What’s in Command Levels 801 and 802

MQ 801 Goody Bag

IBM MQ V8.0.0 Fix Pack 2 introduces a new Command Level, 801, and Fix Pack 3 introduces Command Level 802. Read What is an 801 Queue Manager? for details on how to enable these new Commmand Levels.

This post captures the changes that are available once you have an 801 or 802 Queue Manager.

LDAP Authorization

The V8.0.0 Connection Authentication feature which checked your user ID and password has been extended in V8.0.0.2 to allow LDAP authorization as well. The new fields that allow you to configure this on an AUTHTYPE(IDPWLDAP) Authentication Information object are protected by the 801 Command Level.

New Attribute MQSC name
See DEF AUTHINFO
Look for KC 8002 indicator
PCF constant and values
See Create Authentication Information
Look for KC 8002 indicator
LDAP Auth Method

AUTHORMD

  • OS
  • SEARCHGRP
  • SEARCHUSR

MQIA_LDAP_AUTHORMD (263)

  • MQLDAP_AUTHORMD_OS (0)
  • MQLDAP_AUTHORMD_SEARCHGRP (1)
  • MQLDAP_AUTHORMD_SEARCHUSR (2)
LDAP Group Object Class CLASSGRP

MQCA_LDAP_GROUP_OBJECT_CLASS (2133)

  • String of length MQ_LDAP_CLASS_LENGTH (128)
LDAP Base DN Group BASEDNG

MQCA_LDAP_BASE_DN_GROUPS (2132)

  • String of length MQ_LDAP_BASE_DN_LENGTH (1024)
LDAP Group Attr Field GRPFIELD

MQCA_LDAP_GROUP_ATTR_FIELD (2134)

  • String of length MQ_LDAP_FIELD_LENGTH (128)
LDAP Find Group FINDGRP

MQCA_LDAP_FIND_GROUP_FIELD (2135)

  • String of length MQ_LDAP_FIELD_LENGTH (128)
LDAP Group Nesting

NESTGRP

  • NO
  • YES

MQIA_LDAP_NESTGRP (264)

  • MQLDAP_NESTGRP_NO (0)
  • MQLDAP_NESTGRP_YES (1)

PAM Authentication

The V8.0.0 Connection Authentication feature which checked your user ID and password has been extended in V8.0.0.3 to allow PAM authentication as a choice. The new field that allows you to configure this on an AUTHTYPE(IDPWOS) Authentication Information object is protected by the 802 Command Level.

New Attribute MQSC name
See DEF AUTHINFO
Look for KC 8003 indicator
PCF constant and values
See Create Authentication Information
Look for KC 8003 indicator
Authentication Method

AUTHENMD

  • OS
  • PAM

MQIA_AUTHENTICATION_METHOD (266)

  • MQAUTHENTICATE_OS (0)
  • MQAUTHENTICATE_PAM (1)

Channel Status

Channels now show the security protocol in use – helping those people who were unsure how to answer the oft-asked question after the POODLE vulnerability, “are you still using an SSL CipherSpec?” Now instead of looking up your CipherSpec in the table in Knowledge Center, you can instead see this information output in the channel status display. Read more about this in Know your protocol.

New Attribute MQSC name
See DIS CHSTATUS
Look for KC 8002 indicator
PCF constant and values
See Inquire Channel Status
Look for KC 8002 indicator
Security Protocol

SECPROT

  • NONE
  • SSLV3
  • TLSV1
  • TLSV12

MQIACH_SECURITY_PROTOCOL (1645)

  • MQSECPROT_NONE (0)
  • MQSECPROT_SSLV30 (1)
  • MQSECPROT_TLSV10 (2)
  • MQSECPROT_TLSV12 (4)

AMQP Channel

In support of the MQLight in IBM MQ Beta, there is a whole new channel type with an associated set of channel attributes added. This is not yet documented in Knowledge Center but is visible when operating a queue manager at Command Level 801, and in the header files for PCF applications. Along with the Beta download that enables some of these attributes, there is a PDF of instructions on how to use the attributes available at the above link for the Beta. Be aware that although you can view and set all these attributes, not all of them are implemented by the current Beta. Get involved with the Beta program and read the PDF file mentioned above to see which attributes are currently usable.

New Attribute MQSC name PCF constant and values
Channel Type

CHLTYPE

  • AMQP

MQIACH_CHANNEL_TYPE (1511)

  • MQCHT_AMQP (11)
Description DESCR

MQCACH_DESC (3502)

  • String of length MQ_CHANNEL_DESC_LENGTH
Port PORT

MQIACH_PORT (1522)

  • Value in the range 1 – 65335
Local Address LOCLADDR

MQCACH_LOCAL_ADDRESS (3520)

  • String of length MQ_LOCAL_ADDRESS_LENGTH
SSL/TLS Certificate Label CERTLABL

MQCA_CERT_LABEL (2121)

  • String of length MQ_CERT_LABEL_LENGTH
SSL/TLS Cipher Spec SSLCIPH

MQCACH_SSL_CIPHER_SPEC (3544)

  • String of length MQ_SSL_CIPHER_SPEC_LENGTH
SSL/TLS Client Auth SSLCAUTH

MQIACH_SSL_CLIENT_AUTH (1568)

  • String of length MQ_SSL_CIPHER_SPEC_LENGTH
SSL/TLS Peer Name SSLPEER

MQCACH_SSL_PEER_NAME (3545)

  • String of length MQ_SSL_PEER_NAME_LENGTH
Alteration Date ALTDATE

MQCA_ALTERATION_DATE (2027)

  • String of length MQ_DATE_LENGTH
Alteration Time ALTTIME

MQCA_ALTERATION_TIME (2028)

  • String of length MQ_TIME_LENGTH
AMQP Keep Alive AMQPKA

MQIACH_AMQP_KEEP_ALIVE (1644)

  • Values in the range 0 – 99 999
  • MQKAI_AUTO
Use Client Identifier

USECLTID

  • YES
  • NO

MQIACH_USE_CLIENT_ID (1629)

  • MQUCI_YES (1)
  • MQUCI_NO (0)
Max Message Length MAXMSGL

MQIACH_MAX_MSG_LENGTH (1510)

  • Values in the range 0 – 100MB
MCA UserId MCAUSER

MQCACH_MCA_USER_ID (3527)

  • String of length MQ_MCA_USER_ID_LENGTH
Max Instances MAXINST

MQIACH_MAX_INSTANCES (1618)

  • Values in the range 0 – 999 999 999

Display Connection

With the introduction of the AMQP channel in CommandLevel 801, there is also a new attribute returned when you display application connections.

New Attribute MQSC name
See DIS CONN
Look for KC 8002 indicator
PCF constant and values
AMQP Client ID CLIENTID

MQCACF_AMQP_CLIENT_ID (3207)

  • String of length MQ_AMQP_CLIENT_ID_LENGTH (256)

Queue Manager Object

With the introduction of the AMQP channel in CommandLevel 801, there is also a new attribute on the queue manager object.

New Attribute MQSC name PCF constant and values
AMQP Capability

AMQPCAP

  • NO
  • YES

MQIA_AMQP_CAPABILITY (265)

  • MQCAP_NOT_SUPPORTED (0)
  • MQCAP_SUPPORTED (1)

You can get the equivalent information for earlier Command Levels from these posts.


IBM Certified Specialist

Morag Hughson is a Certified IBM MQ Specialist
IBM Certified System Administrator – MQ V8.0
Find her on: LinkedIn: http://uk.linkedin.com/in/moraghughson   Twitter: https://twitter.com/MoragHughson   SlideShare: http://www.slideshare.net/moraghughson

Advertisements

The team at MQGem would love to hear what you think. Leave your comments here.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s