APAR status
Closed as program error.
Error description
When configuring MQ v8 Telemetry to use LDAP for authentication, with LdapLoginModule, you are unable to use multiple JAAS login modules for a login configuration file entry. See the following errors in the log: AMQXR2051E: Login failed for ClientIdentifier FailedLoginException: Cannot bind to LDAP server Example configuration/issue: In the following configuration, LDAP authentication using LdapLoginModule fails when using multiple login module entries, but works if only one is provided. Example fails with both entries: MQXRConfig { com.ibm.security.auth.module.LdapLoginModule OPTIONAL userProvider="ldap://ldapserver:389" authIdentity="uid={USERNAME},ou=org1,ou=yyy,dc=zzz,dc=com" debug=true useSSL=false; com.ibm.security.auth.module.LdapLoginModule OPTIONAL userProvider="ldap://ldapserver:389" authIdentity="uid={USERNAME},o u=org2,ou=yyy,dc=zzz,dc=com" debug=true useSSL=false; }; Works with either entry alone: MQXRConfig { com.ibm.security.auth.module.LdapLoginModule OPTIONAL userProvider="ldap://ldapserver:389" authIdentity="uid={USERNAME},ou=org1,ou=yyy,dc=zzz,dc=com" debug=true useSSL=false; };
Local fix
Problem summary
**************************************************************** USERS AFFECTED: Users of the IBM MQ Telemetry functionality who wish to use JAAS LDAP login module LdapLoginModule may be affected by this problem. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: IBM MQ was incorrectly throwing an exception when multiple JAAS login modules were specified for a login configuration file entry.
Problem conclusion
The code was corrected so that multiple login modules can be used for a single login configuration entry. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v8.0 8.0.0.6 v9.0 CD 9.0.1 v9.0 LTS 9.0.0.1 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT16493
Reported component name
WMQ MOBILITY
Reported component ID
5724H7258
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-08-05
Closed date
2016-09-29
Last modified date
2017-06-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WMQ MOBILITY
Fixed component ID
5724H7258
Applicable component levels
R800 PSY
UP
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0"}]
Document Information
Modified date:
14 December 2020