Mapping credentials for Connect:Direct by using the ConnectDirectCredentials.xml file
Map user credentials in Managed File Transfer to user credentials on Connect:Direct® nodes by using the default credential mapping function of the Connect:Direct bridge agent. Managed File Transfer provides an XML file that we can edit to include your credential information.
About this task
After a Connect:Direct bridge agent has been created using the fteCreateCDAgent command, a ConnectDirectCredentials.xml file needs to be manually created. Before using a Connect:Direct bridge agent, you must edit this file to include host, user, and credential information. For more information, see Connect:Direct credentials file format. By default, this file is loaded from the current user's home directory, /home/fteuser/ConnectDirectCredentials.xml for example. To use another location, specify it using the <credentialsFile> element in the ConnectDirectNodeProperties.xml file.
Procedure
- Ensure that the name attribute in the element <tns:pnode name="Connect:Direct node host" pattern="wildcard"> contains the value of the name of the Connect:Direct node that the Connect:Direct bridge agent connects to. This value must be the same value that you specify for the fteCreateCDAgent -cdNode parameter. The value of the pattern attribute can be either wildcard or regex. If this attribute is not specified, the default is wildcard.
- Insert user ID and credential information into the file
as child elements of <tns:pnode>. You
can insert one or more instances of the following <tns:user> element
into the file:
<tns:user name="name" pattern="pattern" ignorecase="ignorecase" cdUserId="cdUserId" cdPassword="cdPassword" pnodeUserId="pnodeUserId" pnodePassword="pnodePassword"> </tns:user>where:- name is a pattern to match the MQMD user ID associated with the MFT transfer request.
- pattern specifies whether the pattern specified for the name attribute is a wildcard expression or a Java regular expression. The value of the pattern attribute can be either wildcard or regex. If this attribute is not specified, the default is wildcard.
- ignorecase specifies whether to treat the pattern specified by the name attribute as case sensitive. If this attribute is not specified, the default is true.
- cdUserId is the user ID that
is used by the Connect:Direct bridge
agent to connect to the Connect:Direct node
specified by the name attribute of <tns:pnode> element.
If possible, ensure that cdUserId is
a Connect:Direct administrator
user ID. If cdUserId cannot be
a Connect:Direct administrator,
ensure that the user ID has the following functional authorities at
the Connect:Direct bridge
node:
- For a Windows node set
the following authorities. This example is formatted with carriage
returns to aid readability:
View Processes in the value: yes TCQ Issue the copy value: yes receive, copy send, run job, and run task Process statements Issue the submit value: yes Process statement Monitor, submit, value: all change,and delete all Processes Access Process value: all statistics Use the trace tool or value: yes issue traceon and traceoff commands Override Process value: yes options such as file attributes and remote node ID
- For a UNIX node set the
following parameters in the userfile.cfg file:
pstmt.copy value: y pstmt.upload value: y pstmt.download value: y pstmt.runjob value: y pstmt.runtask value: y cmd.submit value: y pstmt.submit value: y cmd.chgproc value: y cmd.delproc value: y cmd.flsproc value: y cmd.selproc value: a cmd.selstats value: a cmd.trace value: y snode.ovrd value: y
- For a Windows node set
the following authorities. This example is formatted with carriage
returns to aid readability:
- cdPassword is the password associated with the user ID specified by the cdUserId attribute.
- We can optionally specify the pnodeUserId attribute. The value of this attribute is the user ID that is used by the Connect:Direct node specified by the name attribute of <tns:pnode> element to submit the Connect:Direct process. If we do not specify the pnodeUserId attribute, the Connect:Direct node uses the user ID specified by the cdUserId attribute to submit the Connect:Direct process.
- We can optionally specify the attribute pnodePassword. The value of this attribute is the password associated with the user ID specified by the pnodeUserId attribute.
- Optional: We can include one or more <tns:snode> elements
as child elements of the <tns:user> element. The <tns:snode> element
specifies credentials that are used by the Connect:Direct node that is part
of the Connect:Direct bridge.
These credentials are the user ID and password that the Connect:Direct bridge node uses
to connect to the Connect:Direct node
that is the source or destination of the file transfer. Insert
one or many of the following elements into the file:
<tns:snode name="name" pattern="pattern" userId="userId" password="password"/>where:- name is a pattern to match the name of the Connect:Direct node that is the source or destination of the file transfer.
- pattern specifies whether the pattern specified for the name attribute is a wildcard expression or a Java regular expression. The value of the pattern attribute can be either wildcard or regex. If this attribute is not specified, the default is wildcard.
- userId is the user ID that is used by the Connect:Direct node specified by the name attribute of the <tns:pnode> element to connect to a Connect:Direct node that matches the pattern specified by the name attribute of <tns:snode>.
- password is the password associated with the user ID specified by the userId attribute.
Results
When searching for a pattern match for user names or Connect:Direct node names the Connect:Direct bridge agent searches from the start of the file to the end of the file. The first match that is found is the one that is used.