Recipient distinguished names in AMS

The recipient distinguished names (DN) identify users who are authorized to retrieve messages from a queue.

A policy can have zero or more recipient DNs specified. Recipient distinguished names have the following form:

CN=Common Name,O=Organization,C=Country

• All DNs must be in uppercase and in the same order as listed in the table.

  Component name	Value
  CN	The common name for the object of this DN, such as a full name or the intended purpose of a device.
  OU	The unit within the organization with which the object of the DN is affiliated, such as a corporate division or a product name.
  O	The organization with which the object of the DN is affiliated, such as a corporation.
  L	The locality (city or municipality) where the object of the DN is located.
  ST	The state or province name where the object of the DN is located.
  C	The country where the object of the distinguished name (DN) is located.

• If no recipient DNs are specified for the policy, any user can get messages from the queue associated with the policy.
• If one or more recipient DNs are specified for the policy, only those users can get messages from the queue associated with the policy.
• Recipient DNs, when specified, must match exactly the DN contained in the digital certificate associated with user getting the message.
• Advanced Message Security supports DNs with values only from Latin-1 character set. To create DNs with characters of the set, we must first create a certificate with a DN that is created in UTF-8 coding using UNIX with UTF-8 coding turned on or with the strmqiqm GUI. Then create a policy from a UNIX platform with UTF-8 coding turned on or use the Advanced Message Security plug-in to IBM MQ .

Parent topic: Security policies overview for AMS