| Author |
Message
|
| abhyyy |
 Posted: Wed Sep 11, 2013 4:23 am Post subject: Solved:Connect broker to 2 different instances using 2 Users |
 |
|
Voyager
Joined: 29 Sep 2011
Posts: 83
|
Hi Friends,
I have a requirement from the client where he wants 1 message flow to connect to 2 different MSSQL servers Instances using 2 different User Names.
What I Have
----------------------------------------------------------------
2 Admin accounts : USER1 , USER2
IIB 9.0 installed on Windows server 2012 using 'USER1' account.
1 Broker (Broker1) running under 'USER1' account.
1 Message Flow (MF1) running on Broker1 and connected to SvrName1/InstanceName1 using USER1 (as broker is running as that user)
Server 1 : SvrName1/InstanceName1 , DB1 in the network
Server 2 : SvrName2/InstanceName2 , DB2 in the network
What I am looking for
------------------------------------------------------------------
Message Flow MF1 running on Broker1 should be able to connect to SvrName1/InstanceName1 using USER1 and SvrName2/InstanceName2 using USER2
Problem I am facing
------------------------------------------------------------
Since Message Flow is deployed on Broker1 (which is running under USER1) so whatever external application it tries to connect to, it uses the user name which it is being run as and that is USER1. So I am not able to make this Message Flow connect to one more DB instance using another user USER2.
Any suggestions ?
Thanks.
_________________
----------------------
NeVeR StOp LeaRnInG.
Last edited by abhyyy on Thu Sep 19, 2013 2:44 am; edited 1 time in total |
|
| Back to top |
|
 |
| lancelotlinc |
| Posted: Wed Sep 11, 2013 4:25 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Sep 11, 2013 6:23 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| lancelotlinc wrote: |
| When you created the configurable service for two different ODBC names, |
I'm not sure I understand that. |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Wed Sep 11, 2013 6:26 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
| mqjeff wrote: |
| lancelotlinc wrote: |
| When you created the configurable service for two different ODBC names, |
I'm not sure I understand that. |
To create to two database instances, you create two ODBC data sources. For each ODBC data source, you mqsisetdbparms to set the user ID to be associated with each resource. Why did this not work? Did the OP validate the settings with mqsicvp ?
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Sep 11, 2013 6:30 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| lancelotlinc wrote: |
| mqjeff wrote: |
| lancelotlinc wrote: |
| When you created the configurable service for two different ODBC names, |
I'm not sure I understand that. |
To create to two database instances, you create two ODBC data sources. For each ODBC data source, you mqsisetdbparms to set the user ID to be associated with each resource. Why did this not work? Did the OP validate the settings with mqsicvp ? |
ODBC data sources are not configurable services.
mqsisetdbparms doesn't create a configurable service.
Not sure where configurable services enters into the picture. |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Wed Sep 11, 2013 6:35 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
| mqjeff wrote: |
| lancelotlinc wrote: |
| mqjeff wrote: |
| lancelotlinc wrote: |
| When you created the configurable service for two different ODBC names, |
I'm not sure I understand that. |
To create to two database instances, you create two ODBC data sources. For each ODBC data source, you mqsisetdbparms to set the user ID to be associated with each resource. Why did this not work? Did the OP validate the settings with mqsicvp ? |
ODBC data sources are not configurable services.
mqsisetdbparms doesn't create a configurable service.
Not sure where configurable services enters into the picture. |
The document is somewhat ambiguous and lacks clarity as it is currently written, since it uses 'configurable service' in a seemingly interchangeable way:
http://publib.boulder.ibm.com/infocenter/wmbhelp/v8r0m0/index.jsp?topic=%2Fcom.ibm.etools.mft.doc%2Fan09155_.htm
| Quote: |
Use the mqsisetdbparms command to set security credentials for a specific user ID and password (or SSH identity file) for the following resources:
A data source name (DSN) that is accessed from a message flow
A JDBCProvider configurable service
The user ID and password pair is created in the DSN folder under the broker registry folder.
|
I'll concede that ODBC and JDBC are not the same. In future, I'll refrain from using 'configurable service' in reference to an ODBC resource.
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
|
| abhyyy |
| Posted: Wed Sep 11, 2013 8:24 pm Post subject: |
|
|
Voyager
Joined: 29 Sep 2011
Posts: 83
|
Thanks for your responses.
I have tried this.
mqsisetdbparms broker1 -n DSN1 -u user1 -p password1
mqsisetdbparms broker1 -n DSN2 -u user2 -p password2
When I execute
mqsicvp broker1 DSN1 ----Successful
mqsicvp broker1 DSN2 ----Unsuccessful.
and surprisingly
mqsicvp broker1 DSN1 -u user1 -p password1
gives error saying "unknown flag 'u' selected.
Note : My IBM Integration Bus Component broker1 (service) is running under and as Local System (Log on as USER1)
Note : DSN1 created under user1 and DSN2 created under user2 since both connect to different servers using different usernames.
Error I am receiving for unsuccessful mqsicvp for DSN2 is as below:
BIP2322E : Database error: SQL state 28000
[Microsoft][ODBC SQL server Driver][SQL server ] Login failed for user 'USER1'
Seems like even after setting seperate mqsisetdbparms properties for 2 DSNs in 1 Broker as instructed by IBM, when trying to connect to external servers, the username that broker service is running as is used and not the ones set in mqsisetdbparms.
Any suggestions. Thanks.
_________________
----------------------
NeVeR StOp LeaRnInG. |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Wed Sep 11, 2013 10:01 pm Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
You really need to get the mqsicvp operation on the second DSN operating before toy try anything from within a flow.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| abhyyy |
| Posted: Thu Sep 12, 2013 12:52 am Post subject: |
|
|
Voyager
Joined: 29 Sep 2011
Posts: 83
|
Thanks for your reply.
That's the core problem.
Broker1 is running as USER1.
DSN2 has to created under USER2 (so that it connects to SERVER2)
When I do mqsicvp broker1 DSN2
it gives an error saying USER1 (under which broker1 is running) doesnt have access to SERVER2!
Is there anything wrong I am doing ?
_________________
----------------------
NeVeR StOp LeaRnInG. |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Thu Sep 12, 2013 3:13 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
| abhyyy wrote: |
Thanks for your reply.
That's the core problem.
Broker1 is running as USER1.
DSN2 has to created under USER2 (so that it connects to SERVER2)
When I do mqsicvp broker1 DSN2
it gives an error saying USER1 (under which broker1 is running) doesnt have access to SERVER2!
Is there anything wrong I am doing ? |
mqsicvp does not acquire the service Id of the runtime. mqsicvp connects to the database using the user credentials you are executing under.
sudo to user2 then rerun mqsicvp.
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Thu Sep 12, 2013 3:27 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
| lancelotlinc wrote: |
sudo to user2 then rerun mqsicvp. |
Get out of bed the wrong side today?
| Quote: |
IIB 9.0 installed on Windows
|
How about running the mqsicvp command and specifying the username/password?
| Code: |
mqsicvp -n DSN2 -u user2 -p pwd
|
or something like that?
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Thu Sep 12, 2013 3:37 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
| smdavies99 wrote: |
| lancelotlinc wrote: |
sudo to user2 then rerun mqsicvp. |
Get out of bed the wrong side today?
|
I do my best coding in my sleep. What makes you think I'm out of bed? Siri, please start the coffee pot.
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
|
| abhyyy |
| Posted: Thu Sep 12, 2013 9:01 am Post subject: |
|
|
Voyager
Joined: 29 Sep 2011
Posts: 83
|
| Quote: |
How about running the mqsicvp command and specifying the username/password?
Code:
mqsicvp -n DSN2 -u user2 -p pwd
or something like that? |
Already tried that
mqsisetdbparms broker1 -n DSN1 -u user1 -p password1
mqsicvp -n DSN2 -u user2 -p password2
gives error saying "unknown flag 'u' selected.
mqsisetdbparms broker1 -n DSN2 -u user2 -p password2
mqsicvp broker1 DSN2
Gives an error as below
BIP2322E : Database error: SQL state 28000
[Microsoft][ODBC SQL server Driver][SQL server ] Login failed for user 'USER1'
Please advise .
_________________
----------------------
NeVeR StOp LeaRnInG. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Sep 12, 2013 9:11 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You have to
| Code: |
| mqsicvp BROKERNAME -n DSN -u USER -p PASSWORD |
or to verify that mqsisetdbparms worked,
| Code: |
| mqscvp BROKERNAME -n DSN |
|
|
| Back to top |
|
|
| abhyyy |
| Posted: Thu Sep 12, 2013 9:15 am Post subject: |
|
|
Voyager
Joined: 29 Sep 2011
Posts: 83
|
Both are giving errors , as mentioned above.
Any other steps to follow or anything I missed ? Thanks.
_________________
----------------------
NeVeR StOp LeaRnInG. |
|
| Back to top |
|
|
|
|
