setmqcrl (set CRL LDAP server definitions)
Administer certificate revocation list (CRL) LDAP definitions in an Active Directory ( Windows only).
Purpose
Note: The setmqcrl command applies to IBM MQ for Windows only.Use the setmqcrl command to configure and administer support for publishing CRL (certificate revocation list) LDAP definitions in an Active Directory.
A domain administrator must use this command, or setmqscpsetmqcrl, initially to prepare the Active Directory for IBM MQ usage and to grant IBM MQ users and administrators the relevant authorities to access and update the IBM MQ Active Directory objects. We can also use the setmqcrl command to display all the currently configured CRL server definitions available on the Active Directory, that is, those definitions referred to by the queue manager's CRL namelist.
The only types of CRL servers supported are LDAP servers.
Syntax
Optional parameters
We must specify one of -a (add), -r (remove) or -d (display).
- -a
- Adds the IBM MQ MQI client connections Active Directory container, if it does not already exist. We must be a user with the appropriate privileges to create subcontainers in the System container of our domain. The IBM MQ folder is called CN=IBM-MQClientConnections. Do not delete this folder in any other way than by using the setmqscp command.
- -d
- Displays the IBM MQ CRL server definitions.
- -r
- Removes the IBM MQ CRL server definitions.
- -m [ * | qmgr ]
- Modifies the specified parameter (-a or -r) so that
only the specified queue manager is affected. We must include this option with the
-a parameter.
- * | qmgr
- * specifies that all queue managers are affected. This enables you to migrate a specific IBM MQ CRL server definitions file from one queue manager alone.
Examples
The following command creates the IBM-MQClientConnections folder and allocates the required permissions to IBM MQ administrators for the folder, and to child objects created subsequently. (In this, it is functionally equivalent to setmqscp -a.)setmqcrl -aThe following command migrates existing CRL server definitions from a local queue manager, Paint.queue.manager, to the Active Directory. Note: The command first deletes any other CRL definitions from the Active Directory.
setmqcrl -a -m Paint.queue.manager