Resolution:
Environment:

TIBCO Product name and version: TIBCO Collaborative Information Manager 8.0.0
Operating System(s): All Operating Systems

Symptoms:

You may get connection errors at runtime (while creating users) if the LDAP does not support anonymous bind.

Cause:

This is the default behavior.  Please see the steps below on how to configure CIM so that it can do a non-anonymous bind to the LDAP.

Resolution:

You will need to customize LDAPHelper class to achieve a non-anonymous bind.  Here are the specific steps:

1) Add a couple of new properties in the ConfigValues.xml under the LDAP properties section as follows.

&ltConfValue description="LDAP User" name="LDAP User" propname="com.tibco.cim.ldap.user" sinceVersion="7.0" visibility="All">
            &ltConfString default="serviceuser-id" value="serviceuser-id"/>
</ConfValue>

&ltConfValue description="LDAP Password" name="LDAP Password" propname="com.tibco.cim.ldap.password" sinceVersion="7.0" visibility="All">
            &ltConfString default="service-user-pwd" isPassword="true" value="service-user-pwd"/>
</ConfValue>

... with the service account user details for binding with the directory server non-anonymously.

2) Next you need to modify the LDAPHelper.java under MQ_COMMON_DIR/standard/samples/authentication directory and customize the connect() method as follows (file is attached here):

    public boolean connect(Properties p)
        throws NamingException
    {    
        String nm = p.getProperty(ldapCTX.SECURITY_CREDENTIALS);
        try
        {
            p.setProperty(ldapCTX.SECURITY_PRINCIPAL, com.tibco.mdm.infrastructure.propertymgr.MqPropertiesUtil.getStringProperty("com.tibco.cim.ldap.user")); //fetch the property values from ConfigValues.xml
            p.setProperty(ldapCTX.SECURITY_CREDENTIALS, com.tibco.mdm.infrastructure.propertymgr.MqPropertiesUtil.getStringProperty("com.tibco.cim.ldap.password"));
        }
        catch (Exception e)
        {
            e.printStackTrace();
        }
        dumpProperties(p);
        ldapCTX = new InitialDirContext(p);
        System.out.println("Connected");
        System.out.println("During connect PRINCIPAL is" +p.getProperty(ldapCTX.SECURITY_PRINCIPAL) );
        System.out.println("During connect CREDENTIALS is" +p.getProperty(ldapCTX.SECURITY_CREDENTIALS) );
        if (nm != null)
        {    
            p.setProperty(ldapCTX.SECURITY_CREDENTIALS, nm);
            System.out.println("\n\n Passed if condition.. After connect CREDENTIALS is" +p.getProperty(ldapCTX.SECURITY_CREDENTIALS) );
        }
        return true;
    }

3) Compile the LDAPHelper.java (add $MQ_HOME\lib\mq\AllECMClasses.jar in the classpath).

4) Take a backup of ECM.ear file that's deployed in the Application server.

5) Copy/merge your custom LDAPHelper.class to ECM.ear/ECMClasses.jar/com/tibco/mdm/directory/member. (You are replacing the existing class with this new custom class)

6) Stop the CIM on application server.

7) Delete/uninstall ECM.ear from application server.

8) Now upload/re-deploy the new updated ECM.ear to application server.

9) Start the CIM on application server.

Attachments:

None

References:

None