Configuration

Configure the administration tool with values for the following properties:

INITIAL_CONTEXT_FACTORY
The service provider that the tool uses. The supported values for this property are as follows:

On z/OS, com.ibm.jndi.LDAPCtxFactory is also supported and provides access to an LDAP server. However, this is incompatible with com.sun.jndi.ldap.LdapCtxFactory, in that objects created using one InitialContextFactory cannot be read or modified using the other.

You can also use an InitialContextFactory that is not in the list above. See Using an unlisted InitialContextFactory for more details.

PROVIDER_URL
The URL of the session's initial context; the root of all JNDI operations carried out by the tool. Three forms of this property are supported:
SECURITY_AUTHENTICATION
Whether JNDI passes security credentials to your service provider. This property is used only when an LDAP service provider is used. This property can take one of three values:

If a valid value is not supplied, the property defaults to none. See Security for more details about security with the administration tool.

These properties are set in a configuration file. When you invoke the tool, you can specify this configuration by using the -cfg command-line parameter, as described in Invoking the administration tool. If you do not specify a configuration file name, the tool attempts to load the default configuration file (JMSAdmin.config). It looks for this file first in the current directory, and then in the <MQ_JAVA_INSTALL_PATH>/bin directory, where <MQ_JAVA_INSTALL_PATH> is the path to your WebSphere MQ JMS installation.

The configuration file is a plain-text file that consists of a set of key-value pairs, separated by =. This is shown in the following example:

#Set the service provider
    INITIAL_CONTEXT_FACTORY=com.sun.jndi.ldap.LdapCtxFactory
#Set the initial context
    PROVIDER_URL=ldap://polaris/o=ibm_us,c=us
#Set the authentication type
    SECURITY_AUTHENTICATION=none

(A # in the first column of the line indicates a comment, or a line that is not used.)

The installation comes with a sample configuration file that is called JMSAdmin.config, and is found in the <MQ_JAVA_INSTALL_PATH>/bin directory. Edit this file to suit the setup of your system.

Using an unlisted InitialContextFactory

You can use the administration tool to connect to JNDI contexts other than those listed in Configuration by using three parameters defined in the JMSAdmin configuration file.

To use a different InitialContextFactory:

  1. Set the INITIAL_CONTEXT_FACTORY property to the required class name.
  2. Define the behavior of the InitialContextFactory using the USE_INITIAL_DIR_CONTEXT, NAME_PREFIX and NAME_READABILITY_MARKER properties.

The settings for these properties are described in the sample configuration file comments.

You do not need to define the three properties listed here, if you use one of the supported INITIAL_CONTEXT_FACTORY values. However, you can give them values to override the system defaults. If you omit one or more of the three InitialContextFactory properties, the administration tool provides suitable defaults based on the values of the other properties.

Security

You need to understand the effect of the SECURITY_AUTHENTICATION property described in Configuration.

If security credentials are required, you are prompted for these when the tool initializes. Avoid this by setting the PROVIDER_USERDN and PROVIDER_PASSWORD properties in the JMSAdmin configuration file.

Note:
If you do not use these properties, the text typed, including the password, is echoed to the screen. This may have security implications.

The tool does no authentication itself; the task is delegated to the LDAP server. The LDAP server administrator must set up and maintain access privileges to different parts of the directory. If authentication fails, the tool displays an appropriate error message and terminates.

More detailed information about security and JNDI is in the documentation at Sun's Java(TM) web site (http://java.sun.com).