Introduction: Modern Directories Meet Legacy Constraints
As organisations strengthen security and centralise identity management, IBM MQ administrators increasingly integrate with enterprise LDAP directories such as Microsoft Active Directory or OpenLDAP. This enables authentication using corporate credentials and authorisation through LDAP users or their group membership, instead of relying on local OS users.
However, on Windows platforms, IBM MQ still enforces a long‑standing 12‑character limit on the user ID used for authorisation. This limitation does not come from LDAP; it originates from how MQ maps authenticated identities to Windows principals for Object Authority Manager (OAM) checks. IBM MQ’s Object Authority Manager was designed to work uniformly across Windows, UNIX (AIX/Linux), and z/OS, where OS usernames traditionally max out at 12 characters.
Read the original article: