Configuring administration security to use file-based, queue-based, or LDAP authorization

You can use the mqsichangeauthmode command to specify the mode of administration security to be used for setting administration permissions, and to enable or disable administration security for the integration node.

Before you begin

Read the following topics:

About this task

You can set permissions by using either file-based permissions or LDAP-based permissions, which you set by using the mqsichangefileauth command, or by using WebSphere® MQ authorization queues on the queue manager that is specified on the integration node. You use the mqsichangeauthmode command to specify which security mode will be used (queue-based, file-based, or LDAP), and to enable or disable administration security for the integration node. You can use the mqsireportauthmode command to see which security mode is currently in effect.

When you create an integration node, the default mode of administration security depends on whether a queue manager is specified on the integration node. If a queue manager has been specified, administration security for the integration node is based on WebSphere MQ queues by default (MQ mode), and the required queues used for setting authorisation are created automatically when the integration node is created. If you create an integration node without specifying an associated queue manager, file-based administration security is used by default (file mode).

Use the mqsichangeauthmode command to select either the queue-based, file-based, or LDAP mode of administration authority for a specified integration node.

Procedure

  1. Ensure that the integration node is stopped.
  2. Use the mqsichangeauthmode command to enable administration security and to specify the required authorization mode and to :
    1. Specify -s active to enable administration security.
    2. Specify the required mode:

      • Specify -m file to use file-based permissions, which are set by using the mqsichangefileauth command. If you create an integration node without specifying an associated queue manager, file-based administration security is used by default for the integration node.

      • Specify -m mq to use WebSphere MQ queues for setting permissions. You can use queue-based security only if you have installed WebSphere MQ and specified a queue manager on the integration node. If a queue manager is specified on the integration node, administration security is queue-based by default, and the required queues used for setting authorization are created automatically when the integration node is created.

      • Specify -m ldap to use LDAP-based permissions, which are set by using the mqsichangefileauth command.

    For example:
    mqsichangeauthmode IB10NODE -s active -m file
  3. Restart the integration node for the changes to take effect.