mqsicreateusernameserver command

Supported platforms

Purpose

On Windows platforms, Linux, and UNIX systems, this command:
  • Creates a WebSphere MQ queue manager, if one does not already exist.
    Note:
    1. (Not z/OS) If a WebSphere MQ queue manager is created as a result of using the mqsicreateusernameserver command, the default DLQ provided by WebSphere MQ (SYSTEM.DEAD.LETTER.QUEUE) is automatically enabled. The security settings are the same as those of other broker-specific WebSphere MQ queues.

      If you choose to create the queue manager separately, set up a dead letter queue (DLQ). The DLQ is referenced by WebSphere Event Broker when errors occur processing messages in message flows.

      If a message in either a user-defined message flow or in the publish/subscribe model cannot be processed, it is routed to this DLQ as a last resort. If you would prefer the message to be backed out onto the input queue, effectively halting the message flow until the problem is resolved, disable the DLQ.

      The mqsideleteusernameserver command does not delete this queue (unless the queue manager is deleted).

    2. If you are using a WebSphere MQ queue manager that has been created independently of the mqsicreateusernameserver command, you can define clusters. This simplifies your configuration.

  • (Not z/OS) Starts the WebSphere MQ queue manager, if this is not already running.

    If the queue manager is created by this command, it is not started as a Windows service; it stops if you log off. To avoid this happening, either remain logged on, or change the start up status of the queue manager service. (If you lock your workstation, the WebSphere MQ queue manager does not stop.)

  • Creates the User Name Server-specific WebSphere MQ queues, if these do not already exist.
  • On Windows, installs a service under which the User Name Server runs.
  • Creates a record for the component in the broker registry.

Syntax

Windows platforms, Linux, and UNIX systems

z/OS console command

Parameters

-i ServiceUserID
(Required - Windows platforms, Linux, and UNIX systems) The user ID under which the broker runs.
This can be specified in any valid username syntax. On Windows platforms, these are:
  • domain\username
  • \\server\username
  • .\username
  • username
On Linux and UNIX systems, only the last format, username, is valid.

If you use the unqualified form for this user ID (username) on Windows platforms, the operating system searches for the user ID throughout its domain, starting with the local system. This search might take some time to complete.

The ServiceUserID specified must be a member of the local group mqbrkrs. On Windows platforms, it can be a direct or indirect member of the group. The ServiceUserID must also be authorized to access the home directory (where WebSphere Event Broker has been installed).

The security requirements for the ServiceUserID are detailed in Security requirements for Windows platforms for Windows platforms and in Security requirements for Linux and UNIX platforms for Linux and UNIX systems.

-a ServicePassword
(Required - Windows platforms, Linux, and UNIX systems) The password for the ServiceUserID.

For compatibility with existing systems, you can still specify <password>. However, if you do not specify a password with this parameter when you run the command you are prompted to enter a password during its invocation, and to enter the password a second time to verify that you have entered it correctly.

-q QueueManagerName
(Required) The name of the queue manager associated with the User Name Server.

On Windows platforms, Linux, and UNIX systems, if the queue manager does not already exist, it is created by this command. It is not created as the default queue manager: if you want it to be the default queue manager on this system, you must create the queue manager before you issue this command.

The queue manager attribute MAXMSGL (maximum length of messages that can be put to queues) is updated to 100 MB. This is done whether or not the queue manager is created by this command.

-d SecurityDomainName
(Optional - Windows platforms) The name of the Windows system security domain. If this is not specified, it defaults to the system's local Windows system security domain. For more details about the implementation of security in WebSphere Event Broker, see Setting up broker domain security.
-r RefreshInterval
(Optional) The interval, specified in seconds, at which the User Name Server interrogates the security subsystem for changes to user or group attributes. If it is not specified, the User Name Server's default interval of 60 seconds is used.
-w Workpath
(Optional - Windows platforms, Linux, and UNIX systems) The directory in which working files for the User Name Server are stored. If not specified, the default value specified when the product was installed is used.
-g AuthProtocolDataSource
(Optional - Windows platforms, Linux, and UNIX systems) Use this parameter to specify the name and location of the password file used to source any protocol related information. By default, the file is expected to be found in the home directory. If you store the file in a different location, specify the full path location with file name.

Two samples, password.dat and pwgroup.dat, are provided in the examples/auth directory under the product home directory.

-j
(Optional - Windows platforms, Linux, and UNIX systems) Indicates that groups and group memberships are defined in the data source for the authentication protocol, rather than drawn from the operating system.
1
(Optional - z/OS only) The registry pass, which creates only the User Name Server registry.
2
(Optional - z/OS only) The WebSphere MQ pass, which creates only the User Name Server WebSphere MQ queues.

WebSphere MQ queues created

  • SYSTEM.BROKER.SECURITY.QUEUE
  • SYSTEM.BROKER.MODEL.QUEUE

Access authority is granted for the WebSphere Event Broker group mqbrkrs to all these queues.

Responses

This command returns the following responses:
  • BIP8011 Unable to create configuration data
  • BIP8012 Unable to connect to system components
  • BIP8014 Component cannot be created
  • BIP8022 Invalid user ID/password
  • BIP8030 Unable to modify user ID privileges
  • BIP8048 Unable to start queue manager
  • BIP8050 Unable to create queue manager
  • BIP8051 Unable to create queue
  • BIP8053 Unable to set security for queue manager
  • BIP8054 Unable to set security for queue
  • BIP8056 Unknown queue manager
  • BIP8068 Integer argument required
  • BIP8084 Unable to create directory
  • BIP8087 Component already exists
  • BIP8093 Queue manager being created
  • BIP8094 Queue manager stopping

Examples

mqsicreateusernameserver -i wbrkuid -a wbrkpw
   -q WBRK_QM -r 1000
Related concepts
User Name Server