APAR status
Closed as program error.
Error description
Additional Symptom(s) Search Keyword(s): The LDAP connection using SSL failed to bind with a BIP2721E: Unable to connect to LDAP server using user credentials' , 'ldaps://myserver:636','cn=myuser,CN=Users,DC=test,DC=ad,DC=hurs ley,DC=ibm,DC=com','javax.naming.CommunicationException: simple bind failed:myserver:636' This only happens on 10.0.0.2 and higher if the fix capability of the broker is configured to 2 or higher and they have configured the execution group use the global cache. The issue is that the Global cache is setting the default socket factory connection to com.ibm.websphere.ssl.protocol.SSLSocketFactory and that stops the LDAP working with SSL.
Local fix
Work around is to either set the fix capability to 10.0.0.1 or define the following in the java.security file: ssl.ServerSocketFactory.provider= ssl.SocketFactory.provider= or make the global cache use ORB instead of XIO by setting the following environment variable: export MQSI_WXS_TRANSPORT=ORB
Problem summary
**************************************************************** USERS AFFECTED: All users of IBM Integration Bus V10 and LDAP security using SSL. Platforms affected: z/OS, MultiPlatform **************************************************************** PROBLEM DESCRIPTION: The LDAP connection using SSL failed to bind with a BIP2721E: Unable to connect to LDAP server using user credentials' , 'ldaps://myserver:636','cn=myuser,CN=Users,DC=test,DC=ad,DC=hurs ley,DC=ibm,DC=com','javax.naming.CommunicationException: simple bind failed:myserver:636' This only happens on 10.0.0.2 and higher if the fix capability of the broker is configured to 2 or higher and they have configured the execution group use the global cache. The issue is that the Global cache is setting the default socket factory connection to com.ibm.websphere.ssl.protocol.SSLSocketFactory and that stops the LDAP working with SSL. There are a number of resource name changes between WebSphere Message Broker and IBM Integration Bus Version 9.0. For details visit http://pic.dhe.ibm.com/infocenter/wmbhelp/v9r0m0/topic/com.ibm.e tools.mft.doc/bb23814_.htm
Problem conclusion
The product now sets the default socket connection factory and that stops WXS from setting the incorrect socket factory. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v10.0 10.0.0.10 The latest available maintenance can be obtained from: http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041 If the maintenance level is not yet available,information on its planned availability can be found on: http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT15111
Reported component name
INTEGRATION BUS
Reported component ID
5724J0540
Reported release
A00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-05-05
Closed date
2017-08-31
Last modified date
2017-08-31
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
INTEGRATION BUS
Fixed component ID
5724J0540
Applicable component levels
RA00 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSNQK6","label":"IBM Integration Bus"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
23 March 2020