comments

APAR Information

APAR number
IT29662
Reported component name
IBM MQ BASE M/P
Reported component ID
5724H7261
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-07-09
Closed date
2020-06-16
Last modified date
2020-06-22

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
IBM MQ BASE M/P
Fixed component ID
5724H7261

Applicable component levels

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
23 June 2020

Tips

IT29662: AMQ8871E error reported when creating an authority record with authority 'crt' in an LDAP OAM configuration

Subscribe to this APAR

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

Document Information

Share your feedback

Need support?