IBM Support

IT15111: LDAP SSL CONNECTION FAILS TO BIND.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Additional Symptom(s) Search Keyword(s):
The LDAP connection using SSL failed to bind with a BIP2721E:
Unable to connect to  LDAP server using user credentials' ,
'ldaps://myserver:636','cn=myuser,CN=Users,DC=test,DC=ad,DC=hurs
ley,DC=ibm,DC=com','javax.naming.CommunicationException: simple
bind failed:myserver:636'

This only happens on 10.0.0.2 and higher if the fix capability
of the broker is configured to 2 or higher and they have
configured the execution group use the global cache.
The issue is that the Global cache is setting the default
socket factory connection to
com.ibm.websphere.ssl.protocol.SSLSocketFactory and that
stops the LDAP working with SSL.

Local fix

  • Work around is to either set the fix capability to 10.0.0.1 or
define the following in the java.security file:
ssl.ServerSocketFactory.provider=
ssl.SocketFactory.provider=
or make the global cache use ORB instead of XIO by setting the
following environment variable:
export MQSI_WXS_TRANSPORT=ORB

Problem summary

  • ****************************************************************
USERS AFFECTED:
All users of IBM Integration Bus V10 and LDAP security using
SSL.


Platforms affected:
z/OS, MultiPlatform

****************************************************************
PROBLEM DESCRIPTION:
The LDAP connection using SSL failed to bind with a BIP2721E:
Unable to connect to  LDAP server using user credentials' ,
'ldaps://myserver:636','cn=myuser,CN=Users,DC=test,DC=ad,DC=hurs
ley,DC=ibm,DC=com','javax.naming.CommunicationException: simple
bind failed:myserver:636'

This only happens on 10.0.0.2 and higher if the fix capability
of the broker is configured to 2 or higher and they have
configured the execution group use the global cache.
The issue is that the Global cache is setting the default
socket factory connection to
com.ibm.websphere.ssl.protocol.SSLSocketFactory and that
stops the LDAP working with SSL.

There are a number of resource name changes between WebSphere
Message Broker and IBM Integration Bus Version 9.0.  For details
visit
http://pic.dhe.ibm.com/infocenter/wmbhelp/v9r0m0/topic/com.ibm.e
tools.mft.doc/bb23814_.htm

Problem conclusion

  • The product now sets the default socket connection factory and
that stops WXS from setting the incorrect socket factory.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v10.0      10.0.0.10

The latest available maintenance can be obtained from:
http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041

If the maintenance level is not yet available,information on
its planned availability can be found on:
http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308
---------------------------------------------------------------

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT15111
    • 

  • Reported component name
    INTEGRATION BUS
    • 

  • Reported component ID
    5724J0540
    • 

  • Reported release
    A00
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2016-05-05
    • 

  • Closed date
    2017-08-31
    • 

  • Last modified date
    2017-08-31
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    INTEGRATION BUS
    • 

  • Fixed component ID
    5724J0540
    • 



Applicable component levels


    

  • RA00  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSNQK6","label":"IBM Integration Bus"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            23 March 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback