Use the mqsisetdbparms command to associate a specific user ID and password (or SSH identity file) with one or more resources that are accessed by the broker.
The user ID and password pair is created in the DSN folder under the broker registry folder.
You can run the mqsisetdbparms command while the broker is running. However, you must stop and start each integration server that uses a particular ResourceName, before that information is read and used by that integration server.
This behavior is different from the default behavior in WebSphere Message Broker Version 6.1 where the broker must be stopped to issue this command.
If you are using the mqsisetdbparms command on Linux or a UNIX console, add an escape character if you use one or more of the reserved characters. For example, you must specify these values:
mqsisetdbparms DUMMYBROKER -n ftp::DUMMYFTP -u dummy\\user -p abcdef
Do not use the following format:
mqsisetdbparms DUMMYBROKER -n ftp::DUMMYFTP -u dummy\user -p abcdef
If you use the latter format, the backslash character (\) in the user ID or password is ignored. The example causes the FTP connection through the FileInput node to fail with incorrect user credentials.
For a full list of reserved characters, and the rules that are associated with those characters when you use quotation marks and escape characters, see the documentation that is supplied with the shell.
To check any credentials that you set by using the mqsisetdbparms command, use the mqsireportdbparms command; see mqsireportdbparms command.
If you use the same datasource_name to refer to the same database instance from multiple nodes, the same user ID and password pairing is used. To define default values for user ID and password for the integration node to use for all data source names for which you have not set specific values, specify dsn::DSN as the ResourceName. If you migrated the integration node from a previous version, the values that you define on this command replace the values that you set on the mqsicreatebroker or mqsichangebroker commands before migration; the relevant parameters on those commands are deprecated in WebSphere Message Broker Version 8.0.
Specify jdbc::JDBC to define default values for user ID and password for the broker to use for all JDBC connections for which you have not set specific values.
Specify ldap::<servername> to define credentials for an individual server. If you want the broker to bind anonymously to this server, specify anonymous as the user ID.
Specify ldap::LDAP to define a default setting. The broker uses the specified user ID and password values for all servers that do not have an explicit ldap::<servername> entry. Therefore, all servers that previously used anonymous bind by default start to use the details defined in an ldap::LDAP entry.
For compatibility with existing systems, you can still specify <password>. However, if you do not specify a password with this parameter when you run the command, you are prompted to enter a password during its invocation, and to enter the password a second time to verify that you have entered it correctly.
On z/OS only, this parameter is optional with the dsn::DSN resource type. If you omit this parameter, the broker uses the started task user ID to connect to DB2®. The broker uses the user ID that you specified with the -u parameter when it constructs fully qualified SQL statements; for example, for stored procedures. If you create fully qualified SQL statements, the broker uses these statements as created.
This parameter is required with the ftp:: resource type, but is optional with the sftp:: resource type. However, if you do not specify a password with an sftp:: resource, you must specify the SSHIdentityFile parameter.
On z/OS systems, known hosts files and SSH identity files are stored in EBCDIC format, and on other operating systems they are stored in ASCII format.
Ensure that the registry is appropriately secured to prevent unauthorized access.
mqsisetdbparms broker name -n ResourceName -u userID -p password
For example:
mqsisetdbparms IB9NODE -n cics::mySecurityIdentity -u myUserID -p myPassword
The following example shows the use of the command to associate a userid and password for a specific ODBC data source name (no Universal Record Identifier (URI) prefix is required):
mqsisetdbparms IB9NODE -n USERDB1 -u myuserid1 -p mypassword1
The following examples show the use of the optional prefix odbc::. Use this option to set the user ID and password for an ODBC data source at either the broker level, or at the integration server level:
mqsisetdbparms IB9NODE -n odbc::USERDB2 -u myuserid2 -p mypassword2
mqsisetdbparms IB9NODE -n odbc::USERDB2::myIntegrationServer -u myuserid3 -p mypassword3
The following example shows how to set up a default user ID and password for the broker to use for all ODBC data source names where no explicit Resource Names were set:
mqsisetdbparms IB9NODE -n dsn::DSN -u myuserid4 -p mypassword4
The following examples delete all the values that are defined for specific resource names from the broker registry:
mqsisetdbparms IB9NODE -n USERDB1 -d
mqsisetdbparms IB9NODE -n odbc::USERDB2 -d
mqsisetdbparms IB9NODE -n odbc::USERDB2::myIntegrationServer -d
mqsisetdbparms broker name -n ResourceName -u userID -p password
For example:
mqsisetdbparms IB9NODE -n smtp::mySecurityIdentityObjectName
-u myUserID -p myPassword
mqsisetdbparms broker name -n ResourceName -u userID -p password
For example:
mqsisetdbparms IB9NODE -n cd::default -u mqbroker -p xxxxxxx
mqsisetdbparms broker name -n resource_name -u userID -p password
For
example:mqsisetdbparms IB9NODE -n jdbc::mySecurityIdentity -u myuserid -p secretpw
mqsisetdbparms IB9NODE -n jdbc::JDBC -u UserId2 -p password2
The following examples show the use of the command when the URI for a JMS or JNDI resource name is substituted for the -n ResourceName parameter.
For a JMS resource, the URL prefix is "jms::"; for JNDI, the prefix is "jndi::".
On Linux and UNIX systems, if the parameter string includes a backslash (\) character, you must escape from this character by using a second backslash character (\\) when you enter the mqsisetdbparms command.
mqsisetdbparms IB9NODE -n jms::tcf1 -u myuserid -p secret
mqsisetdbparms IB9NODE -n jndi::com.sun.jndi.fscontext.RefFSContextFactory
-u myuserid -p secret
The preceding examples describe how to configure security for JMS and JNDI resources for all JMS nodes that use those resources in a broker.
Message Flow Name_Node label
MyJMSFlow1_MyJMSInput1
resource typeaccount name@resource name
jms::MyJMSFlow1_MyJMSInput1@tcf1
mqsisetdbparms IB9NODE -n jms::MyJMSFlow1_MyJMSInput1@tcf1
-u myuserid -p secret
mqsisetdbparms IB9NODE -n ldap::ldap.mydomain.com -u ldapuid -p ********
To
set up authorization for other servers, use the command to set up
default credentials:mqsisetdbparms IB9NODE -n ldap::LDAP -u ldapother -p ********
If
you want the broker to bind anonymously to an LDAP server, specify
the server name and the user ID anonymous:mqsisetdbparms IB9NODE -n ldap::ldap.mydomain2.com -u anonymous -p ********
For
the user ID anonymous, the password is always ignored.mqsisetdbparms broker name -n adapter name -u user name -p password
For
example:mqsisetdbparms IB9NODE -n eis::SAPCustomerInbound.inadapter -u sapuid -p ********
mqsisetdbparms IB9NODE -n eis::TwineballInbound.inadapter -u mqbroker -p ********
mqsisetdbparms broker name -n resource_name -u userID -p password
For example:
mqsisetdbparms IB9NODE -n ims::mySecurityIdentity -u myuserid -p mypassword
mqsisetdbparms IB9NODE -n ftp::identityA -u user1 -p MyPassword
mqsisetdbparms IB9NODE -n sftp::identityB -u user2 -p MyPassword
mqsisetdbparms IB9NODE -n sftp::identityC -u user3 -i C:\key_rsa_no_pp
mqsisetdbparms IB9NODE -n sftp::identityD -u user4 -i C:\key_rsa_pp -r MyPassPhrase
Use the mqsisetdbparms command to provide the broker with the Kerberos client credentials for accessing the Kerberos Key Distribution Center (KDC). These credentials (which are required for SOAPRequest nodes) can also be provided in the broker properties tree.
mqsisetdbparms IB9NODE -n kerberos::realm1::ExecutionGroup1 -u clientId -p ClientPassword
mqsisetdbparms IB9NODE -n kerberos::realm1 -u clientId -p ClientPassword
mqsisetdbparms IB9NODE -n kerberos::kerberos -u clientId -p ClientPassword
Use the mqsisetdbparms command to specify the user name and password to use when you connect to a secure WebSphere eXtreme Scale grid. The name of this identity (in this example, id1) is used by the WXSServer configurable service.
mqsisetdbparms IB9NODE -n wxs::id1 -u userId -p password