---

 

JMSAdmin Configuration

Configure the JMSAdmin tool with values for the following three properties:

INITIAL_CONTEXT_FACTORY

The service provider used by the tool. The three explicitly supported values are:

• com.sun.jndi.ldap.LdapCtxFactory (LDAP)
• com.sun.jndi.fscontext.RefFSContextFactory (file system context)
• com.ibm.websphere.naming.WsnInitialContextFactory (WAS CosNaming repository)

To use an InitialContextFactory not in the list above. see Using an unlisted InitialContextFactory

PROVIDER_URL

The URL of the session's initial context; the root of all JNDI operations carried out by the tool. Three forms of this property are supported:

• ldap://hostname/contextname (for LDAP)
• file:[drive:]/pathname (for file system context)
• iiop://hostname[:port] /[?TargetContext=ctx] (to access base WAS CosNaming namespace)

SECURITY_AUTHENTICATION

Whether JNDI passes security credentials to your service provider. This property is used only when an LDAP service provider is used. This property can take one of three values:

• none (anonymous authentication)
• simple (simple authentication)
• CRAM-MD5 (CRAM-MD5 authentication mechanism)

If a valid value is not supplied, the property defaults to none. See Security for more details about security with the administration tool.

These properties are set in a configuration file. When you invoke the tool, you can specify this configuration by using the -cfg command-line parameter, as described in Invoking the administration tool. If you do not specify a configuration file name, the tool attempts to load the default configuration file (JMSAdmin.config). It looks for this file first in the current directory, and then in the <MQ_JAVA_INSTALL_PATH>/bin directory, where <MQ_JAVA_INSTALL_PATH> is the path to your WebSphere MQ JMS installation.

The configuration file is a plain-text file that consists of a set of key-value pairs, separated by =. This is shown in the following example:

#Set the service provider
    INITIAL_CONTEXT_FACTORY=com.sun.jndi.ldap.LdapCtxFactory
#Set the initial context
    PROVIDER_URL=ldap://polaris/o=ibm_us,c=us
#Set the authentication type
    SECURITY_AUTHENTICATION=none

(A # in the first column of the line indicates a comment, or a line that is not used.)

The installation comes with a sample configuration file that is called JMSAdmin.config, and is found in the <MQ_JAVA_INSTALL_PATH>/bin directory. Edit this file to suit the setup of your system.

 

Using an unlisted InitialContextFactory

You can use the administration tool to connect to JNDI contexts other than those listed in Configuration by using three parameters defined in the JMSAdmin configuration file.

To use a different InitialContextFactory:

1. Set the INITIAL_CONTEXT_FACTORY property to the required class name.

2. Define the behavior of the InitialContextFactory using the USE_INITIAL_DIR_CONTEXT, NAME_PREFIX and NAME_READABILITY_MARKER properties.

The settings for these properties are described in the sample configuration file comments.

You do not need to define the three properties listed here, if you use one of the supported INITIAL_CONTEXT_FACTORY values. However, you can give them values to override the system defaults. If you omit one or more of the three InitialContextFactory properties, the administration tool provides suitable defaults based on the values of the other properties.

 

Security

You need to understand the effect of the SECURITY_AUTHENTICATION property described in Configuration.

• If you set this parameter to none, JNDI does not pass any security credentials to the service provider, and anonymous authentication is performed.

• If you set the parameter to either simple or CRAM-MD5, security credentials are passed through JNDI to the underlying service provider. These security credentials are in the form of a user distinguished name (User DN) and password.

If security credentials are required, you are prompted for these when the tool initializes. Avoid this by setting the PROVIDER_USERDN and PROVIDER_PASSWORD properties in the JMSAdmin configuration file.

Note:

If you do not use these properties, the text typed, including the password, is echoed to the screen. This may have security implications.

The tool does no authentication itself; the task is delegated to the LDAP server. The LDAP server administrator must set up and maintain access privileges to different parts of the directory. If authentication fails, the tool displays an appropriate error message and terminates.

More detailed information about security and JNDI is in the documentation at Sun's Java web site (http://java.sun.com).

 

Configuring for WAS V3.5

For the administration tool (or any client application that needs to do subsequent lookups) to work with WAS's CosNaming repository, you need the following configuration:

• CLASSPATH must include WAS's JNDI-related jar file, <WSAppserver>\lib\ujc.jar
• PATH must include <WSAppserver>\jdk\jre\bin, where <WSAppserver> is the install path for WAS

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.