WebSphere MQ v7.1 and MQAUSX

Capitalware has begun testing MQAUSX with WebSphere MQ (WMQ) v7.1 and everything is working very well. There are 2 items that everyone needs to be aware of when using MQAUSX with WMQ v7.1.

1. WMQ v7.1 has a new feature called Channel Authentication Records. (A poor name as no authentication is actually taking place. IBM should have called it Channel Authorization Records)

When a new queue manager is created, the Channel Authentication Records feature is enabled ‘CHLAUTH(ENABLED)’ (it is disabled when you do an upgrade) and there is a ‘Per-Channel’ rule that blocks all access for MQAdmins.

SET CHLAUTH('*') +
   TYPE(BLOCKUSER) +
   DESCR('Default rule to disallow privileged users') +
   USERLIST('*MQADMIN')

This rule needs to be deleted or you can disable the Channel Authentication Records feature.

To delete the CHLAUTH rule issue the following MQSC command via runmqsc:

SET CHLAUTH('*') +
   TYPE(BLOCKUSER) +
   USERLIST('*MQADMIN') +
   ACTION(REMOVE)

To disable Channel Authentication Records, issue the following MQSC command via runmqsc:

ALTER QMGR CHLAUTH(DISABLED)

2. I think IBM changed compilers on Windows. MQAUSX and its LDAP components worked fine with MQ v5.2, v5.3 and WMQ v6.0, v7.0 and v7.0.1. Something in how IBM built MQ v7.1 caused MQ to not like MQAUSX’s mqausxldap.dll module. Note: This is a Windows only issue.

MQAUSX LDAP calling sequence on Windows:
MQ/MCA –> mqausx.dll –> mqausxldap.dll –> ldapsdk.dll –> Remote LDAP server

MQ/MCA can load mqausx.dll without any issue. It was only when mqausx.dll tried to load mqausxldap.dll that the problem occurred (unable to load DLL : 487). After playing around with a bunch of Visual Studio linker options, I was able to get everything to load normally.

If you are running WMQ v7.1 and MQAUSX v1.5.0 on Windows and MQAUSX is using the LDAP authentication feature, then send an email to support@capitalware.com for the latest build of MQAUSX for Windows.

Regards,
Roger Lacroix
Capitalware Inc.

This entry was posted in Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Authenticate User Security Exit, Security, Unix, Windows.

7 Responses to WebSphere MQ v7.1 and MQAUSX