Let's say the IBM MQ error log has the following. In this example, LDAP user john.doe is unable to connect to queue manager MANAGER01.
12/14/2020 04:34:35 AM - Process(35455.636659) User(mqm) Program(amqzlaa0)
Host(mq.example.com) Installation(Installation1)
VRMF(9.1.0.5) QMgr(MANAGER01)
Time(2020-12-14T10:34:35.070Z)
ArithInsert1(81)
CommentInsert1(ldap_simple_bind)
CommentInsert2(Can't contact LDAP server)
CommentInsert3(cn=john.doe,ou=MQ,ou=Appmgmt,ou=svcs,o=acme)
AMQ5530E: Error from LDAP authentication and authorization service
EXPLANATION:
The LDAP authentication and authorization service has failed. The
'ldap_simple_bind' call returned error 81 : 'Can't contact LDAP server'. The
context string is 'cn=john.doe,ou=MQ,ou=Appmgmt,ou=svcs,o=acme'. Additional
code is 0.
ACTION:
Correct the LDAP configuration. Look at the LDAP server logs for additional
error information.
On the MQ server, use the dspmq command to ensure the queue manager is running. If the queue manager is not running, use the strmqm command to start the queue manager.
QMNAME(MANAGER01) STATUS(Running)
Use the display lsstatus command to ensure the queue manager listener is running and is using the port identifies in the error message.
LISTENER(LISTENER01) STATUS(RUNNING)
PID(92928) STARTDA(2020-06-09)
STARTTI(04.00.53) DESCR( )
TRPTYPE(TCP) CONTROL(QMGR)
IPADDR(*) PORT(5201)
BACKLOG(100)
The display qmgr command can be used to determine if the queue manager is configured to use LDAP. In this example, the queue manager named MANAGER01 is using MANAGER01.LDAP.AUTHINFO.
CONNAUTH(MANAGER01.LDAP.AUTHINFO)
The display authinfo command can be used to determine if MANAGER01.LDAP.AUTHINFO authentication type is IDPWLDAP (it should be).
AUTHINFO(MANAGER01.LDAP.AUTHINFO) AUTHTYPE(IDPWLDAP)
The display qmstatus ldapconn command can be used to determine if the queue manager is running and connected to LDAP.
QMNAME(MANAGER01) STATUS(RUNNING)
LDAPCONN(CONNECTED)
Did you find this article helpful?
If so, consider buying me a coffee over at 