WizardCommands command group for the AdminTask object

You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the WizardCommands group can be used to configure security using similar actions to the security wizard panels in the administrative console.

The WizardCommands command group for the AdminTask object includes the following commands:

addToAdminAuthz

The addToAdminAuthz command adds a new administrative user to your configuration.

Required parameters

adminUser
Specifies the name of the administrative user that you want to add to your configuration.

Examples

Batch mode example usage:

Interactive mode example usage:

applyWizardSettings

The applyWizardSettings command applies the current security wizard settings from the workspace.

Required parameters

adminName
Specifies the name of the user with administrative privileges that is defined in the registry.
secureApps
Specifies whether to set application-level security. This type of security provides application isolation and requirements for authenticating application users.

You can specify a true or false value.

Avoid trouble Avoid trouble: The value that you set for this parameter might be overridden by a value at the server level.gotcha
secureLocalResources
Specifies whether to set Java 2 security. If you enable Java 2 security and an application requires more Java 2 security permissions than are granted in the default policy, then the application might fail to run properly. By default, access to local resources is not restricted. You can choose to disable Java 2 security, even when application security is enabled.

You can specify a true or false value.

userRegistryType
Specifies a valid user registry type. The following type values are valid:
  • LDAPUserRegistry

    This registry type uses the Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups exist in an external LDAP directory.

  • CustomUserRegistry

    This type specifies a custom registry that implements the UserRegistry interface in the com.ibm.websphere.security package. If you specify this user registry type, use the customRegistryClass parameter to specify the class name for the user registry.

  • WIMUserRegistry

    This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the administrative console. A registry type manages identities in a single, virtual realm that is stored in multiple repositories.

  • LocalOSUserRegistry

    This value specifies the registry for the local operating system of the application server.

Optional parameters

adminPassword
Specifies a password for the user with administrative privileges that is defined in the registry.
customProps
Specifies a custom property.
customRegistryClass
Specifies a dot-separated class name that implements the UserRegistry interface in the com.ibm.websphere.security package. Include this parameter if you specify CustomUserRegistry for the userRegistryType parameter.
ignoreCase
Indicates that when an authorization check is performed, the check is not case-sensitive.

You can specify a true or false value.

ldapServerType
Specifies a valid Lightweight Directory Access Protocol (LDAP) server type. The following type values are valid:
  • IBM_DIRECTORY_SERVER

    This value refers to a supported IBM® Tivoli® Directory Server version.

  • IPLANET

    This value refers to a supported Sun Java System Directory Server version.

  • NDS

    This value refers to a supported Novell eDirectory version.

  • DOMINO502

    This value refers to a supported IBM Lotus® Domino® server version.

  • SECUREWAY

    This value refers to an IBM SecureWay Directory Server version.

  • ACTIVE_DIRECTORY

    This value refers to a supported Microsoft® Active Directory version.

  • CUSTOM

    This value refers to a custom registry implementation.

For more information about the supported LDAP server versions, see the WebSphere® Application Server detailed system requirements documentation.

ldapBaseDN
Specifies the base distinguished name of the directory service, which indicates the starting point for Lightweight Directory Access Protocol (LDAP) searches in the directory service. For example, ou=Rochester, o=IBM, c=us.
ldapBindDN
Specifies the distinguished name for the application server, which is used to bind to the directory service.
ldapBindPassword
Specifies the password for the application server, which is used to bind to the directory service.
ldapHostName
Specifies the (LDAP server host name. This host name is either an IP address or a domain name service (DNS) name.
ldapPort
Specifies a valid LDAP server port number.

Examples

Batch mode example usage:

Interactive mode example usage:

getCurrentWizardSettings

The getCurrentWizardSettings command retrieves the current security wizard settings from the workspace.

Parameters

None

Examples

Batch mode example usage:

Interactive mode example usage:

isAdminLockedOut

The isAdminLockedOut command verifies that at least one administrative user exists in the input user registry.

Required parameters

registryType
Specifies a valid user registry type. The following type values are valid:
  • LDAPUserRegistry

    This registry type uses the Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups exist in an external LDAP directory.

  • CustomUserRegistry

    This type specifies a custom registry.

  • WIMUserRegistry

    This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the administrative console. This registry type manages identities in a single, virtual realm that is stored in multiple repositories.

  • LocalOSUserRegistry

    This value specifies the registry for the local operating system of the application server.

Examples

Batch mode example usage:

Interactive mode example usage:

isAppSecurityEnabled

The isAppSecurityEnabled command returns a true or false value that indicates whether application security is enabled.

Parameters

None

Examples

Batch mode example usage:

Interactive mode example usage:

isGlobalSecurityEnabled

The isGlobalSecurityEnabled command returns a true or false value that indicates whether administrative security is enabled.

Parameters

None

Examples

Batch mode example usage:

Interactive mode example usage:

setGlobalSecurity

The setGlobalSecurity command changes whether administrative security is enabled.

Required parameters

enabled
Specifies whether to enable administrative security. This enabled parameter is equivalent to the Enable application security option on the administrative console.

You must specify either a true or false value.

Examples

Batch mode example usage:

Interactive mode example usage:

setUseRegistryServerId

The setUseRegistryServerId command updates the useRegistryServerId field in the user registry object within the security.xml file with a true or flase value. If you set the field value to true, the application server uses a user-specified server ID for interprocess communications.

Required parameters

useRegistryServerId
Specifies a true or false value for the useRegistryServerId setting.
useRegistryType
Specifies a valid user registry type. The following type values are valid:
  • LDAPUserRegistry

    This registry type uses the Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups exist in an external LDAP directory.

  • CustomUserRegistry

    This type specifies a custom registry.

  • WIMUserRegistry

    This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the administrative console. A registry type manages identities in a single, virtual realm that is stored in multiple repositories.

  • LocalOSUserRegistry

    This value specifies the registry for the local operating system of the application server.

Examples

Batch mode example usage:

Interactive mode example usage:

validateAdminName

The validateAdminName command verifies whether an administrator name exists in the input user registry.

Required parameters

adminUser
Specifies an administrative user name.
registryType
Specifies a valid user registry type. The following type values are valid:
  • LDAPUserRegistry

    This registry type uses the Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups exist in an external LDAP directory.

  • CustomUserRegistry

    This type specifies a custom registry.

  • WIMUserRegistry

    This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the administrative console. A registry type manages identities in a single, virtual realm that is stored in multiple repositories.

  • LocalOSUserRegistry

    This value specifies the registry for the local operating system of the application server.

Optional parameters

ldapServerType
Specifies a valid LDAP server type. The following type values are valid:
  • IBM_DIRECTORY_SERVER

    This value refers to a supported IBM Tivoli Directory Server version.

  • IPLANET

    This value refers to a supported Sun Java System Directory Server version.

  • NDS

    This value refers to a supported Novell eDirectory version.

  • DOMINO502

    This value refers to a supported IBM Lotus Domino server version.

  • SECUREWAY

    This value refers to an IBM SecureWay Directory Server version.

  • ACTIVE_DIRECTORY

    This value refers to a supported Microsoft Active Directory version.

  • CUSTOM

    This value refers to a custom registry implementation.

For more information about the supported LDAP server versions, see the WebSphere Application Server detailed system requirements documentation.

Examples

Batch mode example usage:

Interactive mode example usage:

validateLDAPConnection

The validateLDAPConnection command validates the connection to a specified LDAP server.

Required parameters

hostname
Specifies the LDAP server host name. This host name is either an IP address or a domain name service (DNS) name.
sslEnabled
Specifies whether secure socket communications is enabled with the Lightweight Directory Access Protocol (LDAP) server. When this option is selected, LDAP Secure Sockets Layer (SSL) settings are used, if specified.
type
Specifies a valid LDAP registry type. The following type values are valid:
  • IBM_DIRECTORY_SERVER

    This value refers to a supported IBM Tivoli Directory Server version.

  • IPLANET

    This value refers to a supported Sun Java System Directory Server version.

  • NDS

    This value refers to a supported Novell eDirectory version.

  • DOMINO502

    This value refers to a supported IBM Lotus Domino server version.

  • SECUREWAY

    This value refers to an IBM SecureWay Directory Server version.

  • ACTIVE_DIRECTORY

    This value refers to a supported Microsoft Active Directory version.

  • CUSTOM

    This value refers to a custom registry implementation.

For more information about the supported LDAP server versions, see the WebSphere Application Server detailed system requirements documentation.

Optional parameters

baseDN
Specifies the base distinguished name of the directory service, which indicates the starting point for LDAP searches in the directory service. For example, ou=Rochester, o=IBM, c=us
bindDN
Specifies the distinguished name for the application server, which is used to bind to the directory service.
bindPassword
Specifies the password for the application server, which is used to bind to the directory service.
port
Specifies the LDAP server port number.
securityDomainName
Specifies the name that is used to uniquely identify the security domain.
sslAlias
Specifies which SSL configuration to use for LDAP.

Examples

Batch mode example usage:

Interactive mode example usage:

WIMCheckPassword

The WIMCheckPassword command validates the user name and password in the federated repository.

Required parameters

username
Specifies the name of the user.
password
Specifies the password for the user.

Examples

Batch mode example usage:

Interactive mode example usage:




Related tasks
Using the wsadmin scripting AdminTask object for scripted administration
Related reference
Commands for the AdminTask object using wsadmin scripting
Related information
WebSphere Application Server detailed system requirements
Reference topic Reference topic    

Terms of Use | Feedback

Last updatedLast updated: Sep 19, 2011 5:16:49 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-base-iseries&topic=rxml_atwizardcmds
File name: rxml_atwizardcmds.html