Hi Manoj,
IBM MQ has a limit of 12 characters for users as this user is copied into the message header (and that field is fixed at a max size of 12).
In LDAP mode you can authenticate and authorise users that are longer than 12 but if you want to adopt the user as the identity then you have to provide a field that MQ can find a 12 character or less userid to adopt. The field that MQ will look in is set via the SHORTUSR setting on your AUTHINFO object.
For example: if my ldap DN was CN=Robert,SN=Parker,O=IBM and then within that record I had an 'email' field and a custom 'user' field then I could potentially set SHORTUSR('user') so long as that field was always 12 or less. Email isn't likely to work because most email addresses are longer than 12 characters.
I hope this helps!
------------------------------
Rob Parker
Security Architect, IBM MQ Distributed
IBM UK Ltd
------------------------------
Original Message:
Sent: Thu August 18, 2022 03:55 PM
From: Manoj Kumar
Subject: How to authenticate a ldap user more than 12 character
Hi Team,
I am trying to connect a MQ server from MQ explorer using ldap user. I am able to connect if user is less than 12 character but its giving error if user is greater than 12 character. How it will work for a ldap user which is more than 12 character?
I have disabled the compatibility mode in MQ explorer also as per below technote but no luck
https://www.ibm.com/support/pages/how-specify-userid-and-password-mq-explorer-8-and-9x
------------------------------
Manoj Kumar
------------------------------