Recently I got some time to spent setting up a security authentication setup for IIB using LDAP. I need to setup an LDAP server for my testing locally. Here I found some useful tools and setups freely available to do for you (For those who do not have any Tivoli Directory Server setup) Few Notes: WMB or IIB support LDAP V3 protocol. So before setting up any LDAP server, make sure it is complying with LDAP V3.
I have used the ApacheDS as my LDAP server. You can download it from here.
Then you can install the Apache Directory studio plugin to your eclipse from here . Now follow the steps from here. Open the Eclipse (Your IIB Toolkit) which you have installed the Directory studio. You will be able to get a LDAP perspective now. Open the LDAP perspective. On the ‘LDAP Servers’, right click and select new– > new server Follow the configuration steps as mentioned here. Add a partition. Follow the steps mentioned here , but there are some mistakes in these steps. Refer the below screenshot for correct configuration.
Uncheck the ‘Context Entry’ checkbox and add the below entries only: Objectclass=top, objectclass=organisation,o=sevenSeas, description=The context entry for suffix o=sevenSeas . Note: there is no ‘SevenSeans’ here. Now start your LDAP server. And create a new connection as mentioned here Download the sample ‘ldif’ file from hereImport this ldif file (refer this ). Now you can see the ldif is successfully imported into the new partition. Select the group ‘HMS Bounty’ and see the users.
Now we are going to use this group and use any of these users to authenticate our messageflow. I am using the user ‘Fletcher Christian’, uid = ‘fchristi’ for our authentication testing. You have completed the LDAP setup here. Now start your integration node (Broker) and issue the following command to setup the LDAP configurable services. Create a security profile for LDAP:
1
| mqsicreateconfigurableservice WBIBROKER9 -c SecurityProfiles -o LDAP4 -n authentication,authenticationConfig,authorization,authorizationConfig,propagation,rejectBlankpassword -v "LDAP,\"ldap://localhost:10389/ou=people,o=sevenSeas\",LDAP,\"ldap://localhost:10389/cn=HMS Bounty,ou=crews,ou=groups,o=sevenSeas\",TRUE,TRUE |
Set anonymous access to LDAP server since we have not setup any access userids. (Anonymously connect to LDAP)
1
| mqsisetdbparms WBIBROKER9 -n ldap::localhost -u anonymous -p anonymos |
You have completed the LDAP authentication setup here. Restart your Integration node.
You can follow the DeveloperWorks article to test the LDAP setup http://www.ibm.com/developerworks/websphere/library/techarticles/1002_fan/1002_fan.html
After you deploy the flows in your integration server (execution group), test the configuration using the nettool. Use the userid ‘fchristi’ and the password (default password is ‘pass’. You can change the password using the LDAP browser).
You will successfully get the response from the flow. Now you can go to the LDAP server, create an organisation, a group, users etc and create a proper LDAP set up for testing.
No comments:
Post a Comment