Recipient distinguished names in AMS
The recipient distinguished names (DN) identify users who are authorized to retrieve messages from a queue.
A policy can have zero or more recipient DNs specified. Recipient distinguished names have the following form:
CN=Common Name,O=Organization,C=Country
Important:
- All DNs must be in uppercase. All component name identifiers in the DN must be specified in the
order shown in the following table:
Component name Value CN The common name for the object of this DN, such as a full name or the intended purpose of a device. OU The unit within the organization with which the object of the DN is affiliated, such as a corporate division or a product name. O The organization with which the object of the DN is affiliated, such as a corporation. L The locality (city or municipality) where the object of the DN is located. ST The state or province name where the object of the DN is located. C The country where the object of the distinguished name (DN) is located. - If no recipient DNs are specified for the policy, any user can get messages from the queue associated with the policy.
- If one or more recipient DNs are specified for the policy, only those users can get messages from the queue associated with the policy.
- Recipient DNs, when specified, must match exactly the DN contained in the digital certificate associated with user getting the message.
- Advanced Message Security supports DNs with values only from Latin-1 character set. To create DNs with characters of the set, you must first create a certificate with a DN that is created in UTF-8 coding using UNIX with UTF-8 coding turned on or with the strmqikm GUI. Then you must create a policy from a UNIX platform with UTF-8 coding turned on or use the Advanced Message Security plug-in to IBM® MQ.