MQ

Original Post: Limits on LDAP user / group names when used with MQ? | MQ (ibm.com) 

Now I know that we can limit access by various other methods (Example: IP, Certificate, etc.).  Yet it's not ideal when you want to lockdown the specific access an account has on the Queue Manager  Yet, I believe it may become more relevant with time.

Does anybody know if IBM is planning on increasing the MQMD.UserIdentifier field length in future releases of IBM MQ?

It's currently limited to 12 characters, I've seen many backend service accounts and system administrator accounts with user id lengths exceeding 12 Characters.

IBM MQ already allowed you to authenticate and authorise users with longer than 12 characters. When user ids need to be stored in the message the short form of the user id is used so the long equivalent can be retrieved on another system.

As a result of the above I do not believe the MQMD field will ever be increased. 

What is it that you find you cannot do that leads you to ask this question?

Cheers,

Morag

Original Post: Limits on LDAP user / group names when used with MQ? | MQ (ibm.com) 

Now I know that we can limit access by various other methods (Example: IP, Certificate, etc.).  Yet it's not ideal when you want to lockdown the specific access an account has on the Queue Manager  Yet, I believe it may become more relevant with time.

Does anybody know if IBM is planning on increasing the MQMD.UserIdentifier field length in future releases of IBM MQ?

It's currently limited to 12 characters, I've seen many backend service accounts and system administrator accounts with user id lengths exceeding 12 Characters.

Hi Morag,

This is more a question of future proofing.  With more cloud services being adopted, I've found that many "useful" directory attributes often exceed 12 characters or are deliberately left empty for security reasons.

On top of that I've found that as time goes by, if a directory attribute is agreed to be limit to 12 characters, time and ignorance often leads to this self-imposed limitation being forgotten.

Regards,

IBM MQ already allowed you to authenticate and authorise users with longer than 12 characters. When user ids need to be stored in the message the short form of the user id is used so the long equivalent can be retrieved on another system.

As a result of the above I do not believe the MQMD field will ever be increased. 

What is it that you find you cannot do that leads you to ask this question?

Cheers,

Morag

Original Post: Limits on LDAP user / group names when used with MQ? | MQ (ibm.com) 

Now I know that we can limit access by various other methods (Example: IP, Certificate, etc.).  Yet it's not ideal when you want to lockdown the specific access an account has on the Queue Manager  Yet, I believe it may become more relevant with time.

Does anybody know if IBM is planning on increasing the MQMD.UserIdentifier field length in future releases of IBM MQ?

It's currently limited to 12 characters, I've seen many backend service accounts and system administrator accounts with user id lengths exceeding 12 Characters.

I think that future proofing might have already been done. I'm afraid I didn't understand from your response what it was you thought was missing.

Cheers,

Morag

Hi Morag,

This is more a question of future proofing.  With more cloud services being adopted, I've found that many "useful" directory attributes often exceed 12 characters or are deliberately left empty for security reasons.

On top of that I've found that as time goes by, if a directory attribute is agreed to be limit to 12 characters, time and ignorance often leads to this self-imposed limitation being forgotten.

Regards,

IBM MQ already allowed you to authenticate and authorise users with longer than 12 characters. When user ids need to be stored in the message the short form of the user id is used so the long equivalent can be retrieved on another system.

As a result of the above I do not believe the MQMD field will ever be increased. 

What is it that you find you cannot do that leads you to ask this question?

Cheers,

Morag

Original Post: Limits on LDAP user / group names when used with MQ? | MQ (ibm.com) 

Now I know that we can limit access by various other methods (Example: IP, Certificate, etc.).  Yet it's not ideal when you want to lockdown the specific access an account has on the Queue Manager  Yet, I believe it may become more relevant with time.

Does anybody know if IBM is planning on increasing the MQMD.UserIdentifier field length in future releases of IBM MQ?

It's currently limited to 12 characters, I've seen many backend service accounts and system administrator accounts with user id lengths exceeding 12 Characters.

Sorry I was not clear earlier.  Nothing missing.  You've answered the question.  There is currently no roadmap to extend the 12-character limitation.

From what I understand the "LDAP User Repository - Equivalent short user" needs to be set to an attribute where the value is 12 or less characters.
I'm only commenting that many Directory administrators often reference this to the "sAMAccountName" attribute which is limited to 20 characters.  If they do reference this to anther attribute, the company needs to take care to not use it for another purpose where it may exceed 12 characters.

I think that future proofing might have already been done. I'm afraid I didn't understand from your response what it was you thought was missing.

Cheers,

Morag

Hi Morag,

This is more a question of future proofing.  With more cloud services being adopted, I've found that many "useful" directory attributes often exceed 12 characters or are deliberately left empty for security reasons.

On top of that I've found that as time goes by, if a directory attribute is agreed to be limit to 12 characters, time and ignorance often leads to this self-imposed limitation being forgotten.

Regards,

IBM MQ already allowed you to authenticate and authorise users with longer than 12 characters. When user ids need to be stored in the message the short form of the user id is used so the long equivalent can be retrieved on another system.

As a result of the above I do not believe the MQMD field will ever be increased. 

What is it that you find you cannot do that leads you to ask this question?

Cheers,

Morag

Original Post: Limits on LDAP user / group names when used with MQ? | MQ (ibm.com) 

Now I know that we can limit access by various other methods (Example: IP, Certificate, etc.).  Yet it's not ideal when you want to lockdown the specific access an account has on the Queue Manager  Yet, I believe it may become more relevant with time.

Does anybody know if IBM is planning on increasing the MQMD.UserIdentifier field length in future releases of IBM MQ?

It's currently limited to 12 characters, I've seen many backend service accounts and system administrator accounts with user id lengths exceeding 12 Characters.