Managing security information with mqsusertool command line tool

The mqsusertool command can be used to manage TrueSight Middleware and Transaction Monitor security information. The tool runs in several modes based on a sub-command verb specified at the first command line option. The syntax for these different modes is described in the following sections: 

mqsusertool options for account verb

The account verb allows for setting or resetting a user account or service user account password.

mqsusertool --account <account_options> -target <target> <target_options>
[<target> <target_options>]*
mqsusertool --account –help

<account_options> are the arguments and options for the --account command:

-user <user> -password <password> or -sync -user <user> or -syncall

-syncall synchronizes passwords for all services among targets
-sync synchronizes passwords for specific service/user among targets
-user <user> refers to the user/service account to be modified (required)
-password <password> refers to the password to be set for the user/service (required)

mqsusertool options for database verb

The database verb enables you to set up the database information or credentials.

mqsusertool --database -h

mqsusertool 8.1.00 (build 196)
(C) Copyright 1996-2016 BMC Software, Inc.

mqsusertool --database database_options -target target target_options

[target target_options]*

mqsusertool --database --help

database_options - arguments and options for the --database command:

-group group - group keeping database settings to be modified (optional, default: database_login)

-db_name name - database name

-db_type type - database type:

"DB2" or DB2
"Oracle 11.2" or ORACLE_112
"Oracle 12.1" or ORACLE_121
"Microsoft SQL Server" or MSSQL

-db_user name - database user

-db_password password - database password

target - target for the request (required)

FILE - file (for --account only)

LDAP - Apache LDAP

ADS - Windows Active Directory Service

STANDALONE - Start a standalone LDAP server (to be used only when qpas will not start due to an incorrect DB configuration specified during installation or the DB credentials have been altered)

target_options - arguments and options if target FILE was selected

-file file - file keeping the settings to be modified (optional, default: services.cfg)

target_options - arguments and options if target LDAP or ADS was selected

-logon_user user - user for logging on to the directory service (required)

-logon_password password - password for logging on to the directory service (required)

-logon_host host - host of the directory service (optional, default: Read from services.cfg)

-logon_port port - port number of the directory service (optional, default: Read from services.cfg)

-certChain - CA certChain to be used for secured connection (optional, default: Read from services.cfg)

-storepass - the password for the CA certChain (optional if entry in services.cfg is readable, required otherwise. default: Read from services.cfg)

-configfile - the login configuration file (optional, default: jetty/apache-ds_jaas.config for LDAP, jetty/ADS_jaas.config for ADS)


mqsusertool --database -target STANDALONE -logon_user SA -logon_password BMCSOFTWARE -db_type <dbtype> -db_name <dbname> -db_user <dbusername> -db_password <dbpassword>

If you are still encountering database issues after implementing the above, contact BMC Support.

mqsusertool options for encode verb

The encode verb enables you to manually encode credential passwords for different security functions.

<encoding_options> arguments and options for the --encode command:

-t <transformation> transformation algorithm (optional, default: Cryptor)

Was this page helpful? Yes No Submitting... Thank you