How can we have TIBCO Collaborative Information Manager (CIM) do a non-anonymous bind to the LDAP?By default it requires anonymous bind enabled on LDAP.
Article ID: KB0086141
Updated On:
| Products | Versions |
|---|---|
| TIBCO Collaborative Information Manager | - |
| Not Applicable | - |
Description
Resolution:
Environment:
TIBCO Product name and version: TIBCO Collaborative Information Manager 8.0.0
Operating System(s): All Operating Systems
Symptoms:
You may get connection errors at runtime (while creating users) if the LDAP does not support anonymous bind.
Cause:
This is the default behavior. Please see the steps below on how to configure CIM so that it can do a non-anonymous bind to the LDAP.
Resolution:
You will need to customize LDAPHelper class to achieve a non-anonymous bind. Here are the specific steps:
1) Add a couple of new properties in the ConfigValues.xml under the LDAP properties section as follows.
<ConfValue description="LDAP User" name="LDAP User" propname="com.tibco.cim.ldap.user" sinceVersion="7.0" visibility="All">
<ConfString default="serviceuser-id" value="serviceuser-id"/>
</ConfValue>
<ConfValue description="LDAP Password" name="LDAP Password" propname="com.tibco.cim.ldap.password" sinceVersion="7.0" visibility="All">
<ConfString default="service-user-pwd" isPassword="true" value="service-user-pwd"/>
</ConfValue>
... with the service account user details for binding with the directory server non-anonymously.
2) Next you need to modify the LDAPHelper.java under MQ_COMMON_DIR/standard/samples/authentication directory and customize the connect() method as follows (file is attached here):
public boolean connect(Properties p)
throws NamingException
{
String nm = p.getProperty(ldapCTX.SECURITY_CREDENTIALS);
try
{
p.setProperty(ldapCTX.SECURITY_PRINCIPAL, com.tibco.mdm.infrastructure.propertymgr.MqPropertiesUtil.getStringProperty("com.tibco.cim.ldap.user")); //fetch the property values from ConfigValues.xml
p.setProperty(ldapCTX.SECURITY_CREDENTIALS, com.tibco.mdm.infrastructure.propertymgr.MqPropertiesUtil.getStringProperty("com.tibco.cim.ldap.password"));
}
catch (Exception e)
{
e.printStackTrace();
}
dumpProperties(p);
ldapCTX = new InitialDirContext(p);
System.out.println("Connected");
System.out.println("During connect PRINCIPAL is" +p.getProperty(ldapCTX.SECURITY_PRINCIPAL) );
System.out.println("During connect CREDENTIALS is" +p.getProperty(ldapCTX.SECURITY_CREDENTIALS) );
if (nm != null)
{
p.setProperty(ldapCTX.SECURITY_CREDENTIALS, nm);
System.out.println("\n\n Passed if condition.. After connect CREDENTIALS is" +p.getProperty(ldapCTX.SECURITY_CREDENTIALS) );
}
return true;
}
3) Compile the LDAPHelper.java (add $MQ_HOME\lib\mq\AllECMClasses.jar in the classpath).
4) Take a backup of ECM.ear file that's deployed in the Application server.
5) Copy/merge your custom LDAPHelper.class to ECM.ear/ECMClasses.jar/com/tibco/mdm/directory/member. (You are replacing the existing class with this new custom class)
6) Stop the CIM on application server.
7) Delete/uninstall ECM.ear from application server.
8) Now upload/re-deploy the new updated ECM.ear to application server.
9) Start the CIM on application server.
Attachments:
None
References:
None
Environment:
TIBCO Product name and version: TIBCO Collaborative Information Manager 8.0.0
Operating System(s): All Operating Systems
Symptoms:
You may get connection errors at runtime (while creating users) if the LDAP does not support anonymous bind.
Cause:
This is the default behavior. Please see the steps below on how to configure CIM so that it can do a non-anonymous bind to the LDAP.
Resolution:
You will need to customize LDAPHelper class to achieve a non-anonymous bind. Here are the specific steps:
1) Add a couple of new properties in the ConfigValues.xml under the LDAP properties section as follows.
<ConfValue description="LDAP User" name="LDAP User" propname="com.tibco.cim.ldap.user" sinceVersion="7.0" visibility="All">
<ConfString default="serviceuser-id" value="serviceuser-id"/>
</ConfValue>
<ConfValue description="LDAP Password" name="LDAP Password" propname="com.tibco.cim.ldap.password" sinceVersion="7.0" visibility="All">
<ConfString default="service-user-pwd" isPassword="true" value="service-user-pwd"/>
</ConfValue>
... with the service account user details for binding with the directory server non-anonymously.
2) Next you need to modify the LDAPHelper.java under MQ_COMMON_DIR/standard/samples/authentication directory and customize the connect() method as follows (file is attached here):
public boolean connect(Properties p)
throws NamingException
{
String nm = p.getProperty(ldapCTX.SECURITY_CREDENTIALS);
try
{
p.setProperty(ldapCTX.SECURITY_PRINCIPAL, com.tibco.mdm.infrastructure.propertymgr.MqPropertiesUtil.getStringProperty("com.tibco.cim.ldap.user")); //fetch the property values from ConfigValues.xml
p.setProperty(ldapCTX.SECURITY_CREDENTIALS, com.tibco.mdm.infrastructure.propertymgr.MqPropertiesUtil.getStringProperty("com.tibco.cim.ldap.password"));
}
catch (Exception e)
{
e.printStackTrace();
}
dumpProperties(p);
ldapCTX = new InitialDirContext(p);
System.out.println("Connected");
System.out.println("During connect PRINCIPAL is" +p.getProperty(ldapCTX.SECURITY_PRINCIPAL) );
System.out.println("During connect CREDENTIALS is" +p.getProperty(ldapCTX.SECURITY_CREDENTIALS) );
if (nm != null)
{
p.setProperty(ldapCTX.SECURITY_CREDENTIALS, nm);
System.out.println("\n\n Passed if condition.. After connect CREDENTIALS is" +p.getProperty(ldapCTX.SECURITY_CREDENTIALS) );
}
return true;
}
3) Compile the LDAPHelper.java (add $MQ_HOME\lib\mq\AllECMClasses.jar in the classpath).
4) Take a backup of ECM.ear file that's deployed in the Application server.
5) Copy/merge your custom LDAPHelper.class to ECM.ear/ECMClasses.jar/com/tibco/mdm/directory/member. (You are replacing the existing class with this new custom class)
6) Stop the CIM on application server.
7) Delete/uninstall ECM.ear from application server.
8) Now upload/re-deploy the new updated ECM.ear to application server.
9) Start the CIM on application server.
Attachments:
None
References:
None
Issue/Introduction
How can we have TIBCO Collaborative Information Manager (CIM) do a non-anonymous bind to the LDAP?By default it requires anonymous bind enabled on LDAP.
Feedback
Yes
No
Powered by
