Hello,
I am trying to enable ldap authentication on integration node in ACE 12.0.4.0
I am using ACE 12.0.4.0 on windows
I did follow this instructions for the authorization
https://www.ibm.com/docs/en/app-connect/12.0?topic=administration-enabling-ldap-authentication
https://community.ibm.com/community/user/integration/viewdocument/security-hardening-of-ibm-app-conne?CommunityKey=77544459-9fda-40da-ae0b-fc8c76f0ce18&tab=librarydocuments
my id is part of ldap group "CVC_APP_IBMACE_MGR_DEV" and "CVC_APP_IBMACE_MGR_DEV" this ldap group is part of the local group aceusers
Even after configuring the authorization, I am not able to authenticate myself/myid to web user interface of integration node. I don't see anything in eventviewer
I also ran the command on my user id
mqsisetdbparms DINODE01 -n ldap::adminAuthentication -u myid
here is what I have in my yml file
RestAdminListener:
authorizationEnabled: true
authorizationMode: 'ldap'
basicAuth: true
caPath: 'C:\ProgramData\IBM\MQSI\SSL\cacerts'
host: 'lzbita16'
ldapAuthorizeUrl: 'ldap://CN=lzbita16,OU=Domain Controllers,DC=ad,DC=civic,DC=com?samAccountName'
ldapBindDn: 'ldap::adminAuthentication'
ldapBindPassword: 'ldap::adminAuthentication'
ldapUrl: 'ldap://CN=lzbita16,OU=Domain Controllers,DC=ad,DC=civic,DC=com?samAccountName'
minimumTlsVersion: 'TLSv1.2'
port: 5414
sslCertificate: 'C:\ProgramData\IBM\MQSI\SSL\DINODE01.p12'
sslPassword: 'adminRestApi::sslpwd'
webUserPasswordHashAlgorithm: 'PBKDF2-SHA-512'
Security:
LdapAuthorizeAttributeToRoleMap:
'CN=CVC_APP_IBMACE_ADM_DEV,OU=CVCUserGroups,OU=CVC Groups,OU=CVC,OU=Departments,DC=ad,DC=civic,DC=com': 'aceadmins'
'CN=CVC_APP_IBMACE_MGR_DEV,OU=CVCUserGroups,OU=CVC Groups,OU=CVC,OU=Departments,DC=ad,DC=civic,DC=com': 'aceusers'
Node:
DataPermissions:
aceadmin: 'read+:write+:execute+'
Permissions:
aceadmins: 'read+:write+:execute+'
aceusers: 'read+:write+:execute+'
Server:
IS01:
Permissions:
aceadmins: 'read+:write+:execute+'
aceusers: 'read+:write+:execute+'
IS02:
Permissions:
aceadmins: 'read+:write+:execute+'