Use the mqsisetdbparms command to associate a specific user ID and password (or SSH identity file) with one or more resources that are accessed by the integration node.
The user ID and password pair is created in the DSN folder under the integration node registry folder.
You can run the mqsisetdbparms command while the integration node is running. However, you must stop and start each integration server that uses a particular ResourceName, before that information is read and used by that integration server.
If you are using the mqsisetdbparms command on Linux or a UNIX console, add an escape character if you use one or more of the reserved characters. For example, you must specify these values:
mqsisetdbparms DUMMYBROKER -n ftp::DUMMYFTP -u dummy\\user -p abcdef
Do not use the following format:
mqsisetdbparms DUMMYBROKER -n ftp::DUMMYFTP -u dummy\user -p abcdef
If you use the latter format, the backslash character (\) in the user ID or password is ignored. The example causes the FTP connection through the FileInput node to fail with incorrect user credentials.
For a full list of reserved characters, and the rules that are associated with those characters when you use quotation marks and escape characters, see the documentation that is supplied with the shell.
To check any credentials that you set by using mqsisetdbparms, use the mqsireportdbparms command; see mqsireportdbparms command.
>>-mqsisetdbparms--integrationNodeName-- -n --ResourceName------> >-- -u --UserId-------------------------------------------------> >--+- -p --Password--+----------------------+--+--------------------+-+--> | '- -c --ClientIdentity-' '- -s --ClientSecret-' | '- -i --SSHIdentityFile--+------------------+----------------------' '- -r --Passphrase-' >--+-----+----------------------------------------------------->< '- -f-'
>>-mqsisetdbparms--integrationNodeName-- -n --ResourceName------> >--+--------------+---------------------------------------------> '- -u --UserId-' >--+- -p --Password--+----------------------+--+--------------------+-+--> | '- -c --ClientIdentity-' '- -s --ClientSecret-' | '- -i --SSHIdentityFile--+------------------+----------------------' '- -r --Passphrase-' >--+-----+----------------------------------------------------->< '- -f-'
If you use the same datasource_name to refer to the same database instance from multiple nodes, the same user ID and password pairing is used. To define default values for user ID and password for the integration node to use for all data source names for which you have not set specific values, specify dsn::DSN as the ResourceName. If you migrated the integration node from a previous version, the values that you define on this command replace the values that you set on the mqsicreatebroker or mqsichangebroker commands before migration; the relevant parameters on those commands are deprecated in WebSphere Message Broker Version 8.0.
Specify jdbc::JDBC to define default values for user ID and password for the integration node to use for all JDBC connections for which you have not set specific values.
Specify ldap::<servername> to define credentials for an individual server. If you want the integration node to bind anonymously to this server, specify anonymous as the user ID.
Specify ldap::LDAP to define a default setting. The integration node uses the specified user ID and password values for all servers that do not have an explicit ldap::<servername> entry. Therefore, all servers that previously used anonymous bind by default start to use the details defined in an ldap::LDAP entry.
For compatibility with existing systems, you can still specify <password>. However, if you do not specify a password with this parameter when you run the command, you are prompted to enter a password during its invocation, and to enter the password a second time to verify that you have entered it correctly.
On z/OS only, this parameter is optional with the dsn::DSN resource type. If you omit this parameter, the integration node uses the started task user ID to connect to DB2®. The integration node uses the user ID that you specified with the -u parameter when it constructs fully qualified SQL statements; for example, for stored procedures. If you create fully qualified SQL statements, the integration node uses these statements as created.
This parameter is required with the ftp:: resource type, but is optional with the sftp:: resource type. However, if you do not specify a password with an sftp:: resource, you must specify the SSHIdentityFile parameter.
On z/OS systems, known hosts files and SSH identity files are stored in EBCDIC format, and on other operating systems they are stored in ASCII format.
Ensure that the registry is appropriately secured to prevent unauthorized access.
mqsisetdbparms integrationNodeName -n ResourceName -u userID -p password
For example:
mqsisetdbparms IBNODE -n cics::mySecurityIdentity -u myUserID -p myPassword
mqsisetdbparms IBNODE -n mq::securityIdentityName -u username -p password
mqsisetdbparms IBNODE -n mq::QMGR::QMName -u username -p password
mqsisetdbparms IBNODE -n mq::MQ -u username -p password
mqsisetdbparms IBNODE -n mqtt::pubsubDefault -u myUserID -p myPassword
For
more information, see Configuring the publication of event messages. The following example shows the use of the command to associate a userid and password for a specific ODBC data source name (no Universal Record Identifier (URI) prefix is required):
mqsisetdbparms IBNODE -n USERDB1 -u myuserid1 -p mypassword1
The following examples show the use of the optional prefix odbc::. Use this option to set the user ID and password for an ODBC data source at either the integration node level, or at the integration server level:
mqsisetdbparms IBNODE -n odbc::USERDB2 -u myuserid2 -p mypassword2
mqsisetdbparms IBNODE -n odbc::USERDB2::myIntegrationServer -u myuserid3 -p mypassword3
The following example shows how to set up a default user ID and password for the broker to use for all ODBC data source names where no explicit Resource Names were set:
mqsisetdbparms IBNODE -n dsn::DSN -u myuserid4 -p mypassword4
The following examples delete all the values that are defined for specific resource names from the broker registry:
mqsisetdbparms IBNODE -n USERDB1 -d
mqsisetdbparms IBNODE -n odbc::USERDB2 -d
mqsisetdbparms IBNODE -n odbc::USERDB2::myIntegrationServer -d
mqsisetdbparms integrationNodeName -n ResourceName -u userID -p password
For example:
mqsisetdbparms IBNODE -n smtp::mySecurityIdentityObjectName
-u myUserID -p myPassword
mqsisetdbparms integrationNodeName -n ResourceName -u userID -p password
For example:
mqsisetdbparms IBNODE -n cd::default -u mqbroker -p xxxxxxx
mqsisetdbparms integrationNodeName -n resource_name -u userID -p password
For
example:mqsisetdbparms IBNODE -n jdbc::mySecurityIdentity -u myuserid -p secretpw
mqsisetdbparms IBNODE -n jdbc::JDBC -u UserId2 -p password2
The following examples show the use of the command when the URI for a JMS or JNDI resource name is substituted for the -n ResourceName parameter.
For a JMS resource, the URL prefix is "jms::"; for JNDI, the prefix is "jndi::".
On Linux and UNIX systems, if the parameter string includes a backslash (\) character, you must escape from this character by using a second backslash character (\\) when you enter the mqsisetdbparms command.
mqsisetdbparms IBNODE -n jms::tcf1 -u myuserid -p secret
mqsisetdbparms IBNODE -n jndi::com.sun.jndi.fscontext.RefFSContextFactory
-u myuserid -p secret
The preceding examples describe how to configure security for JMS and JNDI resources for all JMS nodes that use those resources in an integration node.
Message Flow Name_Node label
MyJMSFlow1_MyJMSInput1
resource typeaccount name@resource name
jms::MyJMSFlow1_MyJMSInput1@tcf1
mqsisetdbparms IBNODE -n jms::MyJMSFlow1_MyJMSInput1@tcf1
-u myuserid -p secret
mqsisetdbparms IBNODE -n ldap::ldap.mydomain.com -u ldapuid -p ********
To
set up authorization for other servers, use the command to set up
default credentials:mqsisetdbparms IBNODE -n ldap::LDAP -u ldapother -p ********
If
you want the integration node to bind anonymously to an LDAP server,
specify the server name and the user ID anonymous:mqsisetdbparms IBNODE -n ldap::ldap.mydomain2.com -u anonymous -p ********
For
the user ID anonymous, the password is always ignored.mqsisetdbparms IBNODE -n mqtt::mySecurityIdentity -u myUserID -p myPassword
The MQTTSubscribe or MQTTPublish node that is connecting
to a secure MQTT server must have its Security identity property
set to the same value that is configured by using this command, so mySecurityIdentity in
this example.mqsisetdbparms IBNODE -n mqtt::pubsubDefault -u myUserID -p myPassword
For
more information, see Configuring the publication of event messages. mqsisetdbparms integrationNodeName -n adapter name -u user name -p password
For
example:mqsisetdbparms IBNODE -n eis::SAPCustomerInbound.inadapter -u sapuid -p ********
mqsisetdbparms integrationNodeName -n resource_name -u userID -p password
For example:
mqsisetdbparms IBNODE -n ims::mySecurityIdentity -u myuserid -p mypassword
mqsisetdbparms integrationNodeName -n salesforce::mySecurityIdentity -u userID -p password -c clientIdentity -s clientSecret
mqsisetdbparms <integration_node> -c
3MVG98_Pfg5cqqyb0NUwU1XtHr9NhWu_Kmb8RTIH53a7pdTzeychmvvtjTdiRbuoWtyr_QL.lepaXNk7W3PDA -s
2050239087638761094 -n 'salesforce::SF' -p 'passwd1IWvMp3JqqklwG2erpaLs2oKz' -u 'salesforce_userid'
mqsisetdbparms IBNODE -n ftp::identityA -u user1 -p MyPassword
mqsisetdbparms IBNODE -n sftp::identityB -u user2 -p MyPassword
mqsisetdbparms IBNODE -n sftp::identityC -u user3 -i C:\key_rsa_no_pp
mqsisetdbparms IBNODE -n sftp::identityD -u user4 -i C:\key_rsa_pp -r MyPassPhrase
Use the mqsisetdbparms command to provide the integration node with the Kerberos client credentials for accessing the Kerberos Key Distribution Center (KDC). These credentials (which are required for SOAPRequest nodes) can also be provided in the integration node properties tree.
mqsisetdbparms IBNODE -n kerberos::realm1::integrationServerName -u clientId -p ClientPassword
mqsisetdbparms IBNODE -n kerberos::realm1 -u clientId -p ClientPassword
mqsisetdbparms IBNODE -n kerberos::kerberos -u clientId -p ClientPassword
Use the mqsisetdbparms command to specify the user name and password to use when you connect to a secure WebSphere eXtreme Scale grid. The name of this identity (in this example, id1) is used by the WXSServer configurable service.
mqsisetdbparms IBNODE -n wxs::id1 -u userId -p password