12 Character Group ID Limitation for WebSphere MQ on Linux and Other UNIX Platforms
ValerieLampkin 27000182R2 Comments (4) Visits (10541)
Sometimes problem records that I work on for WebSphere MQ Level 2 have a common theme. I've seen a few instances lately where people have created Group IDs with more than 12 characters on Linux Platforms. I thought I would share what I've learned in this area, and hopefully it will help you.
Group IDs greater than 12 characters cause an error when the WebSphere MQ Object Authority Manager (OAM) checks the security for access to MQ objects. You might experience unpredictable results when trying to access, or administer, MQ objects and receive a reason code 2035 (MQR
In the example below, an error is received when issuing the setmqaut command with group name longer than 12 characters:
You might see error “AMQ7026: A principal or group name was invalid”.
Although the group mqapplicationgroup exists, WebSphere MQ does not validate it because it is more than 12 characters. In some older versions of WMQ (prior to fixpacks 220.127.116.11 or 18.104.22.168) you might not get the AMQ7026 error but you might find that the authority you attempted to give a group is not authenticated and subsequently not granted access by the OAM.
This limitation was documented in APAR IY87816 when AIX operating systems started to allow longer user groups.
UNIX platforms generally restrict the length of a user ID to 12 characters. AIX Version 5.3 raised this limit but WebSphere MQ continues to observe a 12 character restriction on all UNIX platforms. For the purposes of WebSphere MQ authority, Linux is treated as any other UNIX server and the same 12 character group ID restriction applies.
The 12 character limitation applies to both group and user IDs. UNIX platforms generally restrict the length of a user ID to 12 characters. AIX and Linux do not impose this limitation, but WebSphere MQ continues to observe a 12 character restriction on these platforms. For more information, refer to Adding existing user IDs to the group in the WebSphere MQ Information Center AIX Quick Beginnings manual.
I submitted a request to have this information updated in the online WebSphere MQ InfoCenter, and those updates are there now. I hope this information makes the issue a little more clear. As I mentioned, I've seen this type of problem a few times lately and wanted to spread the word to help prevent others from encountering authority issues due to invalid group IDs.