MQ

MQ

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Configuring IBM MQ for use with RHEA AMQP NodeJS client and LDAP

    Posted Tue September 15, 2020 02:27 PM
    My goal is this.  I want to configure a topic on my MQ server to support pub/sub from an AMQP client, and secure the actions using LDAP groups.  The AMQP client of choice is rhea in order to support NodeJS applications connecting to MQ.

    What is working so far:
    • Able to use IBM MQ client (non-AMQP) with LDAP security to pub/sub to a topic.
    • Able to use mqlight and recv.js/send.js samples along with sample AMQP configuration script (SampleMQM.sh) from MQ server to send and receive a "Hello world!" message.
    What is not working:
    • Not able to repeat the success of mqlight with rhea client's version of "Hello world!" sample.  It never seems to connect.
    What I haven't tried yet:
    • Use mqlight client to connect with AMQP channel and send/receive to topic that is secured with LDAP.  

    I realize this is a rhea client issue rather than a server problem.  I'm posting here to see if anyone else is using the rhea client with IBM MQ.  I'm guessing there must be some options I'm missing.  Other than host, port and topic that doesn't seem to be a lot required for AMQP clients to connect.   

    I found this article helpful, but I have a few questions for future reference regarding these commands I found in the SampleMQM.sh script:

    # Allow user nobody to publish and subscribe on any topic.

    # Note: Allowing the user nobody to do something in MQ, allows all users to do it!

    setmqaut -m $QMGR -t qmgr -p nobody -all +connect

    setmqaut -m $QMGR -t topic -n SYSTEM.BASE.TOPIC -p nobody -all +pub +sub

    and then the channel is defined with MCAUSER('nobody')

    Questions:
    • Is the use of 'nobody' just for this example, or is it how you typically set up an AMQP channel?  Seems insecure.
    • If I have set up LDAP correctly using "DEFINE AUTHINFO('xxx') AUTHTYPE(IDPWLDAP) ..." would I still need to use 'nobody' and even specify MCAUSER?  I don't use this parameter in the non-AMQP case.  I was told that the MCAUser on the channel is the default user that would be used for authorization, but it does not force or state that only a particular user can connect.
    • Are there any differences in how LDAP is set up and used for AMQP versus non-AMQP channels?
    Thanks for your help.  I'm glad to provide more details if needed.  As I stated this is working for non-AMQP connections.  I just need to get to the same point with AMQP.

    ------------------------------
    Jim Creasman
    ------------------------------


  • 2.  RE: Configuring IBM MQ for use with RHEA AMQP NodeJS client and LDAP

    Posted Tue September 15, 2020 07:31 PM
    I have an update on this post.  I was able to configure my MQ server with a topic secured using LDAP groups, and then connect to this using the IBM mqlight client.  This was without specifying MCAUSER on the DEFINE CHANNEL.  The remaining question is how to get the rhea client working.  If anyone has experience with this AMQP client I'd be interested in what you know.

    ------------------------------
    Jim Creasman
    ------------------------------

    Original Message


  • 3.  RE: Configuring IBM MQ for use with RHEA AMQP NodeJS client and LDAP

    Posted Tue September 15, 2020 08:12 PM
    I finally go this to work.  Turns out I needed to specify the 'to' field when sending the message -- even though most of the same information is made available at the time the connection is created.  Anyway, this did the trick:

    var container = require('rhea');
    var connection = container.connect({
    'host': 'localhost',
    'port': 5672,
    'reconnect': false,
    'username': 'the-user',
    'password': 'the-pw'
    });

    var sender = connection.open_sender('my-topic');
    sender.send({
    'to': 'amqp://localhost:5672', // <-- Had to add this.
    'body': 'Hello world!'
    });


    ------------------------------
    Jim Creasman
    ------------------------------

    Original Message


Related Content