Map user credentials in IBM® MQ Managed File Transfer to user credentials on Connect:Direct® nodes by using
the default credential mapping function of the Connect:Direct bridge agent. IBM MQ Managed File Transfer provides an XML file
that you can edit to include your credential information.
About this task
Once a Connect:Direct bridge agent has
been created using the fteCreateCDAgent command,
a ConnectDirectCredentials.xml file needs to
be manually created. Before you can use a Connect:Direct bridge agent,
you must edit this file to include host, user, and credential information.
For more information, see Connect:Direct credentials file format.
By default, this file is loaded from the current user's home directory, /home/fteuser/ConnectDirectCredentials.xml for
example. If you wish to use another location then you must specify
it via the <credentialsFile> element in the ConnectDirectNodeProperties.xml file.
Procedure
- Ensure that the
name attribute in the
element <tns:pnode name="Connect:Direct node host" pattern="wildcard"> contains
the value of the name of the Connect:Direct node that the Connect:Direct bridge agent connects
to. This value must be the same value that you specify for the fteCreateCDAgent -cdNode parameter.
The value of the pattern attribute can be either wildcard or regex.
If this attribute is not specified, the default is wildcard.
- Insert user ID and credential information into the file
as child elements of
<tns:pnode>. You
can insert one or more instances of the following
<tns:user> element
into the file:
<tns:user name="name"
pattern="pattern"
ignorecase="ignorecase"
cdUserId="cdUserId"
cdPassword="cdPassword"
pnodeUserId="pnodeUserId"
pnodePassword="pnodePassword">
</tns:user>
where:
name is a pattern to match
the MQMD user ID associated with the MQMFT transfer request.pattern specifies whether
the pattern specified for the name attribute is a
wildcard expression or a Java regular
expression. The value of the pattern attribute can
be either wildcard or regex. If
this attribute is not specified, the default is wildcard.ignorecase specifies whether
to treat the pattern specified by the name attribute
as case sensitive. If this attribute is not specified, the default
is true.cdUserId is the user ID that
is used by the Connect:Direct bridge
agent to connect to the Connect:Direct node
specified by the name attribute of <tns:pnode> element.
If possible, ensure that cdUserId is
a Connect:Direct administrator
user ID. If cdUserId cannot be
a Connect:Direct administrator,
ensure that the user ID has the following functional authorities at
the Connect:Direct bridge
node:
- For a Windows node set
the following authorities. This example is formatted with carriage
returns to aid readability:
View Processes in the value: yes
TCQ
Issue the copy value: yes
receive, copy send,
run job, and run task
Process statements
Issue the submit value: yes
Process statement
Monitor, submit, value: all
change,and delete all
Processes
Access Process value: all
statistics
Use the trace tool or value: yes
issue traceon and
traceoff commands
Override Process value: yes
options such as file
attributes and remote
node ID
- For a UNIX node set the
following parameters in the userfile.cfg file:
pstmt.copy value: y
pstmt.upload value: y
pstmt.download value: y
pstmt.runjob value: y
pstmt.runtask value: y
cmd.submit value: y
pstmt.submit value: y
cmd.chgproc value: y
cmd.delproc value: y
cmd.flsproc value: y
cmd.selproc value: a
cmd.selstats value: a
cmd.trace value: y
snode.ovrd value: y
cdPassword is the password
associated with the user ID specified by the cdUserId attribute.- You can optionally specify the
pnodeUserId attribute.
The value of this attribute is the user ID that is used by the Connect:Direct node specified
by the name attribute of <tns:pnode> element
to submit the Connect:Direct process.
If you do not specify the pnodeUserId attribute,
the Connect:Direct node uses
the user ID specified by the cdUserId attribute to
submit the Connect:Direct process.
- You can optionally specify the attribute
pnodePassword.
The value of this attribute is the password associated with the user
ID specified by the pnodeUserId attribute.
If no user element matches the MQMD user ID, the transfer fails.
- Optional: You can include one or more
<tns:snode> elements
as child elements of the <tns:user> element. The <tns:snode> element
specifies credentials that are used by the Connect:Direct node that is part
of the Connect:Direct bridge.
These credentials are the user ID and password that the Connect:Direct bridge node uses
to connect to the Connect:Direct node
that is the source or destination of the file transfer. Insert
one or many of the following elements into the file:
<tns:snode name="name"
pattern="pattern"
userId="userId"
password="password"/>
where:
name is a pattern to match
the name of the Connect:Direct node
that is the source or destination of the file transfer.pattern specifies whether
the pattern specified for the name attribute is a
wildcard expression or a Java regular
expression. The value of the pattern attribute can be either wildcard or regex.
If this attribute is not specified, the default is wildcard.userId is the user ID that
is used by the Connect:Direct node
specified by the name attribute of the <tns:pnode> element
to connect to a Connect:Direct node
that matches the pattern specified by the name attribute
of <tns:snode>.password is the password associated
with the user ID specified by the userId attribute.
If no
<tns:snode> element matches the secondary
node of the file transfer, this does not cause the transfer to fail.
The transfer is started and no user ID and password are specified
for use with the snode.
Results
When searching for a pattern match for user names or Connect:Direct node names the Connect:Direct bridge agent searches
from the start of the file to the end of the file. The first match
that is found is the one that is used.