Sun Java System Message Queue 3.7 UR1 Administration Guide

ProcedureTo Edit the Configuration File to Use an LDAP Server

  1. Specify that you are using an LDAP user repository by setting the following property:

  2. Set the imq.authentication.type property to determine whether a password should be passed from client to broker in base-64 (basic ) or MD5 (digest) encoding. When using an LDAP directory server for a user repository, you must set the authentication type to basic . For example,

  3. You must also set the broker properties that control LDAP access. These properties are stored in a broker’s instance configuration file. The properties are discussed under Security Services and summarized under Security Properties.

    Message Queue uses JNDI APIs to communicate with the LDAP directory server. Consult JNDI documentation for more information on syntax and on terms referenced in these properties. Message Queue uses a Sun JNDI LDAP provider and uses simple authentication.

    Message Queue supports LDAP authentication failover: you can specify a list of LDAP directory servers for which authentication will be attempted (see the reference information for the imq.user.repos.ldap.server property).

    See the broker’s file for a sample of how to set properties related to LDAP user-repository.

  4. If necessary, you need to edit the users/groups and rules in the access control properties file. For more information about the use of access control property files, see User Authorization: The Access Control Properties File.

  5. If you want the broker to communicate with the LDAP directory server over SSL during connection authentication and group searches, you need to activate SSL in the LDAP server and then set the following properties in the broker configuration file:

    • Specify the port used by the LDAP server for SSL communications. For example:

    • Set the broker property imq.user_repository.ldap.ssl.enabled to true.

      When employing multiple LDAP directory servers, use ldap:// to specify each additional directory server. For example:

      imq.user_repository.ldap.server= myHost:7878 ldap:// otherHost:7878

      Separate each additional directory server with a space. All directory servers in the list must use the same values for other LDAP-related properties.