Use the mqsisetdbparms command to associate a specific user ID and password (or SSH identity file) with one or more resources that are accessed by the integration node or integration server.
The user ID and password pair is created in the DSN folder under the integration server registry folder.
You can run the mqsisetdbparms command while the integration node or integration server is running. However, you must stop and start each integration server that uses a particular ResourceName, before that information is read and used by that integration server.
If you are using the mqsisetdbparms command on Linux, add an escape character if you use one or more of the reserved characters. For example, you must specify these values:
mqsisetdbparms -w /var/server/ACEServ1 -n ftp::DUMMYFTP -u dummy\\user -p abcdef
Do not use the following format:
mqsisetdbparms -w /var/server/ACEServ1 -n ftp::DUMMYFTP -u dummy\user -p abcdef
If you use the latter format, the backslash character (\) in the user ID or password is ignored. The example causes the FTP connection through the FileInput node to fail with incorrect user credentials.
For a full list of reserved characters, and the rules that are associated with those characters when you use quotation marks and escape characters, see the documentation that is supplied with the shell.
To check any credentials that you set by using mqsisetdbparms, use the mqsireportdbparms command; see mqsireportdbparms command.
>>-mqsisetdbparms--+-integrationNodeName-+----------------------> '- -w --workDir-------' >-- -n --ResourceName-- -u --UserId-----------------------------> >--+- -p --Password--+----------------------+--+--------------------+--+--------------+-+--> | '- -c --ClientIdentity-' '- -s --ClientSecret-' '- -k --APIKey-' | '- -i --SSHIdentityFile--+------------------+----------------------------------------' '- -r --Passphrase-' >--+-----+----------------------------------------------------->< '- -f-'
>>-mqsisetdbparms--+-integrationNodeName-+----------------------> '- -w --workDir-------' >-- -n --ResourceName--+--------------+-------------------------> '- -u --UserId-' >--+- -p --Password--+----------------------+--+--------------------+--+--------------+-+--> | '- -c --ClientIdentity-' '- -s --ClientSecret-' '- -k --APIKey-' | '- -i --SSHIdentityFile--+------------------+----------------------------------------' '- -r --Passphrase-' >--+-----+----------------------------------------------------->< '- -f-'
The specified directory must already exist and it must be the work directory of an integration server. The work directory is created by the mqsicreateworkdir command. For more information, see Configuring an integration server by using the server.conf.yaml file.
If you use the same datasource_name to refer to the same database instance from multiple nodes, the same user ID and password pairing is used. To define default values for user ID and password for the integration server to use for all data source names for which you have not set specific values, specify dsn::DSN as the ResourceName. .
Specify jdbc::JDBC to define default values for user ID and password for the integration server to use for all JDBC connections for which you have not set specific values.
Specify ldap::<servername> to define credentials for an individual server. If you want the integration server to bind anonymously to this server, specify anonymous as the user ID.
Specify ldap::LDAP to define a default setting. The integration server uses the specified user ID and password values for all servers that do not have an explicit ldap::<servername> entry. Therefore, all servers that previously used anonymous bind by default start to use the details defined in an ldap::LDAP entry.
For compatibility with existing systems, you can still specify <password>. However, if you do not specify a password with this parameter when you run the command, you are prompted to enter a password during its invocation, and to enter the password a second time to verify that you have entered it correctly.
This parameter is required with the ftp:: resource type, but is optional with the sftp:: resource type. However, if you do not specify a password with an sftp:: resource, you must specify the SSHIdentityFile parameter.
If you specify a password by using the -p Password parameter and the password includes characters that have special meaning to the command shell, you must use quotation marks around the password or escape the characters. Use single quotation marks on Linux and UNIX systems. Use double quotation marks on Windows systems. For a full list of reserved characters, and the rules that are associated with those characters when you use quotation marks and escape characters, see the documentation that is supplied with the shell.
However, you can avoid the need to use quotation marks or to escape special characters if you omit to specify a password by using the -p Password parameter when you run the command. You are prompted to enter a password during the invocation of the command, and to enter the password a second time to verify that you have entered it correctly. The password that you specify after being prompted can include characters that have special meaning to the command shell with no need for you to use quotation marks or to escape these characters.
On z/OS systems, known hosts files and SSH identity files are stored in EBCDIC format, and on other operating systems they are stored in ASCII format.
The following examples show the setting of security credentials at the integration server level. You can set security credentials for the integration node by specifying an integration node name instead of specifying a work directory.
Use the mqsisetdbparms command in the following format to associate a user ID and password pair with CICS.mqsisetdbparms -w workDir -n ResourceName -u userID -p password
For example:
mqsisetdbparms -w c:\workdir\ACEServ1 -n cics::mySecurityIdentity -u myUserID -p myPassword
mqsisetdbparms -w workDir -n mq::securityIdentityName -u username -p password
mqsisetdbparms -w workDir -n mq::QMGR::QMName -u username -p password
mqsisetdbparms -w workDir -n mq::MQ -u username -p password
mqsisetdbparms -w c:\workdir\ACEServ1 -n mqtt::pubsubDefault -u myUserID -p myPassword
The following example shows the use of the command to associate a userid and password for a specific ODBC data source name (no Universal Record Identifier (URI) prefix is required):
mqsisetdbparms -w c:\workdir\ACEServ1 -n USERDB1 -u myuserid1 -p mypassword1
The following examples show the use of the optional prefix odbc::. Use this option to set the user ID and password for an ODBC data source at the integration server level:
mqsisetdbparms -w c:\workdir\ACEServ1 -n odbc::USERDB2 -u myuserid2 -p mypassword2
The following example shows how to set up a default user ID and password for the integration server to use for all ODBC data source names where no explicit Resource Names were set:
mqsisetdbparms -w c:\workdir\ACEServ1 -n dsn::DSN -u myuserid4 -p mypassword4
The following examples delete all the values that are defined for specific resource names from the integration server registry:
mqsisetdbparms -w c:\workdir\ACEServ1 -n USERDB1 -d
mqsisetdbparms -w c:\workdir\ACEServ1 -n odbc::USERDB2 -d
mqsisetdbparms -w workDir -n ResourceName -u userID -p password
For example:
mqsisetdbparms -w c:\workdir\ACEServ1 -n smtp::mySecurityIdentityObjectName
-u myUserID -p myPassword
mqsisetdbparms -w workDir -n ResourceName -u userID -p password
For example:
mqsisetdbparms -w c:\workdir\ACEServ1 -n cd::default -u mqbroker -p xxxxxxx
mqsisetdbparms -w workDir -n resource_name -u userID -p password
For
example:mqsisetdbparms -w c:\workdir\ACEServ1 -n jdbc::mySecurityIdentity -u myuserid -p secretpw
mqsisetdbparms -w c:\workdir\ACEServ1 -n jdbc::JDBC -u UserId2 -p password2
The following examples show the use of the command when the URI for a JMS or JNDI resource name is substituted for the -n ResourceName parameter.
For a JMS resource, the URL prefix is "jms::"; for JNDI, the prefix is "jndi::".
On Linux and UNIX systems, if the parameter string includes a backslash (\) character, you must escape from this character by using a second backslash character (\\) when you enter the mqsisetdbparms command.
mqsisetdbparms -w c:\workdir\ACEServ1 -n jms::tcf1 -u myuserid -p secret
mqsisetdbparms -w c:\workdir\ACEServ1 -n jndi::com.sun.jndi.fscontext.RefFSContextFactory
-u myuserid -p secret
The preceding examples describe how to configure security for JMS and JNDI resources for all JMS nodes that use those resources in an integration server.
Message Flow Name_Node label
MyJMSFlow1_MyJMSInput1
resource typeaccount name@resource name
jms::MyJMSFlow1_MyJMSInput1@tcf1
mqsisetdbparms -w c:\workdir\ACEServ1 -n jms::MyJMSFlow1_MyJMSInput1@tcf1
-u myuserid -p secret
mqsisetdbparms -w c:\workdir\ACEServ1 -n ldap::ldap.mydomain.com -u ldapuid -p ********
To
set up authorization for other servers, use the command to set up
default credentials:mqsisetdbparms -w c:\workdir\ACEServ1 -n ldap::LDAP -u ldapother -p ********
If
you want the integration server to bind anonymously to an LDAP server,
specify the LDAP server name and the user ID anonymous:mqsisetdbparms -w c:\workdir\ACEServ1 -n ldap::ldap.mydomain2.com -u anonymous -p ********
For
the user ID anonymous, the password is always ignored.mqsisetdbparms -w c:\workdir\ACEServ1 -n mqtt::mySecurityIdentity -u myUserID -p myPassword
The MQTTSubscribe or MQTTPublish node that is connecting
to a secure MQTT server must have its Security identity property
set to the same value that is configured by using this command, so mySecurityIdentity in
this example.mqsisetdbparms -w c:\workdir\ACEServ1 -n mqtt::pubsubDefault -u myUserID -p myPassword
mqsisetdbparms -w c:\workdir\ACEServ1 -n httpproxy::myProxyHostname -u myUserID -p myPassword
mqsisetdbparms -w c:\workdir\ACEServ1 -n httpproxy::HTTPPROXY -u myProxyUsername -p myProxyPassword
mqsisetdbparms workDir -n kafka::KAFKA::integrationServerName -u userID -p password
mqsisetdbparms -w c:\workdir\ACEServ1 -n kafka::KAFKA::myIntegrationServer1 -u myKafkaUserID -p myKafkaPassword
All
Kafka nodes that are deployed to the same integration server must
use the same set of credentials to authenticate to the Kafka cluster.
The user ID and password specified by this command are used when a
connection is attempted by any Kafka node that has been deployed to
the specified integration server.mqsisetdbparms -w workDir -n adapter name -u user name -p password
For
example:mqsisetdbparms -w c:\workdir\ACEServ1 -n eis::SAPCustomerInbound.inadapter -u sapuid -p ********
mqsisetdbparms -w workDir -n resource_name -u userID -p password
For example:
mqsisetdbparms -w c:\workdir\ACEServ1 -n ims::mySecurityIdentity -u myuserid -p mypassword
mqsisetdbparms -w workDir -n salesforce::mySecurityIdentity -u userID -p password -c clientIdentity -s clientSecret
mqsisetdbparms -w c:\workdir\ACEServ1 -c
3MVG98_Pfg5cqqyb0NUwU1XtHr9NhWu_Kmb8RTIH53a7pdTzeychmvvtjTdiRbuoWtyr_QL.lepaXNk7W3PDA -s
2050239087638761094 -n 'salesforce::SF' -p 'passwd1IWvMp3JqqklwG2erpaLs2oKz' -u 'salesforce_userid'
mqsisetdbparms -w workDir -n loopback::mySecurityIdentity -u userID -p password
mqsisetdbparms -w c:\workdir\ACEServ1 -n loopback::lbreqid1 -u myLoopBackUserID -p myLoopBackPassword
mqsisetdbparms -w c:\workdir\ACEServ1 -n rest::mySecurityIdentity -u myRESTUserID -p myRESTPassword -k myRESTAPIkey
mqsisetdbparms -w c:\workdir\ACEServ1 -n rest::mySecurityIdentity -u myRESTUserID -p myRESTPassword
mqsisetdbparms -w c:\workdir\ACEServ1 -n rest::mySecurityIdentity -k myRESTAPIkey
mqsisetdbparms -w c:\workdir\ACEServ1 -n ftp::identityA -u user1 -p MyPassword
mqsisetdbparms -w c:\workdir\ACEServ1 -n sftp::identityB -u user2 -p MyPassword
mqsisetdbparms -w c:\workdir\ACEServ1 -n sftp::identityC -u user3 -i C:\key_rsa_no_pp
mqsisetdbparms -w c:\workdir\ACEServ1 -n sftp::identityD -u user4 -i C:\key_rsa_pp -r MyPassPhrase
Use the mqsisetdbparms command to provide the integration server with the Kerberos client credentials for accessing the Kerberos Key Distribution Center (KDC). These credentials (which are required for SOAPRequest nodes) can also be provided in the properties tree in a message flow.
mqsisetdbparms -w c:\workdir\ACEServ1 -n kerberos::realm1 -u clientId -p ClientPassword
mqsisetdbparms -w c:\workdir\ACEServ1 -n kerberos::kerberos -u clientId -p ClientPassword
Use the mqsisetdbparms command to specify the user name and password to use when you connect to a secure WebSphere eXtreme Scale grid.
mqsisetdbparms -w workDir -n wxs::id1 -u userId -p password