Hi All
In our unix environment, across our organization, we are trying to centralize the passwd, group etc in ldap and want to keep unique uid, username, gid, groupname. Different deparments have their own queue manager. MQ client from one department should not be able to access the MQ server/Qmgr in a different department. But when we keep the group, passwd central, users belonging to mqm group(primary or secondary) will have full authority on all the queue managers of all departments because in Unix, the authority is at group level. So when a user tries to connect to a queuemanager, MQ looks in passwd file and then in ldap to find the user and then will find his group from files/ldap and since the user belongs mqm group he will have full authorities. This is a security risk. We dont want to move users, groups to local files. Is there a way either in MQ, or in LDAP to overcome this security problem.
Thanks in advance for all your help
SJ
In our unix environment, across our organization, we are trying to centralize the passwd, group etc in ldap and want to keep unique uid, username, gid, groupname. Different deparments have their own queue manager. MQ client from one department should not be able to access the MQ server/Qmgr in a different department. But when we keep the group, passwd central, users belonging to mqm group(primary or secondary) will have full authority on all the queue managers of all departments because in Unix, the authority is at group level. So when a user tries to connect to a queuemanager, MQ looks in passwd file and then in ldap to find the user and then will find his group from files/ldap and since the user belongs mqm group he will have full authorities. This is a security risk. We dont want to move users, groups to local files. Is there a way either in MQ, or in LDAP to overcome this security problem.
Thanks in advance for all your help
SJ