MQAIR (Authentication information record) on IBM i

The MQAIR structure represents the authentication information record.


Overview

Purpose: The MQAIR structure allows an application running as an IBM MQ client to specify information about an authenticator that is to be used for the client connection. The structure is an input parameter on the MQCONNX call.

Character set and encoding: Data in MQAIR must be in the character set given by the CodedCharSetId queue manager attribute and encoding of the local queue manager given by ENNAT.


Fields

The MQAIR structure contains the following fields; the fields are described in alphabetical order:

    AICN (10-digit signed integer)

    This is either the host name or the network address of a host on which the LDAP server is running. This can be followed by an optional port number, enclosed in parentheses.

    If the value is shorter than the length of the field, terminate the value with a null character, or pad it with blanks to the length of the field. If the value is not valid, the call fails with reason code RC2387.

    The default port number is 389.

    This is an input field. The length of this field is given by LNAICN. The initial value of this field is blank characters.

    AITYP (10-digit signed integer)

    This is the type of authentication information contained in the record.

    The value must be:

      AITLDP
      Certificate revocation using LDAP server.

    If the value is not valid, the call fails with reason code RC2386.

    This is an input field. The initial value of this field is AITLDP.

    AIPW (10-digit signed integer)

    This is the password needed to access the LDAP CRL server.

    If the value is shorter than the length of the field, terminate the value with a null character, or pad it with blanks to the length of the field. If the LDAP server does not require a password, or you omit the LDAP user name, AIPW must be null or blank. If you omit the LDAP user name and AIPW is not null or blank, the call fails with reason code RC2390.

    This is an input field. The length of this field is given by LNLDPW. The initial value of this field blank characters.

    AILUL (10-digit signed integer)

    This is the length in bytes of the LDAP user name addressed by the AILUP or AILUO field. The value must be in the range zero through LNDISN. If the value is not valid, the call fails with reason code RC2389.

    If the LDAP server involved does not require a user name, set this field to zero.

    This is an input field. The initial value of this field is 0.

    AILUO (10-digit signed integer)

    This is the offset in bytes of the LDAP user name from the start of the MQAIR structure.

    The offset can be positive or negative. The field is ignored if LDAPUserNameLength is zero.

    We can use either LDAPUserNamePtr or LDAPUserNameOffset to specify the LDAP user name, but not both; see the description of the LDAPUserNamePtr field for details.

    This is an input field. The initial value of this field is 0.

    AILUP (10-digit signed integer)

    This is the LDAP user name.

    It consists of the Distinguished Name of the user who is attempting to access the LDAP CRL server. If the value is shorter than the length specified by AILUL, terminate the value with a null character, or pad it with blanks to the length AILUL. The field is ignored if AILUL is zero.

    We can supply the LDAP user name in one of two ways:

    • By using the pointer field AILUP

      In this case, the application can declare a string that is separate from the MQAIR structure, and set AILUP to the address of the string.

      Consider using AILUP for programming languages that support the pointer data type in a fashion that is portable to different environments (for example, the C programming language).

    • By using the offset field AILUO

      In this case, the application must declare a compound structure containing the MQSCO structure followed by the array of MQAIR records followed by the LDAP user name strings, and set AILUO to the offset of the appropriate name string from the start of the MQAIR structure. Ensure that this value is correct, and has a value that can be accommodated within an MQLONG (the most restrictive programming language is COBOL, for which the valid range is -999 999 999 through +999 999 999).

      Consider using AILUO for programming languages that do not support the pointer data type, or that implement the pointer data type in a fashion that might not be portable to different environments (for example, the COBOL programming language).

    Whichever technique is chosen, use only one of AILUP and AILUO ; the call fails with reason code RC2388.

    This is an input field. The initial value of this field is the null pointer in those programming languages that support pointers, and an all-null byte string otherwise.

    Note: On platforms where the programming language does not support the pointer data type, this field is declared as a byte string of the appropriate length.

    AISID (10-digit signed integer)
    The value must be:

      AISIDV
      Identifier for the authentication information record.

    This is always an input field. The initial value of this field is AISIDV.

    AIVER (10-digit signed integer)
    The value must be:

      AIVER1
      Version-1 authentication information record.

    The following constant specifies the version number of the current version:

      AIRVERC
      Current version of authentication information record.

    This is always an input field. The initial value of this field is AIVER1.


Initial values

Table 1. Initial values of fields in MQAIR for MQAIR
Field name Name of constant Value of constant
AISID AISIDV 'AIR¬'
AIVER AIVERC 1
AITYP AITLDP 1
AICN None Null string or blanks
AILUP None Null pointer or null bytes
AILUO None 0
AILUL None 0
AIPW None Null string or blanks
Notes:
  1. The symbol ¬ represents a single blank character.


RPG declaration

     D*..1....:....2....:....3....:....4....:....5....:....6....:....7..
     D* MQAIR Structure
     D*
     D* Structure identifier
     D  AISID                  1      4    INZ('AIR ')
     D* Structure version number
     D  AIVER                  5      8I 0 INZ(1)
     D* Type of authentication information
     D  AITYP                  9     12I 0 INZ(1)
     D* Connection name of CRL LDAP server
     D  AICN                  13    276    INZ
     D* Address of LDAP user name
     D  AILUP                277    292*   INZ(*NULL)
     D* Offset of LDAP user name from start of MQAIR structure
     D  AILUO                293    296I 0 INZ(0)
     D* Length of LDAP user name
     D  AILUL                297    300I 0 INZ(0)
     D* Password to access LDAP server
     D  AIPW                 301    332    INZ