| Author |
Message
|
| domoku_1 |
 Posted: Tue Feb 03, 2015 11:48 am Post subject: LDAPS on JMS Node |
 |
|
Newbie
Joined: 12 Jan 2012
Posts: 6
|
Hello,
I am using the JMS Output Node to perform a JNDI lookup on LDAP and have been able to achieve this using default ldap. I am now trying to use ldaps and have made the following changes.
1. Modified jndiBindingsLocation to use ldaps: mqsichangeproperties BRKR -c JMSProviders -o Oracle_AQ -n jndiBindingsLocation -v ldaps://<ldap host:port>
2. Set LDAP credentials as before: mqsichangebroker BRKR -y <user> -z <password>
3. mqsisetdbparms BRKR –n ldap:: ldaps://<ldap host:port> –u <user> –p <password> (this was not required in default ldap)
However I am getting the below error:-
| Code: |
| There is a configuration problem with the JNDI Administered objects where: Initial Context Factory = 'com.sun.jndi.ldap.LdapCtxFactory'. Location of the bindings = 'ldaps://<ldap host:port>'. ConnectionFactory Name = 'xxx'. JMS destination = 'xxx'. The exception text is : 'simple bind failed: <ldap host:port> Cause:javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure'. The node cannot obtain a JNDI Administered Object, because some of the values specified are incorrect. Check the JNDI Administered configuration for the JMS provider used by the node. |
Version: 9.0.0.2
Do the JMS nodes support ldaps? Do I need to create a security profile for ldaps and is there a way for the JMS nodes to use this security profile?
Thank you |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Tue Feb 03, 2015 11:54 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| At a bare minimum you will need to add the right certificates into the EG trust store. |
|
| Back to top |
|
|
| domoku_1 |
| Posted: Wed Feb 04, 2015 10:19 am Post subject: |
|
|
Newbie
Joined: 12 Jan 2012
Posts: 6
|
| mqjeff wrote: |
| At a bare minimum you will need to add the right certificates into the EG trust store. |
Thank you for the direction. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Feb 04, 2015 10:20 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| domoku_1 wrote: |
| mqjeff wrote: |
| At a bare minimum you will need to add the right certificates into the EG trust store. |
Thank you for the direction. |
Did that resolve the problem? |
|
| Back to top |
|
|
| domoku_1 |
| Posted: Fri Feb 06, 2015 11:29 am Post subject: |
|
|
Newbie
Joined: 12 Jan 2012
Posts: 6
|
|
| Back to top |
|
|
|
|
