APAR status
Closed as program error.
Error description
Error seen in queue manager error log when trying to connect AMQP client to the MQ AMQP service, when LDAP is used for user authentication: 11/14/2018 03:26:08 PM - Process(49227.8) User(mqm) Program(java) Host(centos75) Installation(Installation1) VRMF(9.1.0.0) QMgr(QM1) Time(2018-11-14T07:26:08.208Z) CommentInsert1(ldap_search) CommentInsert2(mqm) CommentInsert3((&(objectClass=USER)(sAMAccountName=mqm))) AMQ5531E: Error locating user or group in LDAP EXPLANATION: The LDAP authentication and authorization service has failed in the ldap_search call while trying to find user or group 'mqm'. Returned count is 0. Additional context is '(&(objectClass=USER)(sAMAccountName=mqm))'. An AMQXR0041E error is also logged in the amqp.log file at the same time. An example of this error is shown below: 11/14/18 15:26:08.214 AMQXR0041E: A connection was not authorized for channel SYSTEM.DEF.AMQP received from 127.0.0.1. MQCC 2, MQRC 2035 MQRC_NOT_AUTHORIZED
Local fix
Problem summary
**************************************************************** USERS AFFECTED: This issue affects users of the MQ AMQP service who use LDAP user authentication. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: When connecting a client to the AMQP service, if LDAP user authentication was being used then a connection authentication check was performed before the requested user was adopted correctly. This resulted in an initial connection authentication check using the default "mqm" user, which failed as this user was not defined in LDAP.
Problem conclusion
To resolve this issue, the MQ AMQP service has been updated so that the connection authentication check is not done until the requested user's details are available, and so the authorization error reported in this APAR no longer occurs. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v9.1 CD 9.1.5 v9.1 LTS 9.1.0.4 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT27488
Reported component name
IBM MQ BASE MP
Reported component ID
5724H7271
Reported release
910
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-12-23
Closed date
2019-12-10
Last modified date
2019-12-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM MQ BASE MP
Fixed component ID
5724H7271
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"910","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
10 December 2019