setmqcrl (set CRL LDAP server definitions)

Purpose

Use the setmqcrl command to configure and administer support for publishing CRL (certificate revocation list) LDAP definitions in an Active Directory.

A domain administrator must use this command, or setmqscpsetmqcrl, initially to prepare the Active Directory for IBM MQ usage and to grant IBM MQ users and administrators the relevant authorities to access and update the IBM MQ Active Directory objects. You can also use the setmqcrl command to display all the currently configured CRL server definitions available on the Active Directory, that is, those definitions referred to by the queue manager's CRL namelist.

The only types of CRL servers supported are LDAP servers.

Optional parameters

You must specify one of -a (add), -r (remove) or -d (display).

-a

Adds the IBM MQ MQI client connections Active Directory container, if it does not already exist. You must be a user with the appropriate privileges to create subcontainers in the System container of your domain. The IBM MQ folder is called CN=IBM-MQClientConnections. Do not delete this folder in any other way than by using the setmqscp command.

-d

Displays the IBM MQ CRL server definitions.

-r

Removes the IBM MQ CRL server definitions.

-m [ * | qmgr ]

Modifies the specified parameter (-a or -r) so that only the specified queue manager is affected. You must include this option with the -a parameter.

* | qmgr

* specifies that all queue managers are affected. This enables you to migrate a specific IBM MQ CRL server definitions file from one queue manager alone.