Mapping credentials for Connect:Direct by using the ConnectDirectCredentials.xml file
Map user credentials in Managed File Transfer to user credentials on Connect:Direct nodes by using the default credential mapping function of the Connect:Direct bridge agent. Managed File Transfer provides an XML file that we can edit to include your credential information.
After a Connect:Direct bridge agent has been created using the fteCreateCDAgent command, a ConnectDirectCredentials.xml file needs to be manually created. Before we can use a Connect:Direct bridge agent, we must edit this file to include host, user, and credential information. For more information, see Connect:Direct credentials file format. By default, this file is loaded from the current user's home directory, /home/fteuser/ConnectDirectCredentials.xml for example. To use another location, specify it using the <credentialsFile> element in the ConnectDirectNodeProperties.xml file.
Procedure
- Ensure that the name attribute in the element <tns:pnode name="Connect:Direct node host" pattern="wildcard"> contains the value of the name of the Connect:Direct node that the Connect:Direct bridge agent connects to. This value must be the same value that you specify for the fteCreateCDAgent -cdNode parameter. The value of the pattern attribute can be either wildcard or regex. If this attribute is not specified, the default is wildcard.
- Insert user ID and credential information into the file
as child elements of <tns:pnode>. You can insert one or more instances of the following <tns:user> element
into the file:
<tns:user name="name" pattern="pattern" ignorecase="ignorecase" cdUserId="cdUserId" cdPassword="cdPassword" pnodeUserId="pnodeUserId" pnodePassword="pnodePassword"> </tns:user>where:- name is a pattern to match the MQMD user ID associated with the MFT transfer request.
- pattern specifies whether the pattern specified for the name attribute is a wildcard expression or a Java regular expression. The value of the pattern attribute can be either wildcard or regex. If this attribute is not specified, the default is wildcard.
- ignorecase specifies whether to treat the pattern specified by the name attribute as case sensitive. If this attribute is not specified, the default is true.
- cdUserId is the user ID that
is used by the Connect:Direct bridge
agent to connect to the Connect:Direct node
specified by the name attribute of <tns:pnode> element.
If possible, ensure that cdUserId is
a Connect:Direct administrator
user ID. If cdUserId cannot be
a Connect:Direct administrator,
ensure that the user ID has the following functional authorities at
the Connect:Direct bridge
node:
- For a Windows node set
the following authorities. This example is formatted with carriage
returns to aid readability:
View Processes in the value: yes TCQ Issue the copy value: yes receive, copy send, run job, and run task Process statements Issue the submit value: yes Process statement Monitor, submit, value: all change,and delete all Processes Access Process value: all statistics Use the trace tool or value: yes issue traceon and traceoff commands Override Process value: yes options such as file attributes and remote node ID
- For a UNIX node set the
following parameters in the userfile.cfg file:
pstmt.copy value: y pstmt.upload value: y pstmt.download value: y pstmt.runjob value: y pstmt.runtask value: y cmd.submit value: y pstmt.submit value: y cmd.chgproc value: y cmd.delproc value: y cmd.flsproc value: y cmd.selproc value: a cmd.selstats value: a cmd.trace value: y snode.ovrd value: y
- For a Windows node set
the following authorities. This example is formatted with carriage
returns to aid readability:
- cdPassword is the password associated with the user ID specified by the cdUserId attribute.
- We can optionally specify the pnodeUserId attribute. The value of this attribute is the user ID that is used by the Connect:Direct node specified by the name attribute of <tns:pnode> element to submit the Connect:Direct process. If we do not specify the pnodeUserId attribute, the Connect:Direct node uses the user ID specified by the cdUserId attribute to submit the Connect:Direct process.
- We can optionally specify the attribute pnodePassword. The value of this attribute is the password associated with the user ID specified by the pnodeUserId attribute.
If no user element matches the MQMD user ID, the transfer fails.
- Optional: We can include one or more <tns:snode> elements
as child elements of the <tns:user> element. The <tns:snode> element
specifies credentials that are used by the Connect:Direct node that is part
of the Connect:Direct bridge.
These credentials are the user ID and password that the Connect:Direct bridge node uses
to connect to the Connect:Direct node
that is the source or destination of the file transfer. Insert
one or many of the following elements into the file:
<tns:snode name="name" pattern="pattern" userId="userId" password="password"/>where:- name is a pattern to match the name of the Connect:Direct node that is the source or destination of the file transfer.
- pattern specifies whether the pattern specified for the name attribute is a wildcard expression or a Java regular expression. The value of the pattern attribute can be either wildcard or regex. If this attribute is not specified, the default is wildcard.
- userId is the user ID that is used by the Connect:Direct node specified by the name attribute of the <tns:pnode> element to connect to a Connect:Direct node that matches the pattern specified by the name attribute of <tns:snode>.
- password is the password associated with the user ID specified by the userId attribute.
If no <tns:snode> element matches the secondary node of the file transfer, this does not cause the transfer to fail. The transfer is started and no user ID and password are specified for use with the snode.
Results
When searching for a pattern match for user names or Connect:Direct node names the Connect:Direct bridge agent searches from the start of the file to the end of the file. The first match that is found is the one that is used. Parent topic: Mapping credentials for Connect:DirectRelated tasks
Related information