| Author |
Message
|
| sarath |
 Posted: Wed Aug 10, 2005 3:12 am Post subject: |
 |
|
Novice
Joined: 10 Jun 2005
Posts: 16
|
Hi All,
Made one small Sample Application to check this problem:
#include <stdio.h>
#include <imqi.hpp>
int main(int argc, char *argv[])
{
printf("Start\n");
ImqChannel channel;
channel.setChannelName("NMPS.CHL");
channel.setTransportType(MQXPT_TCP);
channel.setConnectionName("rapier(1414)");
ImqQueueManager mgr;
printf("Constructed\n");
mgr.setChannelReference( &channel );
printf("Channelled\n");
mgr.setName("NMPS.QM");
printf("Named\n");
if ( !mgr.open() )
{
printf("Bad connect : %d\n", mgr.reasonCode());
}
else
{
printf("Connected\n");
if ( !mgr.disconnect() )
{
printf("Bad disconnect : %d\n", mgr.reasonCode());
}
else
{
printf("disconnected\n");
}
}
}
Make Command:
CC -o mqtest -mt -g -I/opt/mqm/inc qtest.C -L/opt/mqm/lib -R/opt/mqm/lib -R/usr/lib/32 -limqs23as -limqb23as -lmqmcs -lmqmzse -lsocket -lnsl -ldl
test.sh
#!/bin/sh
MQSERVER="NMPS.CHL/TCP/rapier(1414)"
export MQSERVER
./mqtest NMPS.QM
when i execute this application with provnms user account, the output is like below.
provnms@rapier:tmp(91)% ./test.sh
Start
Constructed
Channelled
Named
Bad connect : 2035
And when executed with mqm user
rapier% ./test.sh
Start
Constructed
Channelled
Named
Connected
disconnected
rapier%
Observation : Able to open the QM with mqm user account.
Note : QM and the queues were created with mqm user account.
Commands used To give the permissions :
setmqaut -m NMPS.QM -t qmgr -g nmsadmin +connect +inq
setmqaut -m NMPS.QM -t qmgr -n NMPS\* -g nmsadmin +dsp +allmqi
After this commands also facing the same issue.
provnms is member of netadmin but not mqm. Is it required to add provnms user to mqm group.
Thanks,
Sarath. |
|
| Back to top |
|
 |
| Mr Butcher |
| Posted: Wed Aug 10, 2005 3:38 am Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
this is not my plattform, and it is not my programming language, but i assume the error is here:
qmgr.open != qmgr.connect
user mqm is allowed to do all, but your provnms user is only allowed
to connect. but you open the qmgr object, you do not connect ?!?
_________________
Regards, Butcher |
|
| Back to top |
|
|
| sarath |
| Posted: Wed Aug 10, 2005 3:58 am Post subject: |
|
|
Novice
Joined: 10 Jun 2005
Posts: 16
|
| Well, connect also behaved in the same way. |
|
| Back to top |
|
|
| Mr Butcher |
| Posted: Wed Aug 10, 2005 4:07 am Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
please show us the output from
dmpmqaut -m NMPS.QM -t qmgr
_________________
Regards, Butcher |
|
| Back to top |
|
|
| Mr Butcher |
| Posted: Wed Aug 10, 2005 4:09 am Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
in addition: you wrote:
| Quote: |
setmqaut -m NMPS.QM -t qmgr -g nmsadmin +connect +inq
setmqaut -m NMPS.QM -t qmgr -n NMPS\* -g nmsadmin +dsp +allmqi
After this commands also facing the same issue.
provnms is member of netadmin but not mqm. Is it required to add provnms user to mqm group. |
netadmin? nmsadmin? please verify that you used the correct group for the setmqaut
_________________
Regards, Butcher |
|
| Back to top |
|
|
| Mr Butcher |
| Posted: Wed Aug 10, 2005 4:17 am Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
last but not least:
go back in this thread to the post of wschutz
the second command is false, it should not be -t qmgr. this looks like you are setting the same authority (for the queuemanager) but without connect. if the generic entry is taken in account for the security the user is not allowed to connect..... ?!?
make sure this is removed (using dspmqaut) and set it correct for queues and not for the queuemanager.
_________________
Regards, Butcher |
|
| Back to top |
|
|
| sarath |
| Posted: Wed Aug 10, 2005 5:00 am Post subject: |
|
|
Novice
Joined: 10 Jun 2005
Posts: 16
|
The output of dmpmqaut -m NMPS.QM -t qmgr is (before setmqaut):
rapier% dmpmqaut -m NMPS.QM -t qmgr
profile: self
object type: qmgr
entity: mqm
entity type: principal
authority: allmqi crt dlt chg dsp clr
- - - - - - - -
profile: @class
object type: qmgr
entity: mqm
entity type: principal
authority: crt
rapier%
----------------------
Its nmsadmin only....and the given cmd was
rapier% setmqaut -m NMPS.QM -t qmgr -g nmsadmin +connect +inq
The setmqaut command completed successfully.
rapier% setmqaut -m NMPS.QM -t q -n NMPS\* -g nmsadmin +dsp +allmqi
The setmqaut command completed successfully.
rapier%
==========================================
After giving the permission, dmpmqaut output :
rapier% dmpmqaut -m NMPS.QM -t qmgr
profile: self
object type: qmgr
entity: mqm
entity type: principal
authority: allmqi crt dlt chg dsp clr
- - - - - - - -
profile: self
object type: qmgr
entity: nmsadmin
entity type: group
authority: inq connect
- - - - - - - -
profile: @class
object type: qmgr
entity: mqm
entity type: principal
authority: crt
- - - - - - - -
profile: @class
object type: qmgr
entity: nmsadmin
entity type: group
authority: none
rapier%
Thanks,
Sarath. |
|
| Back to top |
|
|
| Mr Butcher |
| Posted: Wed Aug 10, 2005 7:08 am Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
if provnms is member of nmsadmin then it should work
_________________
Regards, Butcher |
|
| Back to top |
|
|
|
|
