setmqcrl (set CRL LDAP server definitions)
Administer certificate revocation list (CRL) LDAP definitions in an Active Directory ( Windows only).
Purpose
Use the setmqcrl command to configure and administer support for publishing CRL (certificate revocation list) LDAP definitions in an Active Directory.
A domain administrator must use this command, or setmqscpsetmqcrl, initially to prepare the Active Directory for IBM MQ usage and to grant IBM MQ users and administrators the relevant authorities to access and update the IBM MQ Active Directory objects. You can also use the setmqcrl command to display all the currently configured CRL server definitions available on the Active Directory, that is, those definitions referred to by the queue manager's CRL namelist.
The only types of CRL servers supported are LDAP servers.
Syntax
Optional parameters
You must specify one of -a
(add), -r
(remove) or
-d
(display).
- -a
- Adds the IBM MQ MQI client connections Active
Directory container, if it does not already exist. You must be a user with the appropriate
privileges to create subcontainers in the System container of your domain. The IBM MQ folder is called
CN=IBM-MQClientConnections
. Do not delete this folder in any other way than by using the setmqscp command. - -d
- Displays the IBM MQ CRL server definitions.
- -r
- Removes the IBM MQ CRL server definitions.
- -m [ * | qmgr ]
- Modifies the specified parameter (-a or -r) so that
only the specified queue manager is affected. You must include this option with the
-a parameter.
- * | qmgr
- * specifies that all queue managers are affected. This enables you to migrate a specific IBM MQ CRL server definitions file from one queue manager alone.
Examples
setmqscp -a
.)
setmqcrl -a
setmqcrl -a -m Paint.queue.manager