Mapping credentials for Connect:Direct by using the ConnectDirectCredentials.xml file

Map user credentials in Managed File Transfer to user credentials on Connect:Direct nodes by using the default credential mapping function of the Connect:Direct bridge agent. Managed File Transfer provides an XML file that we can edit to include your credential information.


After a Connect:Direct bridge agent has been created using the fteCreateCDAgent command, a ConnectDirectCredentials.xml file needs to be manually created. Before we can use a Connect:Direct bridge agent, we must edit this file to include host, user, and credential information. For more information, see Connect:Direct credentials file format. By default, this file is loaded from the current user's home directory, /home/fteuser/ConnectDirectCredentials.xml for example. To use another location, specify it using the <credentialsFile> element in the ConnectDirectNodeProperties.xml file.


Procedure

  1. Ensure that the name attribute in the element <tns:pnode name="Connect:Direct node host" pattern="wildcard"> contains the value of the name of the Connect:Direct node that the Connect:Direct bridge agent connects to. This value must be the same value that you specify for the fteCreateCDAgent -cdNode parameter. The value of the pattern attribute can be either wildcard or regex. If this attribute is not specified, the default is wildcard.
  2. Insert user ID and credential information into the file as child elements of <tns:pnode>. You can insert one or more instances of the following <tns:user> element into the file:
    <tns:user name="name" 
              pattern="pattern" 
              ignorecase="ignorecase" 
              cdUserId="cdUserId"  
              cdPassword="cdPassword"  
              pnodeUserId="pnodeUserId" 
              pnodePassword="pnodePassword">
    </tns:user>
    
    where:

    • name is a pattern to match the MQMD user ID associated with the MFT transfer request.
    • pattern specifies whether the pattern specified for the name attribute is a wildcard expression or a Java regular expression. The value of the pattern attribute can be either wildcard or regex. If this attribute is not specified, the default is wildcard.
    • ignorecase specifies whether to treat the pattern specified by the name attribute as case sensitive. If this attribute is not specified, the default is true.
    • cdUserId is the user ID that is used by the Connect:Direct bridge agent to connect to the Connect:Direct node specified by the name attribute of <tns:pnode> element. If possible, ensure that cdUserId is a Connect:Direct administrator user ID. If cdUserId cannot be a Connect:Direct administrator, ensure that the user ID has the following functional authorities at the Connect:Direct bridge node:

      • For a Windows node set the following authorities. This example is formatted with carriage returns to aid readability:
        View Processes in the  value: yes
         TCQ
        Issue the copy         value: yes
         receive, copy send,
         run job, and run task
         Process statements
        Issue the submit       value: yes
         Process statement
        Monitor, submit,       value: all
         change,and delete all
         Processes
        Access Process         value: all
         statistics
        Use the trace tool or  value: yes
         issue traceon and
         traceoff commands
        Override Process       value: yes
         options such as file
         attributes and remote
         node ID                                           
      • For a UNIX node set the following parameters in the userfile.cfg file:
        pstmt.copy             value: y
        pstmt.upload           value: y
        pstmt.download         value: y
        pstmt.runjob           value: y
        pstmt.runtask          value: y
        cmd.submit             value: y
        pstmt.submit           value: y
        cmd.chgproc            value: y
        cmd.delproc            value: y
        cmd.flsproc            value: y
        cmd.selproc            value: a
        cmd.selstats           value: a
        cmd.trace              value: y
        snode.ovrd             value: y

    • cdPassword is the password associated with the user ID specified by the cdUserId attribute.
    • We can optionally specify the pnodeUserId attribute. The value of this attribute is the user ID that is used by the Connect:Direct node specified by the name attribute of <tns:pnode> element to submit the Connect:Direct process. If we do not specify the pnodeUserId attribute, the Connect:Direct node uses the user ID specified by the cdUserId attribute to submit the Connect:Direct process.
    • We can optionally specify the attribute pnodePassword. The value of this attribute is the password associated with the user ID specified by the pnodeUserId attribute.

    If no user element matches the MQMD user ID, the transfer fails.

  3. Optional: We can include one or more <tns:snode> elements as child elements of the <tns:user> element. The <tns:snode> element specifies credentials that are used by the Connect:Direct node that is part of the Connect:Direct bridge. These credentials are the user ID and password that the Connect:Direct bridge node uses to connect to the Connect:Direct node that is the source or destination of the file transfer. Insert one or many of the following elements into the file:
    <tns:snode name="name" 
               pattern="pattern" 
               userId="userId" 
               password="password"/>
    
    where:

    • name is a pattern to match the name of the Connect:Direct node that is the source or destination of the file transfer.
    • pattern specifies whether the pattern specified for the name attribute is a wildcard expression or a Java regular expression. The value of the pattern attribute can be either wildcard or regex. If this attribute is not specified, the default is wildcard.
    • userId is the user ID that is used by the Connect:Direct node specified by the name attribute of the <tns:pnode> element to connect to a Connect:Direct node that matches the pattern specified by the name attribute of <tns:snode>.
    • password is the password associated with the user ID specified by the userId attribute.

    If no <tns:snode> element matches the secondary node of the file transfer, this does not cause the transfer to fail. The transfer is started and no user ID and password are specified for use with the snode.


Results

When searching for a pattern match for user names or Connect:Direct node names the Connect:Direct bridge agent searches from the start of the file to the end of the file. The first match that is found is the one that is used. Parent topic: Mapping credentials for Connect:Direct


Related tasks


Related information