More on Active Directory with MQ on Linux

Several years ago I wrote about using Active Directory (AD) with MQ-specific authentication and authorisation options on a Unix queue manager. In that scenario, AD serves as an LDAP server. The MQ CONNAUTH attribute points at an IDPWLDAP format of AuthInfo object.

There is another approach to using Active Directory with MQ on Linux, where the directory is much more integrated with the operating system. I have seen enough confusion between these two options that I thought it was worth writing something to explain. I’ve had several apparently independent streams of notes on this topic in the last month alone (not to mention the person who seems to have asked everyone they know in the hope of at least one of them giving the answer they want to hear even if it’s wrong).

Continue reading “More on Active Directory with MQ on Linux”

This post was last updated on February 19th, 2023 at 11:16 am

JMS, JNDI and LDAPS

A recent Idea opened against MQ asked for the ability to store JMS resources using a secure connection to LDAP servers. All the current LDAP support for JMSAdmin and Explorer is documented using the plaintext protocol, but could we use a TLS-protected connection? My first thought was that this was likely to be impossible without changing something – albeit likely small – in the product code. But as I needed to get an LDAP server running locally for other reasons, I thought I’d give it a go to see if my guess was right. It wasn’t; and so here’s how you can do it yourself.

Continue reading “JMS, JNDI and LDAPS”

This post was last updated on February 3rd, 2023 at 08:31 am

IBM MQ – Using Active Directory for authorisation in Unix queue managers

Permissions for accessing MQ functions have traditionally relied on using operating system definitions for users and groups. That could mean you having a requirement to define those users and groups on each system individually, which is challenging enough in a static topology, but becomes even worse in a dynamic environment such as a cloud where systems may be being defined and deleted regularly. And so some central definition of the identities becomes essential.
Continue reading “IBM MQ – Using Active Directory for authorisation in Unix queue managers”

This post was last updated on November 24th, 2019 at 08:37 pm