APAR status
Closed as program error.
Error description
Reproduction of the error via MQ Appliance web UI: 1. Start the IBM MQ Appliance web UI and open the "Status" menu; 2. Select "MQ > Queue Manager Status"; Open the MQ Queue Manager Error log, 3. The last 4 or 5 error messages will show the following error message: AMQ5531E: Error locating user or group in LDAP EXPLANATION: The LDAP authentication and authorization service has failed in the ldap_search call while trying to find user or group 'root'. Returned count is 0. Additional context is '(&(objectClass=user)(cn=root))'. ACTION: Specify the correct name, or fix the directory configuration. There may be additional information in the LDAP server error logs. An additional observable reproduction of the error via MQ Appliance REST API: 1. Request the following URL: https://<MQApplianceAddress>:5554/mgmt/status/default/QueueManag ersStatus 2. Open the MQ Queue Manager Error log, the last error messages will show the aforementioned error message.
Local fix
N/A
Problem summary
**************************************************************** USERS AFFECTED: This affects users of the IBM MQ Appliance who have configured user authentication of messaging connections to use an LDAP server, via an IDPWLDAP AUTHINFO objectttempt to query MQ queue manager status through the WebUI (Status->MQ->Queue Managers Status) or REST API (https://<MQApplianceAddress>:5554/mgmt/status/default/QueueMana gersStatus). Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: A logic omission meant that the operation to retrieve the queue manager status attempted to connect to the queue manager(s) as the root user, instead of the internal mqsystem user ID. This caused the root user's identity to be incorrectly queried against the LDAP server, which failed and generated the AMQ5531E error message. This also meant that the returned status information was incomplete.
Problem conclusion
The internal logic used by these status commands has been corrected to execute as the internal mqsystem user ID. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v9.1 CD 9.1.4 v9.1 LTS 9.1.0.3 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT27964
Reported component name
IBM MQ APPL M20
Reported component ID
5725Z0900
Reported release
910
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-02-01
Closed date
2019-05-10
Last modified date
2019-08-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM MQ APPL M20
Fixed component ID
5725Z0900
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS5K6E","label":"IBM MQ Appliance"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"910","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
22 August 2019