![[Continuous Delivery]](ngcd.gif)
![[IBM MQ Advanced]](ngadv.gif)
![[Linux]](nglinux.gif)
User authentication and authorization for IBM MQ Advanced certified container
IBM® MQ can be configured to use LDAP users and groups for authorization. This is the recommended approach for the IBM MQ Advanced certified container.
In a multi-tenant containerized environment such as Red Hat® OpenShift® Container Platform, security constraints are put in place to prevent
potential security issues. For example, in Red Hat OpenShift Container Platform the default
SecurityContextConstraints (called restricted) uses a randomized user ID, discouraging any
users local to the container itself. IBM MQ typically uses privilege escalation to
check the passwords of users, which is also not recommended in multi-tenant container environments.
For these reasons, the use of users defined on the operating system libraries inside a running container is not supported in the IBM MQ certified containers.
You need to configure your queue manager to use LDAP for user authentication and authorization. For information about configuring IBM MQ to do this, see Connection authentication: User repositories and LDAP authorization