App Connect

App Connect

Join this online user group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.


#Applicationintegration
#App Connect
#AppConnect
 View Only
Back to discussions
Expand all | Collapse all

Enabling an integration node to use LDAP for authentication

  • 1.  Enabling an integration node to use LDAP for authentication

    Posted Tue June 14, 2022 03:55 PM
    Edited by Stephanie Wilkerson Wed June 15, 2022 12:46 PM
    Hello,
    I am trying to enable ldap authentication on integration node in ACE 12.0.4.0

    I am using ACE 12.0.4.0 on windows

    I did follow this instructions for the authorization

    https://www.ibm.com/docs/en/app-connect/12.0?topic=administration-enabling-ldap-authentication

    https://community.ibm.com/community/user/integration/viewdocument/security-hardening-of-ibm-app-conne?CommunityKey=77544459-9fda-40da-ae0b-fc8c76f0ce18&tab=librarydocuments

     

    my id is part of ldap group "CVC_APP_IBMACE_MGR_DEV" and "CVC_APP_IBMACE_MGR_DEV" this ldap group is part of the local group aceusers

     

    Even after configuring the authorization, I am not able to authenticate myself/myid to web user interface of integration node. I don't see anything in eventviewer

     

    I also ran the command on my user id

    mqsisetdbparms DINODE01 -n ldap::adminAuthentication -u myid

    here is what I have in my yml file


    RestAdminListener:

      authorizationEnabled: true

      authorizationMode: 'ldap'

      basicAuth: true

      caPath: 'C:\ProgramData\IBM\MQSI\SSL\cacerts'

      host: 'lzbita16'

      ldapAuthorizeUrl: 'ldap://CN=lzbita16,OU=Domain Controllers,DC=ad,DC=civic,DC=com?samAccountName'

      ldapBindDn: 'ldap::adminAuthentication'

      ldapBindPassword: 'ldap::adminAuthentication'

      ldapUrl: 'ldap://CN=lzbita16,OU=Domain Controllers,DC=ad,DC=civic,DC=com?samAccountName'

      minimumTlsVersion: 'TLSv1.2'

      port: 5414

      sslCertificate: 'C:\ProgramData\IBM\MQSI\SSL\DINODE01.p12'

      sslPassword: 'adminRestApi::sslpwd'

      webUserPasswordHashAlgorithm: 'PBKDF2-SHA-512'

    Security:

      LdapAuthorizeAttributeToRoleMap:

        'CN=CVC_APP_IBMACE_ADM_DEV,OU=CVCUserGroups,OU=CVC Groups,OU=CVC,OU=Departments,DC=ad,DC=civic,DC=com': 'aceadmins'

        'CN=CVC_APP_IBMACE_MGR_DEV,OU=CVCUserGroups,OU=CVC Groups,OU=CVC,OU=Departments,DC=ad,DC=civic,DC=com': 'aceusers'

      Node:

        DataPermissions:

          aceadmin: 'read+:write+:execute+'

        Permissions:

          aceadmins: 'read+:write+:execute+'

          aceusers: 'read+:write+:execute+'

      Server:

        IS01:

          Permissions:

            aceadmins: 'read+:write+:execute+'

            aceusers: 'read+:write+:execute+'

        IS02:

          Permissions:

            aceadmins: 'read+:write+:execute+'





  • 2.  RE: Enabling an integration node to use LDAP for authentication

    Posted Thu June 30, 2022 07:47 PM
    Hi Praveen,

    Are you seeing any errors, because your node.config.yaml file looks good, along with mqsisetdbparms command. Have you tried using below pattern search

    ldapAuthorizeUrl: 'ldap://CN=lzbita16,OU=Domain Controllers,DC=ad,DC=civic,DC=com?cn?sub?(member={{dn}})'
    ldapUrl: 'ldap://CN=lzbita16,OU=Domain Controllers,DC=ad,DC=civic,DC=com?cn?sub'


    ------------------------------
    Prathyusha Yedupati
    Software Lead
    ------------------------------

    Original Message


Related Content