MQSeries.net :: View topic

Lone_Wanderer

Hi all,

We migrated to ACE12 from IIB and I'm reviewing some of our old installation scripts.

One of them states: mqsisetdbparms $IIBname -n ldap::LDAP -u "$LDAPaccount" -p "$LDAPaccountPwd"

Which stored credentials to be used anytime we wanted to access LDAP. Now, with ACE, I would like to use a Vault for those creds, but that has me little cofused. The command would be:

mqsicredentials $IIBname --create --credential-type ldap --credential-name $LDAPaccount --password $LDAPaccountPwd

However, now the real confusion sets in. We Use LDAP for Authorization and Authentication of incoming requests via our SOAPInput nodes. We had a security profile, which referred to a set of LDAP groups, that authenticated and authorized the user and this profile (along with policy sets and bindings) was referenced in the SOAPInput node.

But, when using the mqsicredentials command, it's not clear to me if ACE will "just use it" when trying to access LDAP, like it did with aforementioned mqsisetdbparms command. The old command was set up in a way, that any connection to any LDAP will use those credentials, however no such behaviour is documented with mqsicredentials.

Do I need to use mqsicredentials along with Security Profile? If so, how do I reffer it and from where?

The goal is the move those credentials to a Vault, but from documentation, it's not clear to me how to do it in this specific case.

Kind Regards

I also found this: https://www.ibm.com/docs/en/app-connect/12.0?topic=authorization-configuring-ldap
which clearly instructs to use mqsisetdbparms. This is disappointing.