IBM Support

IT30160: Queue manager can show incorrect LDAPCONN QMSTATUS when using IDPWLDAP authinfo object

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • After configuring a queue manager's CONNAUTH/AUTHINFO to work
with LDAP (IDPWLDAP).

The queue manager successfully connects to LDAP, DISPLAY
QMSTATUS LDAPCONN shows as CONNECTED.

After a few seconds, the QMSTATUS LDAPCONN changes to ERROR.

At about the same time, the queue manager's error log does show
user authentication error occurred:

AMQ5534E: User ID 'myuser' authentication failed
EXPLANATION:
The user ID and password supplied by the 'myprogram' program
could not be authenticated.

Local fix

  • 



Problem summary


    

  • ****************************************************************
USERS AFFECTED:
Users who view the DISPLAY QMSTATUS command and look at the
LDAPCONN output.


Platforms affected:
MultiPlatform

****************************************************************
PROBLEM DESCRIPTION:
Whenever a user/password authentication attempt failed (eg.
because the password had been typed wrongly), the LDAPCONN
status was changed to ERROR.

This is not correct, because the LDAP connection was still
healthy - there was no need to mark it as in-error just because
a user/password check returned not-authorized.

    



Problem conclusion


    

  • The MQ code has been corrected to ensure that the LDAPCONN
status is not changed to ERROR when normal activities, such as
checking a user's password, fail.

Additional text will be added to the Knowledge Center to explain
that the LDAPCONN status within DISPLAY QMSTATUS is a single
status for the whole queue manager, reflecting only the most
recent actions performed with the LDAP server.  There are
multiple connections to the LDAP server, one per queue manager
agent process.  LDAPCONN reflects the status from the most
recent LDAP connection across the agents of the whole queue
manager.  If the error is temporary, and quickly clears, then
the ERROR status will be short-lived.  Always look in the queue
manager error logs to see more details of any LDAP connectivity
failures.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v9.1 CD    9.1.4
v9.1 LTS   9.1.0.4

The latest available maintenance can be obtained from
'WebSphere MQ Recommended Fixes'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037

If the maintenance level is not yet available information on
its planned availability can be found in 'WebSphere MQ
Planned Maintenance Release Dates'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
---------------------------------------------------------------

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT30160
    • 

  • Reported component name
    MQ APPLIANCE M2
    • 

  • Reported component ID
    5737H4700
    • 

  • Reported release
    910
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-08-30
    • 

  • Closed date
    2019-09-24
    • 

  • Last modified date
    2019-09-24
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    MQ APPLIANCE M2
    • 

  • Fixed component ID
    5737H4700
    • 



Applicable component levels


    

  • R910  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS5K6E","label":"IBM MQ Appliance"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"910","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            24 September 2019
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback