Setting up LDAP Authentication with the WebUI has been challenging. A tool has been created to simplify this process, as the trial and error method can get tedious, when broker restarts, etc are needed.
The tool can be downloaded from the following:
***Please note LdapAuthentication.zip will need to be renamed LdapAuthentication.jar***
Usage: java -jar LdapAuthentication.jar “Ldap host” “binding userid” “binding password” “Ldap baseDN” “Ldap uid attr” “Admin userid” “Admin passwd”
java -jar LdapAuthentication.jar ldap://localhost:389 cn=Manager,dc=maxcrc,dc=com secret dc=maxcrc,dc=com uid dbwillis secret
“Ldap host” = ldap://localhost:389
“binding userid” = cn=Manager,dc=maxcrc,dc=com
“binding password” = secret
“Ldap baseDN” = dc=maxcrc,dc=com
“Ldap uid attr” = uid
“Admin userid” = dbwillis
“Admin passwd” = secret
If you are unclear on any of these parameters, your LDAP Admin should be able to get that information for you.
The only one that is not extremely clear is Ldap uid attr.
Typically this will be ‘cn’, ‘uid’, or ‘samaccountname’
Run the tool with the parameters.
If the tool is run successfully, the correct mqsisetdbparms, mqsichangeproperties, and mqsiwebuseradmin commands will be displayed.
If any of the parameters are incorrect, the tool will help you determine where it is failing. I will demonstrate these.
Once input correctly, the mqsisetdbparms, mqsichangeproperties, and mqsiwebuseradmin commands are issued.
**When using special characters in the password, it will need to be surrounded by double quotes in the mqsisetdbparms command**
Using the wrong host/port will show the following:
As you can see cn=Manager was incorrectly typed as cn=People.
Using the wrong Binding password will also give this same error
Using the wrong Base DN:
As you can see dc=maxcrc was incorrectly typed as dc= maxcr
The tool was able to successfully bind to the LDAP server, but was unable to search the base DN.
Using the wrong UID Attribute:
As you can see uid was incorrectly typed as samaccountname
The tool was able to successfully bind to and search the LDAP server, but could not find the specified user. You will also see this if the username is incorrect.
Note that dbwillis was incorrectly typed as dbwillis1
Using the wrong user Password:
As you can see secret was incorrectly typed secret1
The tool was able to successfully bind to and search the LDAP server, found the user, but was unable to authenticate. It lets you know the wrong password was used.
Enabling an integration node to use LDAP for authentication: