You can use the Jython or Jacl scripting languages to configure
security. The commands and parameters in the IdMgrRepositoryConfig
group can be used to create and manage the virtual member manager
and LDAP directory properties.
The IdMgrRepositoryConfig command group for the AdminTask object
includes the following commands:
addIdMgrLDAPAttr
Use the addIdMgrLDAPAttr command
to add an LDAP attribute configuration to the LDAP repository configuration.
Target object
None
Required parameters
- -id
- Use this parameter to specify the unique ID of the repository.
(String, required)
- -name
- Use this parameter to specify the name of the LDAP attribute used
in the repository LDAP adapter. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -propertyName
- Use this parameter to specify the name of the corresponding federated
repository property. (String, optional)
Note: You cannot add an LDAP
attribute configuration for the federated repository properties, principalName
and realm.
Supported configurations: If you define multiple login
properties, then the first login property is programmatically mapped
to the federated repositories principalName property. For example,
if you set
uid;mail as the login properties,
the LDAP attribute uid value is mapped to the federated repositories
principalName property. If you define multiple login properties, after
login, the first login property is returned as the value of the principalName
property. For example, if you pass
joe@yourco.com as the principalName value and the login properties are configured
as uid;mail, the principalName is returned as joe.
sptcfg
- -entityTypes
- Use this parameter to specify the entity type which applies the
attribute mapping. (String, optional)
- -syntax
- Use this parameter to specify the syntax of the LDAP attribute.
The default value is string. For example, the syntax of the unicodePwd LDAP
attribute is octetString. (String, optional)
- -defaultValue
- Use this parameter to specify the default value of the LDAP attribute.
If you do not specify this LDAP attribute when you create an entity
which this LDAP attribute applies to, the system adds the attribute
using this default value. (String, optional)
- -defaultAttr
- Use this parameter to specify the default attribute of the LDAP
attribute. If you do not specify this LDAP attribute when you create
an entity which this LDAP attribute applies to, the system uses this
value of the default attribute.
For example, the following configuration
defines a samAccountName LDAP attribute with the cn default attribute:
<config:attributes name="samAccountName" defaultAttribute="cn">
<config:entityTypes>Group</config:entityTypes>
</config:attributes>
In this example, when you
create the Group entity, the samAccountName LDAP attribute with the
same value as the cn attribute is added to the corresponding LDAP
entry.
(String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPAttr {-id id_name -name unicode_password -syntax octet_string}
Using Jython string:
AdminTask.addIdMgrLDAPAttr ('[-id id_name -name unicode_password -syntax octet_string]')
Using Jython list:
AdminTask.addIdMgrLDAPAttr (['-id', 'id_name', '-name', 'unicode_password', '-syntax', 'octet_string'])
Interactive mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPAttr {-interactive}
Using Jython:
AdminTask.addIdMgrLDAPAttr('-interactive')
addIdMgrLDAPAttrNotSupported
Use
the addIdMgrLDAPAttrNotSupported command to add
a configuration for a federated repository property that the specified
LDAP repository does not support.
Required
parameters
- -id
- Use this parameter to specify the unique ID of the repository.
(String, required)
- -propertyName
- Use this parameter to specify the name of the federated repository
property. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -entityTypes
- Use this parameter to specify one or more entity types. Use the
semicolon (;) as the delimiter to specify multiple entity types. (String,
optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPAttrNotSupported {-id id_name -propertyName property_name}
Using Jython string:
AdminTask.addIdMgrLDAPAttrNotSupported ('[-id id_name –propertyName property_name]')
Using Jython list:
AdminTask.addIdMgrLDAPAttrNotSupported (['-id', 'id_name', '-propertyName', 'property_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPAttrNotSupported {-interactive}
Using Jython:
AdminTask.addIdMgrLDAPAttrNotSupported('-interactive')
addIdMgrLDAPBackupServer
The addIdMgrLDAPBackupServer command
sets a backup LDAP server in your configuration.
Required parameters
- -id
- Specifies the unique ID of the repository. (String, required)
- -primary_host
- Specifies the primary host of the LDAP server. (String, required)
- -host
- Specifies the host name for the LDAP server. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -port
- Specifies the port number for the LDAP server. (Integer, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPBackupServer {-id id_name -primary_host host_name1 -host host_name2 -port port_number}
Using Jython string:
AdminTask.addIdMgrLDAPBackupServer ('[-id id_name -primary_host host_name1 -host host_name2 -port port_number]')
Using Jython list:
AdminTask.addIdMgrLDAPBackupServer (['-id', 'id_name', '-primary_host', 'host_name1', '-host', 'host_name2', '-port', 'port_number'])
Interactive mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPBackupServer {-interactive}
Using Jython:
AdminTask.addIdMgrLDAPBackupServer('-interactive')
addIdMgrLDAPEntityType
The addIdMgrLDAPEntityType command
adds an LDAP entity type definition.
Required
parameters
- -id
- The ID of the repository. (String, required)
- -name
- The name of the entity type. (String, required)
- -objectClasses
- One or more object classes for the entity type. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -searchFilter
- The search filter that you want to use to search the entity type.
(String, optional)
- -objectClassesForCreate
- The object class to use when an entity type is created. If the
value of this parameter is the same as the objectClass parameter,
you do not need to specify this parameter. (String, optional)
- -searchBases
- The search base or bases to use while searching the entity type.
(String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPEntityType {-id id_name -name name_value -objectClasses object_class}
Using Jython string:
AdminTask.addIdMgrLDAPEntityType ('[-id id_name -name name_value -objectClasses object_class]')
Using Jython list:
AdminTask.addIdMgrLDAPEntityType (['-id', 'id_name', '-name', 'name_value', '-objectClasses', 'object_class'])
Interactive mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPEntityType {-interactive}
Using Jython string:
AdminTask.addIdMgrLDAPEntityType ('[-interactive]')
Using Jython list:
AdminTask.addIdMgrLDAPEntityType (['-interactive'])
addIdMgrLDAPEntityTypeRDNAttr
The addIdMgrLDAPEntityTypeRDNAttr command adds RDN attribute configuration
to an LDAP entity type definition.
Required
parameters
- -id
- The ID of the repository. (String, required)
- -entityTypeName
- The name of the entity type. (String, required)
- -name
- The attribute name that is used to build the relative distinguished
name (RDN) for the entity type. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -objectClass
- The object class to use for the entity type for the relative distinguished
name (RDN) attribute name that you specify. Use this parameter to
map one entity type to multiple structural object classes. (String,
optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPEntityTypeRDNAttr {-id id_name -entityTypeName entity_type -name name_value}
Using Jython string:
AdminTask.addIdMgrLDAPEntityTypeRDNAttr ('[-id id_name -entityTypeName entity_type -name name_value]')
Using Jython list:
AdminTask.addIdMgrLDAPEntityTypeRDNAttr (['-id', 'id_name', '-entityTypeName', 'entity_type', '-name', 'name_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPEntityTypeRDNAttr {-interactive}
Using Jython string:
AdminTask.addIdMgrLDAPEntityTypeRDNAttr ('[-interactive]')
Using Jython list:
AdminTask.addIdMgrLDAPEntityTypeRDNAttr (['-interactive'])
addIdMgrLDAPExternalIdAttr
Use the addIdMgrLDAPExternalIdAttr command
to add a configuration for an LDAP attribute that is used as an external
ID in the specified LDAP repository.
Target
object
None
Required parameters
- -id
- Use this parameter to specify the unique ID of the repository.
(String, required)
- -name
- Use this parameter to specify the name of the external ID attribute
of the LDAP repository. (String, required)
Important: Specify distinguishedName as
the value of this parameter to indicate that the distinguished name
(DN) of the entity is used as the external ID.
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -entityTypes
- Use this parameter to specify one or more entity types. Use a
semicolon (;) as the delimiter to specify multiple entity types. (String,
optional)
- -syntax
- Use this parameter to specify the syntax of the LDAP attribute.
The default value is string. For example, the syntax of the unicodePwd
LDAP attribute is octetString. (String, optional)
- -wimGenerate
- Use this parameter to indicate whether the federated repository
generates the value of the LDAP attribute. The default value is false.
(Boolean, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPExternalIdAttr {-id id_name -name unicodePwd -syntax octetString}
Using Jython string:
AdminTask.addIdMgrLDAPExternalIdAttr ('[-id id_name -name unicode_password -syntax octet_string]')
Using Jython list:
AdminTask.addIdMgrLDAPExternalIdAttr (['-id', 'id_name', '-name', 'unicode_password', '-syntax', 'octet_string'])
Interactive mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPExternalIdAttr {-interactive}
Using Jython:
AdminTask.addIdMgrLDAPExternalIdAttr('-interactive')
addIdMgrLDAPGroupDynamicMemberAttr
The addIdMgrLDAPGroupDynamicMemberAttr command adds a dynamic member attribute
configuration to an LDAP group configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
- -name
- The name of the LDAP attribute that is used as the group member
attribute. For example, member or uniqueMember.
(String, required)
- -objectClass
- The group object class that contains the member attribute. For
example, groupOfNames or groupOfUniqueNames. If
you do not define this parameter, the member attribute applies to
all group object classes. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPGroupDynamicMemberAttr {-id id_name -name name_value -objectClass object_class}
Using Jython string:
AdminTask.addIdMgrLDAPGroupDynamicMemberAttr ('[-id id_name -name name_value -objectClass object_class]')
Using Jython list:
AdminTask.addIdMgrLDAPGroupDynamicMemberAttr (['-id', 'id_name', '-name', 'name_value', '-objectClass', 'object_class'])
Interactive mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPGroupDynamicMemberAttr {-interactive}
Using Jython string:
AdminTask.addIdMgrLDAPGroupDynamicMemberAttr ('[-interactive]')
Using Jython list:
AdminTask.addIdMgrLDAPGroupDynamicMemberAttr (['-interactive'])
addIdMgrLDAPGroupMemberAttr
The addIdMgrLDAPGroupMemberAttr command adds a member attribute configuration
to an LDAP group configuration.
Required
parameters
- -id
- The ID of the repository. (String, required)
- -name
- The name of the LDAP attribute that is used as the group member
attribute. For example, member or uniqueMember.
(String, required)
- -scope
- The scope of the member attribute. The valid values for this parameter
include the following:
- direct - The member attribute only contains direct members, therefore,
this value refers to the member directly contained by the group and
not contained through the nested group. For example, if Group1 contains
Group2 and Group2 contains User1, then Group2 is a direct member of
Group1 but User1 is not a direct member of Group1. Both member and uniqueMember are
direct member attributes.
- nested - The member attribute that contains the direct members
and the nested members.
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -dummyMember
- Indicates that if you create a group without specifying a member,
a dummy member will be filled in to avoid creating an exception about
missing a mandatory attribute. (String, optional)
- -objectClass
- The group object class that contains the member attribute. For
example, groupOfNames or groupOfUniqueNames. If
you do not define this parameter, the member attribute applies to
all group object classes. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPGroupMemberAttr {-id id_name -name name_value}
Using Jython string:
AdminTask.addIdMgrLDAPGroupMemberAttr ('[-id id_name -name name_value]')
Using Jython list:
AdminTask.addIdMgrLDAPGroupMemberAttr (['-id', 'id_name', '-name', 'name_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPGroupMemberAttr {-interactive}
Using Jython string:
AdminTask.addIdMgrLDAPGroupMemberAttr ('[-interactive]')
Using Jython list:
AdminTask.addIdMgrLDAPGroupMemberAttr (['-interactive'])
addIdMgrLDAPServer
The addIdMgrLDAPServer command adds an LDAP server to the LDAP repository ID that
you specify.
If the value of the sslEnabled parameter
is set to
true, the
addIdMgrLDAPServer command operation
will fail while trying to validate the connection. To workaround this
problem, perform the following steps:
- Start WebSphere® Application Server.
- Start the wsadmin tool without specifying the -conntype none option.
Required parameters
- -id
- The ID of the repository. (String, required)
- -host
- The host name for the primary LDAP server. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -port
- The port number for the LDAP server. (Integer, optional)
- -bindDN
- The binding distinguished name for the LDAP server. (String, optional)
- -bindPassword
- The binding password. (String, optional)
- -authentication
- Indicates the authentication method to use. The default value
is simple. Valid values include: none or strong.
(String, optional)
- -referal
- The LDAP referral. The default value is ignore. Valid
values include: follow, throw, or false.
(String, optional)
- -derefAliases
- Controls how aliases are dereferenced. The default value is always.
Valid values include:
- never - never deference aliases
- finding - deferences aliases only during name resolution
- searching - deferences aliases only after name resolution
(String, optional)
- -sslEnabled
- Indicates to enable SSL or not. The default value is false.
(Boolean, optional)
- -connectionPool
- The connection pool. The default value is false. (Boolean,
optional)
- -connectTimeout
- The connection timeout in seconds. The default value is 20.
(Integer, optional)
Restriction: Due to a current JNDI
limitation, the maximum connection timeout is 20 seconds. Even if
you specify a value above 20 seconds, the connection still times out
at 20 seconds.
- -ldapServerType
- The type of LDAP server being used. The default value is IDS51.
(String, optional)
- -sslConfiguration
- The SSL configuration. (String, optional)
- -certificateMapMode
- Specifies whether to map X.509 certificates into a LDAP directory
by exact distinguished name or by certificate filter. The default
value is EXACT_DN. To use the certificate filter for the mapping,
specify FILTERDESCRIPTORMODE. (String, optional)
- -certificateFilter
- If certificateMapMode has the value FILTERDESCRIPTORMODE, then
this property specifies the LDAP filter which maps attributes in the
client certificate to entries in LDAP. For more information, see the
section Certificate filter in the topic, Lightweight Directory Access
Protocol repository configuration settings. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPServer {-id id_name -host myhost.ibm.com}
Using Jython string:
AdminTask.addIdMgrLDAPServer ('[-id id_name -host myhost.ibm.com]')
Using Jython list:
AdminTask.addIdMgrLDAPServer (['-id', 'id_name', '-host', 'myhost.ibm.com'])
Interactive mode example usage:
Using Jacl:
$AdminTask addIdMgrLDAPServer {-interactive}
Using Jython string:
AdminTask.addIdMgrLDAPServer ('[-interactive]')
Using Jython list:
AdminTask.addIdMgrLDAPServer (['-interactive'])
addIdMgrRepositoryBaseEntry
The addIdMgrRepositoryBaseEntry command adds a base entry to the specified
repository.
Required parameters
- -id
- The ID of the repository. (String, required)
- -name
- The distinguished name of a base entry. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -nameInRepository
- The distinguished name in the repository that uniquely identifies
the base entry name. (String, optional)
Avoid trouble: ![[Updated in August 2011]](../../delta.gif)
The values specified for both
name and
nameInRepository parameters
must be the same for a database repository.
![[Updated in August 2011]](../../deltaend.gif)
aug2011
gotcha
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask addIdMgrRepositoryBaseEntry {-id id_name -name name_value}
Using Jython string:
AdminTask.addIdMgrRepositoryBaseEntry ('[-id id_name -name name_value]')
Using Jython list:
AdminTask.addIdMgrRepositoryBaseEntry (['-id', 'id_name', '-name', 'name_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask addIdMgrRepositoryBaseEntry {-interactive}
Using Jython string:
AdminTask.addIdMgrRepositoryBaseEntry ('[-interactive]')
Using Jython list:
AdminTask.addIdMgrRepositoryBaseEntry (['-interactive'])
createIdMgrCustomRepository
The createIdMgrCustomRepository command
creates a custom repository configuration.
Required
parameters
- -id
- The ID of the repository. (String, required)
- -adapterClassName
- The implementation class name for the repository adapter. (String,
required)
Examples
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Batch mode example usage:
Using Jacl:
$AdminTask createIdMgrCustomRepository {-id id_name -adapterClassName adapter_class_name}
Using Jython string:
AdminTask.createIdMgrCustomRepository('-id id_name -adapterClassName adapter_class_name')
Using Jython list:
AdminTask.createIdMgrCustomRepository(['-id', 'id_name', '-adapterClassName', 'adapter_class_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask createIdMgrCustomRepository {-interactive}
Using Jython:
AdminTask.createIdMgrCustomRepository('-interactive')
createIdMgrDBRepository
The createIdMgrDBRepository command
creates a database repository configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
- -dataSourceName
- The name of the data source. The default value is jdbc/wimDS.
(String, required)
- -databaseType
- The type of the database. The default value is DB2. (String,
required)
- -dbURL
- The URL of the database. (String, required)
- -dbAdminId
- The database administrator ID. (String, required if database type
is not Apache Derby.)
- -dbAdminPassword
- The database administrator password. (String, required if database
type is not Apache Derby.)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -adapterClassName
- The default value is com.ibm.ws.wim.adapter.db.DBAdapter.
(String, optional)
- -JDBCDriverClass
- The JDBC driver class name. (String, optional)
- -supportSorting
- Indicates if sorting is supported or not. The default value is false.
(Boolean, optional)
- -supportTransactions
- Indicates if transactions are supported or not. The default value
is false. (Boolean, optional)
- -isExtIdUnique
- Specifies if the external ID is unique. The default value is true.
(Boolean, optional)
- -supportExternalName
- Indicates if external names are supported or not. The default
value is false. (Boolean, optional)
-
-supportAsyncMode ![[Updated in July 2011]](../../deltaend.gif)
jul2011
-
Indicates if the adapter supports async mode or not. The default
value is false. (Boolean, optional) ![[Updated in July 2011]](../../deltaend.gif)
jul2011
-
-readOnly ![[Updated in July 2011]](../../deltaend.gif)
jul2011
-
Indicates if this is a read only repository. The default value
is false. (Boolean, optional) ![[Updated in July 2011]](../../deltaend.gif)
jul2011
- -entityRetrievalLimit
- Indicates the value of the retrieval limit on database entries.
The default value is 200. (Integer, optional)
- -saltLength
- The salt length in bits. The default value is 12. (Integer,
optional)
- -encryptionKey
- The default value is rZ15ws0ely9yHk3zCs3sTMv/ho8fY17s.
(String, optional)
- -dbSchema
- The database schema of the database repository that you want to
configure. The default value is the default schema of the database
according to the database type. Typically, the default schema is the
namespace of the current database user. (String, optional).
- -tablespacePrefix
- The tablespace prefix. The maximum length allowed for this string
is 3 characters. The value of tablespacePrefix parameter is required
when you use the dbSchema parameter. It is specific to DB2 for z/OS
and will be ignored for any other database type. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask createIdMgrDBRepository {-id id_name -dataSourceName datasource_name -databaseType database_type}
Using Jython string:
AdminTask.createIdMgrDBRepository ('[-id id_name -dataSourceName datasource_name -databaseType database_type]')
Using Jython list:
AdminTask.createIdMgrDBRepository (['-id', 'id_name', '-dataSourceName', 'datasource_name', '-databaseType', 'database_type'])
Interactive mode example usage:
Using Jacl:
$AdminTask createIdMgrDBRepository {-interactive}
Using Jython string:
AdminTask.createIdMgrDBRepository ('[-interactive]')
Using Jython list:
AdminTask.createIdMgrDBRepository (['-interactive'])
createIdMgrFileRepository
The createIdMgrFileRepository command creates a file repository configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -messageDigest Algorithm
- The message digest algorithm that will be used for hashing the
password. The default value is SHA-1. Valid values include
the following: SHA-1, SHA-384, or SHA-512.(String,
optional)
- -adapterClassName
- The default value is com.ibm.ws.wim.adapter.file.was.FileAdapter.
(String, optional)
- -supportPaging
- Indicates if paging is supported or not. The default value is false.
(Boolean, optional)
- -supportSorting
- Indicates if sorting is supported or not. The default value is false.
(Boolean, optional)
- -supportTransactions
- Indicates if transaction is supported or not. The default value
is false. (Boolean, optional)
- -isExtIdUnique
- Specifies if the external ID is unique or not. The default value
is true. (Boolean, optional)
-
-supportAsyncMode ![[Updated in July 2011]](../../deltaend.gif)
jul2011
-
Indicates if the adapter supports async mode or not. The default
value is false. (Boolean, optional) ![[Updated in July 2011]](../../deltaend.gif)
jul2011
- -supportExternalName
- Indicates if external names are supported or not. The default
value is false. (Boolean, optional)
- -baseDirectory
- The base directory where the fill will be created in order to
store the data. The default is to be dynamically built during run
time using user.install.root and cell name. (String, optional)
- -fileName
- The file name of the repository. The default value is fileRegistry.xml.
(String, optional)
- -saltLength
- The salt length of the randomly generated salt for password hashing.
The default value is 12. (Integer, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask createIdMgrFileRepository {-id id_name -messageDigestAlgorithm algorithm_value}
Using Jython string:
AdminTask.createIdMgrFileRepository ('[-id id_name -messageDigestAlgorithm algorithm_value]')
Using Jython list:
AdminTask.createIdMgrFileRepository (['-id', 'id_name', '-messageDigestAlgorithm', 'algorithm_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask createIdMgrFileRepository {-interactive}
Using Jython string:
AdminTask.createIdMgrFileRepository ('[-interactive]')
Using Jython list:
AdminTask.createIdMgrFileRepository (['-interactive'])
createIdMgrLDAPRepository
The createIdMgrLDAPRepository command creates an LDAP repository configuration.
Required parameters
- -id
- The unique identifier for the repository. (String, required)
- -ldapServerType
- The type of LDAP server that is being used. The default value
is IDS51. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -adapterClassName
- The default value is com.ibm.ws.wim.adapter.ldap.LdapAdapter. (String,
optional)
- -supportSorting
- Indicates if sorting is supported or not. The default value is false.
(Boolean, optional)
- -supportPaging
- Indicates if paging is supported or not. The default value is false.
(Boolean, optional)
- -supportTransactions
- Indicates if transactions are supported or not. The default value
is false. (Boolean, optional)
- -isExtIdUnique
- Specifies if the external ID is unique. The default value is true.
(Boolean, optional)
-
-supportAsyncMode ![[Updated in July 2011]](../../deltaend.gif)
jul2011
-
Indicates if the adapter supports async mode or not. The default
value is false. (Boolean, optional) ![[Updated in July 2011]](../../deltaend.gif)
jul2011
- -supportExternalName
- Indicates if external names are supported or not. The default
value is false. (Boolean, optional)
-
-certificateMapMode ![[Updated in July 2011]](../../deltaend.gif)
jul2011
-
Specifies whether to map X.509 certificates into a LDAP directory
by exact distinguished name or by certificate filter. The default
value is exactdn. To use the certificate filter for the mapping,
specify the value as certificatefilter. (String, optional) ![[Updated in July 2011]](../../deltaend.gif)
jul2011
-
-certificateFilter ![[Updated in July 2011]](../../deltaend.gif)
jul2011
-
If the certificateMapMode parameter has the value certificatefilter,
then this property specifies the LDAP filter that maps attributes
in the client certificate to entries in LDAP. (String, optional) ![[Updated in July 2011]](../../deltaend.gif)
jul2011
-
-loginProperties ![[Updated in July 2011]](../../deltaend.gif)
jul2011
-
Indicates the property name used for login. (String , optional)
Supported configurations: If you define multiple login
properties, then the first login property is programmatically mapped
to the federated repositories principalName property. For example,
if you set
uid;mail as the login properties,
the LDAP attribute uid value is mapped to the federated repositories
principalName property. If you define multiple login properties, after
login, the first login property is returned as the value of the principalName
property. For example, if you pass
joe@yourco.com as the principalName value and the login properties are configured
as uid;mail, the principalName is returned as joe.
sptcfg
![[Updated in July 2011]](../../deltaend.gif)
jul2011
- -sslConfiguration
- The SSL configuration. (String, optional)
- -translateRDN
- Indicates to translate RDN or not. The default value is false.
(Boolean, optional)
- -searchTimeLimit
- The value of search time limit. (Integer, optional)
- -searchCountLimit
- The value of search count limit. (Integer, optional)
- -searchPageSize
- The value of search page size. (Integer, optional)
- -returnToPrimaryServer
- (Integer, optional)
- -primaryServerQueryTimeInterval
- (Integer, optional)
- -default
- If you set this parameter to true, the default values
will be set for the remaining configuration properties of the LDAP
repository. (Boolean, optional)
- -supportChangeLog
- This parameter indicates whether the repository supports change
tracking. Valid values for this parameter are none or native. The
default value is none. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask createIdMgrLDAPRepository {-id id_name -ldapServerType LDAP_server_type}
Using Jython string:
AdminTask.createIdMgrLDAPRepository ('[-id id_name -ldapServerType LDAP_server_type]')
Using Jython list:
AdminTask.createIdMgrLDAPRepository (['-id', 'id_name', '-ldapServerType', 'LDAP_server_type'])
Interactive mode example usage:
Using Jacl:
$AdminTask createIdMgrLDAPRepository {-interactive}
Using Jython string:
AdminTask.createIdMgrLDAPRepository ('[-interactive]')
Using Jython list:
AdminTask.createIdMgrLDAPRepository (['-interactive'])
deleteIdMgrLDAPAttr
Use the deleteIdMgrLDAPAttr command
to delete the LDAP attribute configuration data for a specific entity
type from the LDAP repository of interest.
Target
object
None
Required parameters
- -id
- Use this parameter to specify the unique ID of the repository.
(String, required)
Supported configurations: The
deleteIdMgrLDAPAttr command
also requires the name of either the LDAP attribute or federated repository
property. Specify a value for either the
-name or
-propertyName parameter
that is described in the next section. However, do not specify both
parameters. Although the
-name or
-propertyName parameters
are designated as optional parameters, an error occurs if you do not
specify one of the parameters or if you specify both parameters.
sptcfg
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -name
- Use this parameter to specify the name of the LDAP attribute used
in the repository LDAP adapter. (String, required)
- -entityTypes
- Use this parameter to specify the entity type which applies the
attribute mapping. (String, optional)
- -propertyName
- Use this parameter to specify the name of the corresponding federated
repository property. (String optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPAttr {-id id_name -name unicode_password}
Using Jython string:
AdminTask.deleteIdMgrLDAPAttr ('[-id id_name -name unicode_password]')
Using Jython list:
AdminTask.deleteIdMgrLDAPAttr (['-id', 'id_name', '-name', 'unicode_password'])
Interactive mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPAttr {-interactive}
Using Jython:
AdminTask.deleteIdMgrLDAPAttr('-interactive')
deleteIdMgrLDAPAttrNotSupported
Use
the deleteIdMgrLDAPAttrNotSupported command to
delete the configuration for a federated repository property that
the specified LDAP repository does not support.
Target object
None
Required parameters
- -id
- Use this parameter to specify the unique ID of the repository.
(String, required)
- -propertyName
- Use this parameter to specify the name of the federated repository
property. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -entityTypes
- Use this parameter to specify one or more entity types. Use the
semicolon (;) as the delimiter to specify multiple entity types. If
you do not specify this parameter, the deleteIdMgrLDAPAttrNotSupported command
deletes all the configuration data of the specified attribute. (String,
optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPAttrNotSupported {-id id_name -propertyName property_name}
Using Jython string:
AdminTask.deleteIdMgrLDAPAttrNotSupported ('[-id id_name –propertyName property_name]')
Using Jython list:
AdminTask.deleteIdMgrLDAPAttrNotSupported (['-id', 'id_name', '-propertyName', 'property_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPAttrNotSupported {-interactive}
Using Jython:
AdminTask.deleteIdMgrLDAPAttrNotSupported('-interactive')
deleteIdMgrLDAPEntityType
The deleteIdMgrLDAPEntityType command deletes the LDAP entity type configuration
data for a specified entity type for a specific LDAP repository.
Parameters and return values
- -id
- The ID of the repository. (String, required)
- -name
- The name of the entity type. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPEntityType {-id id_name -name name_value}
Using Jython string:
AdminTask.deleteIdMgrLDAPEntityType ('[-id id_name -name name_value]')
Using Jython list:
AdminTask.deleteIdMgrLDAPEntityType (['-id', 'id_name', '-name', 'name_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPEntityType {-interactive}
Using Jython string:
AdminTask.deleteIdMgrLDAPEntityType ('[-interactive]')
Using Jython list:
AdminTask.deleteIdMgrLDAPEntityType (['-interactive'])
deleteIdMgrLDAPEntityTypeRDNAttr
The deleteIdMgrLDAPEntityTypeRDNAttr command deletes the relative distinguished
name (RDN) attribute configuration from an LDAP entity type configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
- -entityTypeName
- The name of the entity type. (String, required)
- -name
- The attribute name that is used to build the relative distinguished
name (RDN) for the entity type. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPEntityTypeRDNAttr {-id id_name -name name_value -entityTypeName entity_type}
Using Jython string:
AdminTask.deleteIdMgrLDAPEntityTypeRDNAttr ('[-id id_name -name name_value -entityTypeName entity_type]')
Using Jython list:
AdminTask.deleteIdMgrLDAPEntityTypeRDNAttr (['-id', 'id_name', '-name', 'name_value', '-entityTypeName', 'entity_type'])
Interactive mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPEntityTypeRDNAttr {-interactive}
Using Jython string:
AdminTask.deleteIdMgrLDAPEntityTypeRDNAttr ('[-interactive]')
Using Jython list:
AdminTask.deleteIdMgrLDAPEntityTypeRDNAttr (['-interactive'])
deleteIdMgrLDAPExternalIdAttr
Use
the deleteIdMgrLDAPExternalIdAttr command to delete
the configuration for an LDAP attribute that is used as an external
ID in the specified LDAP repository.
Target
object
None
Required parameters
- -id
- Use this parameter to specify the unique ID of the repository.
(String, required)
- -name
- Use this parameter to specify the name of the external ID attribute
of the LDAP repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -entityTypes
- Use this parameter to specify one or more entity types. Use a
semicolon (;) as the delimiter to specify multiple entity types. If
you do not specify this parameter, the deleteIdMgrLDAPExternalIdAttr command
deletes all the configuration data of the specified attribute. (String,
optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPExternalIdAttr {-id id_name -name unicode_password}
Using Jython string:
AdminTask.deleteIdMgrLDAPExternalIdAttr ('[-id id_name -name unicode_password]')
Using Jython list:
AdminTask.deleteIdMgrLDAPExternalIdAttr (['-id', 'id_name', '-name', 'unicode_password'])
Interactive mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPExternalIdAttr {-interactive}
Using Jython string:
AdminTask.deleteIdMgrLDAPExternalIdAttr ('-interactive')
deleteIdMgrLDAPGroupConfig
The deleteIdMgrLDAPGroupConfig command deletes the LDAP group configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPGroupConfig {-id id_name}
Using Jython string:
AdminTask.deleteIdMgrLDAPGroupConfig ('[-id id_name]')
Using Jython list:
AdminTask.deleteIdMgrLDAPGroupConfig (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPGroupConfig {-interactive}
Using Jython string:
AdminTask.deleteIdMgrLDAPGroupConfig ('[-interactive]')
Using Jython list:
AdminTask.deleteIdMgrLDAPGroupConfig (['-interactive'])
deleteIdMgrLDAPGroupMemberAttr
The deleteIdMgrLDAPGroupMemberAttr command deletes a member attribute configuration
from an LDAP group configuration.
Required
parameters
- -id
- The ID of the repository. (String, required)
-
-name ![[Updated in July 2011]](../../deltaend.gif)
jul2011
-
The name of the LDAP attribute that is used as the group member
attribute, for example, member or uniqueMember. (String, required) ![[Updated in July 2011]](../../deltaend.gif)
jul2011
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPGroupMemberAttr {-id id_name -name attr_name}
Using Jython string:
AdminTask.deleteIdMgrLDAPGroupMemberAttr ('[-id id_name -name attr_name]')
Using Jython list:
AdminTask.deleteIdMgrLDAPGroupMemberAttr (['-id', 'id_name', '-name', 'attr_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPGroupMemberAttr {-interactive}
Using Jython string:
AdminTask.deleteIdMgrLDAPGroupMemberAttr ('[-interactive]')
Using Jython list:
AdminTask.deleteIdMgrLDAPGroupMemberAttr (['-interactive'])
deleteIdMgrLDAPGroupDynamicMemberAttr
The deleteIdMgrLDAPGroupDynamicMemberAttr command
deletes a dynamic member attribute configuration from an LDAP group
configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
- -name
- The name of the LDAP attribute that is used as the group member
attribute. For example, memberURL. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPGroupDynamicMemberAttr {-id id_name -name name_value}
Using Jython string:
AdminTask.deleteIdMgrLDAPGroupDynamicMemberAttr ('[-id id_name -name name_value]')
Using Jython list:
AdminTask.deleteIdMgrLDAPGroupDynamicMemberAttr (['-id', 'id_name', '-name', 'name_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPGroupDynamicMemberAttr {-interactive}
Using Jython string:
AdminTask.deleteIdMgrLDAPGroupDynamicMemberAttr ('[-interactive]')
Using Jython list:
AdminTask.deleteIdMgrLDAPGroupDynamicMemberAttr (['-interactive'])
deleteIdMgrLDAPServer
The deleteIdMgrLDAPServer command deletes the configuration for the LDAP
server that you specify from the LDAP repository ID that you specify.
Required parameters
- -id
- The ID of the repository. (String, required)
- -host
- The host name for the primary LDAP server. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPServer {-id id_name -host myhost.ibm.com}
Using Jython string:
AdminTask.deleteIdMgrLDAPServer ('[-id id_name -host myhost.ibm.com]')
Using Jython list:
AdminTask.deleteIdMgrLDAPServer (['-id', 'id_name', '-host', 'myhost.ibm.com'])
Interactive mode example usage:
Using Jacl:
$AdminTask deleteIdMgrLDAPServer {-interactive}
Using Jython string:
AdminTask.deleteIdMgrLDAPServer ('[-interactive]')
Using Jython list:
AdminTask.deleteIdMgrLDAPServer (['-interactive'])
deleteIdMgrRepository
The deleteIdMgrRepository command deletes a repository that you specify.
Required parameters
- -id
- The ID of the repository. Valid values include existing repository
IDs. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask deleteIdMgrRepository {-id id_name}
Using Jython string:
AdminTask.deleteIdMgrRepository ('[-id id_name]')
Using Jython list:
AdminTask.deleteIdMgrRepository (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask deleteIdMgrRepository {-interactive}
Using Jython string:
AdminTask.deleteIdMgrRepository ('[-interactive]')
Using Jython list:
AdminTask.deleteIdMgrRepository (['-interactive'])
deleteIdMgrRepositoryBaseEntry
The deleteIdMgrRepositoryBaseEntry command deletes a base entry from the specified
repository.
Required parameters
- -id
- The ID of the repository. (String, required)
- -name
- The distinguished name of a base entry. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask deleteIdMgrRepositoryBaseEntry {-id id_name -name name_value}
Using Jython string:
AdminTask.deleteIdMgrRepositoryBaseEntry ('[-id id_name -name name_value]')
Using Jython list:
AdminTask.deleteIdMgrRepositoryBaseEntry (['-id', 'id_name', '-name', 'name_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask deleteIdMgrRepositoryBaseEntry {-interactive}
Using Jython string:
AdminTask.deleteIdMgrRepositoryBaseEntry ('[-interactive]')
Using Jython list:
AdminTask.deleteIdMgrRepositoryBaseEntry (['-interactive'])
getIdMgrLDAPAttrCache
The getIdMgrLDAPAttrCache command returns the LDAP attribute cache configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPAttrCache {-id id_name}
Using Jython string:
AdminTask.getIdMgrLDAPAttrCache ('[-id id_name]')
Using Jython list:
AdminTask.getIdMgrLDAPAttrCache (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPAttrCache {-interactive}
Using Jython string:
AdminTask.getIdMgrLDAPAttrCache ('[-interactive]')
Using Jython list:
AdminTask.getIdMgrLDAPAttrCache (['-interactive'])
getIdMgrLDAPContextPool
The getIdMgrLDAPContextPool command returns the LDAP context pool configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPContextPool {-id id_name}
Using Jython string:
AdminTask.getIdMgrLDAPContextPool ('[-id id_name]')
Using Jython list:
AdminTask.getIdMgrLDAPContextPool (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPContextPool {-interactive}
Using Jython string:
AdminTask.getIdMgrLDAPContextPool ('[-interactive]')
Using Jython list:
AdminTask.getIdMgrLDAPContextPool (['-interactive'])
getIdMgrLDAPEntityType
The getIdMgrLDAPEntityType command returns the LDAP entity type configuration
data.
Required parameters
- -id
- The ID of the repository. (String, required)
- -name
- The name of the entity type. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPEntityType {-id id_name -name name_value}
Using Jython string:
AdminTask.getIdMgrLDAPEntityType ('[-id id_name -name name_value]')
Using Jython list:
AdminTask.getIdMgrLDAPEntityType (['-id', 'id_name', '-name', 'name_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPEntityType {-interactive}
Using Jython string:
AdminTask.getIdMgrLDAPEntityType ('[-interactive]')
Using Jython list:
AdminTask.getIdMgrLDAPEntityType (['-interactive'])
getIdMgrLDAPEntityTypeRDNAttr
The getIdMgrLDAPEntityTypeRDNAttr command returns the relative distinguished
name (RDN) attribute configuration for an LDAP entity type definition.
Required parameters
- -id
- The ID of the repository. (String, required)
- -entityTypeName
- The name of the entity name. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPEntityTypeRDNAttr {-id id_name -entityTypeName name_value}
Using Jython string:
AdminTask.getIdMgrLDAPEntityTypeRDNAttr ('[-id id_name -entityTypeName name_value]')
Using Jython list:
AdminTask.getIdMgrLDAPEntityTypeRDNAttr (['-id', 'id_name', '-entityTypeName', 'name_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPEntityTypeRDNAttr {-interactive}
Using Jython string:
AdminTask.getIdMgrLDAPEntityTypeRDNAttr ('[-interactive]')
Using Jython list:
AdminTask.getIdMgrLDAPEntityTypeRDNAttr (['-interactive'])
getIdMgrLDAPGroupConfig
The getIdMgrLDAPGroupConfig command returns the LDAP group configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPGroupConfig {-id id_name}
Using Jython string:
AdminTask.getIdMgrLDAPGroupConfig ('[-id id_name]')
Using Jython list:
AdminTask.getIdMgrLDAPGroupConfig (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPGroupConfig {-interactive}
Using Jython string:
AdminTask.getIdMgrLDAPGroupConfig ('[-interactive]')
Using Jython list:
AdminTask.getIdMgrLDAPGroupConfig (['-interactive'])
getIdMgrLDAPGroupDynamicMemberAttrs
The getIdMgrLDAPGroupDynamicMemberAttrs command
returns the dynamic member attribute configuration from the LDAP group
configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPGroupDynamicMemberAttrs {-id id_name}
Using Jython string:
AdminTask.getIdMgrLDAPGroupDynamicMemberAttrs ('[-id id_name]')
Using Jython list:
AdminTask.getIdMgrLDAPGroupDynamicMemberAttrs (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPGroupDynamicMemberAttrs {-interactive}
Using Jython string:
AdminTask.getIdMgrLDAPGroupDynamicMemberAttrs ('[-interactive]')
Using Jython list:
AdminTask.getIdMgrLDAPGroupDynamicMemberAttrs (['-interactive'])
getIdMgrLDAPGroupMemberAttrs
The getIdMgrLDAPGroupMemberAttrs command returns the member attribute configuration
for the LDAP group configuration.
Required
parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPGroup MemberAttrs {-id id_name}
Using Jython string:
AdminTask.getIdMgrLDAPGroup MemberAttrs ('[-id id_name]')
Using Jython list:
AdminTask.getIdMgrLDAPGroup MemberAttrs (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPGroupMemberAttrs {-interactive}
Using Jython string:
AdminTask.getIdMgrLDAPGroupMemberAttrs ('[-interactive]')
Using Jython list:
AdminTask.getIdMgrLDAPGroupMemberAttrs (['-interactive'])
getIdMgrLDAPSearchResultCache
The getIdMgrLDAPSearchResultCache command returns the LDAP search result
cache configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPSearchResultCache {-id id_name}
Using Jython string:
AdminTask.getIdMgrLDAPSearchResultCache ('[-id id_name]')
Using Jython list:
AdminTask.getIdMgrLDAPSearchResultCache (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPSearchResultCache {-interactive}
Using Jython string:
AdminTask.getIdMgrLDAPSearchResultCache ('[-interactive]')
Using Jython list:
AdminTask.getIdMgrLDAPSearchResultCache (['-interactive'])
getIdMgrLDAPServer
The getIdMgrLDAPServer command returns the configuration for the LDAP server
that you specify for the LDAP repository ID that you specify.
Required parameters
- -id
- The ID of the repository. (String, required)
- -host
- The host name for the primary LDAP server. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPServer {-id id_name -host myhost.ibm.com}
Using Jython string:
AdminTask.getIdMgrLDAPServer ('[-id id_name -host myhost.ibm.com]')
Using Jython list:
AdminTask.getIdMgrLDAPServer (['-id', 'id_name', '-host', 'myhost.ibm.com'])
Interactive mode example usage:
Using Jacl:
$AdminTask getIdMgrLDAPServer {-interactive}
Using Jython string:
AdminTask.getIdMgrLDAPServer ('[-interactive]')
Using Jython list:
AdminTask.getIdMgrLDAPServer (['-interactive'])
getIdMgrRepository
The getIdMgrRepository command returns the configuration of the specified
repository.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getIdMgrRepository {-id id_name}
Using Jython string:
AdminTask.getIdMgrRepository ('[-id id_name]')
Using Jython list:
AdminTask.getIdMgrRepository (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask getIdMgrRepository {-interactive}
Using Jython string:
AdminTask.getIdMgrRepository ('[-interactive]')
Using Jython list:
AdminTask.getIdMgrRepository (['-interactive'])
listIdMgrLDAPAttrs
Use the listIdMgrLDAPAttrs command
to list the name of each configured attributes for the LDAP repository
of interest.
Required parameters
- -id
- Use thois parameter to specify the unique ID of the repository.
(String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Return value
The
command returns a list of HashMaps that contains parameters of the
addIdMgrLDAPAttr command as keys. For the entityTypes parameter,
which is multivalued, the value of the key is a string that is delimited
by a semicolon (;). The return value includes an additional key called
entityTypesList. The value of the entityTypesList key is a List object.
Examples
Batch mode example usage:
Using Jacl:
$AdminTask listIdMgrLDAPAttrs {-id id_value}
Using Jython string:
AdminTask.listIdMgrLDAPAttrs ('[-id id_value]')
Using Jython list:
AdminTask.listIdMgrLDAPAttrs (['-id', 'id_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask listIdMgrLDAPAttrs {-interactive}
Using Jython:
AdminTask.listIdMgrLDAPAttrs('-interactive')
listIdMgrLDAPAttrsNotSupported
Use
the listIdMgrLDAPAttrsNotSupported command to list
the details of all configured federated repository properties that
the specified LDAP repository does not support.
Target object
None
Required parameters
- -id
- Use this parameter to specify the unique ID of the repository.
(String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Return value
The
command returns a List of HashMaps that contains parameters of the addIdMgrLDAPAttrNotSupported command
as keys. For multivalued parameters such as entityTypes,
the value of the key is a List object.
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask listIdMgrLDAPAttrsNotSupported {-id id_name}
Using Jython string:
AdminTask.listIdMgrLDAPAttrsNotSupported ('[-id id_name]')
Using Jython list:
AdminTask.listIdMgrLDAPAttrsNotSupported (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask listIdMgrLDAPAttrsNotSupported ('[-interactive]')
Using Jython:
AdminTask.listIdMgrLDAPAttrsNotSupported ('-interactive')
listIdMgrCustomProperties
The listIdMgrCustomProperties command returns a list of custom properties
for the repository that you specify.
Required
parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask listIdMgrCustomProperties {-id id_value}
Using Jython string:
AdminTask.listIdMgrCustomProperties ('[-id id_value]')
Using Jython list:
AdminTask.listIdMgrCustomProperties (['-id', 'id_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask listIdMgrCustomProperties {-interactive}
Using Jython string:
AdminTask.listIdMgrCustomProperties ('[-interactive]')
Using Jython list:
AdminTask.listIdMgrCustomProperties (['-interactive'])
listIdMgrLDAPBackupServers
The listIdMgrLDAPBackupServers command returns a list of the backup LDAP server
or servers.
Required parameters and
return values
- -id
- The ID of the repository. (String, required)
- -primary_host
- The host name for the primary LDAP server. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask listIdMgrLDAPBackupServer {-id id_value -primary_host host_name}
Using Jython string:
AdminTask.listIdMgrLDAPBackupServer ('[-id id_value -primary_host host_name]')
Using Jython list:
AdminTask.listIdMgrLDAPBackupServer (['-id', 'id_value', '-primary_host', 'host_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask listIdMgrLDAPBackupServer {-interactive}
Using Jython string:
AdminTask.listIdMgrLDAPBackupServer ('[-interactive]')
Using Jython list:
AdminTask.listIdMgrLDAPBackupServer (['-interactive'])
listIdMgrLDAPEntityTypes
The listIdMgrLDAPEntityTypes command lists the name of all of the configured
LDAP entity type definitions.
Required
parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask listIdMgrLDAPEntityType {-id id_value}
Using Jython string:
AdminTask.listIdMgrLDAPEntityType ('[-id id_value]')
Using Jython list:
AdminTask.listIdMgrLDAPEntityType (['-id', 'id_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask listIdMgrLDAPEntityType {-interactive}
Using Jython string:
AdminTask.listIdMgrLDAPEntityType ('[-interactive]')
Using Jython list:
AdminTask.listIdMgrLDAPEntityType (['-interactive'])
listIdMgrLDAPExternalIdAttrs
Use
the listIdMgrLDAPExternalIdAttrs command to list
the details of all LDAP attributes used as an external ID in the specified
LDAP repository.
Target object
None
Required parameters
- -id
- Use this parameter to specify the unique ID of the repository.
(String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Return value
The
command returns a List of HashMaps that contains parameters of the addIdMgrLDAPExternalIdAttr command
as keys. For multivalued parameters such as entityTypes,
the value of the key is a List object.
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask listIdMgrLDAPExternalIdAttrs {-id id_name}
Using Jython string:
AdminTask.listIdMgrLDAPExternalIdAttrs ('[-id id_name]')
Using Jython list:
AdminTask.listIdMgrLDAPExternalIdAttrs (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask listIdMgrLDAPExternalIdAttrs ('[-interactive]')
Using Jython string:
AdminTask.listIdMgrLDAPExternalIdAttrs('-interactive')
listIdMgrLDAPServers
The listIdMgrLDAPServers command lists all of the configured primary LDAP
servers.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask listIdMgrLDAPServers {-id id_value}
Using Jython string:
AdminTask.listIdMgrLDAPServers ('[-id id_value]')
Using Jython list:
AdminTask.listIdMgrLDAPServers (['-id', 'id_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask listIdMgrLDAPServers {-interactive}
Using Jython string:
AdminTask.listIdMgrLDAPServers ('[-interactive]')
Using Jython list:
AdminTask.listIdMgrLDAPServers (['-interactive'])
listIdMgrRepositories
The listIdMgrRepositories command lists names and types of all configured repositories.
Required parameters and return values
None.
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- Returns: A hash map with key as the name of the repository and
value as another hash map that includes the following keys:
- repositoryType - The type of repository. For example, File, LDAP,
DB, and so on.
- specificRepositoryType - The specific type of repository. For
example, LDAP, IDS51, NDS, and so on.
- host - The host name where the repository resides. For File, it
is LocalHost and for DB it is dataSourceName.
This command will not return the Property Extension and Entry
Mapping repository data.
Examples
Batch mode example
usage:
Using Jacl:
$AdminTask listIdMgrRepositories
Using Jython string:
AdminTask.listIdMgrRepositories()
Using Jython list:
AdminTask.listIdMgrRepositories()
Interactive mode example usage:
Using Jacl:
$AdminTask listIdMgrRepositories {-interactive}
Using Jython string:
AdminTask.listIdMgrRepositories ('[-interactive]')
Using Jython list:
AdminTask.listIdMgrRepositories (['-interactive'])
listIdMgrRepositoryBaseEntries
The listIdMgrRepositoryBaseEntries command lists the base entries for a specified
repository.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask listIdMgrRepositoryBaseEntries {-id id_value}
Using Jython string:
AdminTask.listIdMgrRepositoryBaseEntries ('[-id id_value]')
Using Jython list:
AdminTask.listIdMgrRepositoryBaseEntries (['-id', 'id_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask listIdMgrRepositoryBaseEntries {-interactive}
Using Jython string:
AdminTask.listIdMgrRepositoryBaseEntries ('[-interactive]')
Using Jython list:
AdminTask.listIdMgrRepositoryBaseEntries (['-interactive'])
listIdMgrSupportedDBTypes
The listIdMgrSupportedDBTypes command returns a list of supported database
types.
Required parameters
None.
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask listIdMgrSupportedDBTypes
Using Jython string:
AdminTask.listIdMgrSupportedDBTypes()
Using Jython list:
AdminTask.listIdMgrSupportedDBTypes()
Interactive mode example usage:
Using Jacl:
$AdminTask listIdMgrSupportedDBTypes {-interactive}
Using Jython string:
AdminTask.listIdMgrSupportedDBTypes ('[-interactive]')
Using Jython list:
AdminTask.listIdMgrSupportedDBTypes (['-interactive'])
listIdMgrSupportedMessageDigestAlgorithms
The listIdMgrSupportedMessageDigestAlgorithms command
returns a list of supported message digest algorithms.
None.
Optional
parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask listIdMgrSupportedMessageDigestAlgorithms
Using Jython string:
AdminTask.listIdMgrSupportedMessageDigestAlgorithms()
Using Jython list:
AdminTask.listIdMgrSupportedMessageDigestAlgorithms()
Interactive mode example usage:
Using Jacl:
$AdminTask listIdMgrSupportedMessageDigestAlgorithms {-interactive}
Using Jython string:
AdminTask.listIdMgrSupportedMessageDigestAlgorithms ('[-interactive]')
Using Jython list:
AdminTask.listIdMgrSupportedMessageDigestAlgorithms (['-interactive'])
listIdMgrSupportedLDAPServerTypes
The listIdMgrSupportedLDAPServerTypes command returns a list of supported
LDAP server types.
Required parameters
None.
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask listIdMgrSupportedLDAPServerTypes
Using Jython string:
AdminTask.listIdMgrSupportedLDAPServerTypes()
Using Jython list:
AdminTask.listIdMgrSupportedLDAPServerTypes()
Interactive mode example usage:
Using Jacl:
$AdminTask listIdMgrSupportedLDAPServerTypes {-interactive}
Using Jython string:
AdminTask.listIdMgrSupportedLDAPServerTypes ('[-interactive]')
Using Jython list:
AdminTask.listIdMgrSupportedLDAPServerTypes (['-interactive'])
removeIdMgrLDAPBackupServer
The removeIdMgrLDAPBackupServer command removes the backup LDAP server or servers.
Required parameters
- -id
- The ID of the repository. (String, required)
- -primary_host
- The host name for the primary LDAP server. (String, required)
- -host
- The name of the backup host name. Use a asterisk (*) if you want
to remove all backup servers. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -port
- The port number of the LDAP server. (Integer, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask removeIdMgrLDAPBackupServer {-id id_value -primary_host myprimaryhost.ibm.com -host myhost.ibm.com}
Using Jython string:
AdminTask.removeIdMgrLDAPBackupServer ('[-id id_value -primary_host myprimaryhost.ibm.com -host myhost.ibm.com]')
Using Jython list:
AdminTask.removeIdMgrLDAPBackupServer (['-id', 'id_value', '-primary_host', 'myprimaryhost.ibm.com', '-host', 'myhost.ibm.com'])
Interactive mode example usage:
Using Jacl:
$AdminTask removeIdMgrLDAPBackupServer {-interactive}
Using Jython string:
AdminTask.removeIdMgrLDAPBackupServer ('[-interactive]')
Using Jython list:
AdminTask.removeIdMgrLDAPBackupServer (['-interactive'])
setIdMgrCustomProperty
The setIdMgrCustomProperty command : sets, adds or deletes a custom property
to a repository configuration. If a value is not specified, or if
there is an empty string, the property is deleted from the repository
configuration. If a name does not exist it is added if a value is
specified. If the name is "*" then all of the custom properties are
deleted.
Required parameters
- -id
- The unique identifier of the repository. Valid values include
the existing repository IDs. (String, required)
- -name
- The name of the additional property for the repository that are
not defined OOTB.(String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -value
- The value of a property for the repository. If this parameter
is an empty string, the property is deleted from the repository configuration.
If this parameter is not an empty string, and a name does not exist,
it is added. If a name is an empty string, all of the custom properties
are deleted. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask setIdMgrCustomProperty {-id id_value -name name_value -value value}
Using Jython string:
AdminTask.setIdMgrCustomProperty ('[-id id_value -name name_value -value value]')
Using Jython list:
AdminTask.setIdMgrCustomProperty (['-id', 'id_value', '-name', 'name_value', '-value', 'value'])
Interactive mode example usage:
Using Jacl:
$AdminTask setIdMgrCustomProperty {-interactive}
Using Jython string:
AdminTask.setIdMgrCustomProperty ('[-interactive]')
Using Jython list:
AdminTask.setIdMgrCustomProperty (['-interactive'])
setIdMgrLDAPAttrCache
The setIdMgrLDAPAttrCache command configures the LDAP attribute cache configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -cachesDiskOffLoad
- (String, optional)
- -enabled
- Indicates if you want to enable attribute caching. The default
value is true. (Boolean, optional)
- -cacheSize
- The maximum size of the attribute cache defined by the number
of attribute objects that are permitted in the attribute cache. The
minimum value of this parameter is 100. The default value
is 4000. (Integer, optional)
- -cacheTimeOut
- The amount of time in seconds before the cached entries that are
located in the attributes cache can be not valid. The minimum value
of this parameter is 0. The attribute objects that are cached
will remain in the attributes cache until the virtual member manager
changes the attribute objects. The default value is 1200.
(Integer, optional)
- -attributeSizeLimit
- An integer that represents the maximum number of attribute object
values that can cache in the attributes cache.
Some attributes,
for example, the member attribute, contain many values. The attributeSizeLimit
parameter prevents the attributes cache to cache large attributes.
The default value is 2000.
(Integer, optional)
- -serverTTLAttribute
- The name of the ttl attribute that is supported by the LDAP server.
The attributes cache uses the value of this attribute to determine
when the cached entries in the attributes cache will time out.
The
ttl attribute contains the time, in seconds, that any information
from the entry should be kept by a client before it is considered
stale and a new copy is fetched. A value of 0 implies that
the object will not be cached. For more information about this attribute,
go to: http://www.ietf.org/proceedings/98aug/I-D/draft-ietf-asid-ldap-cache-01.txt.
The
ttl attribute is not supported by all LDAP servers. If this attribute
is supported by an LDAP server, you can set the value of the serverTTLAttribute
parameter to the name of the ttl attribute in order to allow the value
of the ttyl attribute to determine when cached entries will time out.
The time out value for different entries in attributes cache can be
different.
For example, if the value of the serverTTLAttribute
parameter is ttl and the attributes cache retrieves attributes of
a user from an LDAP server, it will also retrieve the value of the
ttl attribute of this user. If the value is 200, the WMM uses this
value to set the time out for the attributes of the user in the attributes
cache instead of using the value of cacheTimeout. You can set different
ttl attribute values for different users. (String, optional)
- -cacheDistPolicy
- The distribution policy for the dynamic cache in a cluster environment.
The
valid values are none (for NOT_SHARED), push (for
SHARED_PUSH), and push_pull (for SHARED_PUSH_PULL)
and the default value is none. The value of
this parameter is read during the adapter startup process and the
cache policy is set accordingly.
(String, optional)
Examples
Batch mode example
usage:
Using Jacl:
$AdminTask setIdMgrLDAPAttrCache {-id id_name}
Using Jython string:
AdminTask.setIdMgrLDAPAttrCache ('[-id id_name]')
Using Jython list:
AdminTask.setIdMgrLDAPAttrCache (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask setIdMgrLDAPAttrCache {-interactive}
Using Jython string:
AdminTask.setIdMgrLDAPAttrCache ('[-interactive]')
Using Jython list:
AdminTask.setIdMgrLDAPAttrCache (['-interactive'])
setIdMgrLDAPContextPool
The setIdMgrLDAPContextPool command sets up the LDAP context pool configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -enabled
- By default, the context pool is enabled. If you set this parameter
to false, the context pool is disabled. When the context
pool is disabled, new context instances will be created for each request.
The default value is true. (Boolean, optional)
- -initPoolSize
- The number of context instances that the virtual member manager
LDAP adapter creates when it creates the pool. The valid range for
this parameter is 1 to 50. The default value is 1.
(Integer, optional)
- -maxPoolSize
- The maximum number of context instances that the context pool
will maintain. Context instances that are in use and those that are
idle contribute to this number. When the pool size reaches this number,
new context instances cannot be created for new requests. The new
request is blocked until a context instance is released by another
request or is removed. The request checks periodically if there are
context instances available in the pool according to the amount of
time that you specify using the poolWaitTime parameter.
The minimum
value for this parameter is 0. There is no maximum value.
Setting the value of this parameter to 0 means that there
is no maximum size and a request for a pooled context instance will
use an existing pooled idle context instance or a newly created pooled
context instance. The default value is 0.
(Integer, optional)
- -prefPoolSize
- The preferred number of context instances that the context pool
will maintain. Context instances that are in use and those that are
idle contribute to this number. When there is a request for the use
of a pooled context instance and the pool size is less than the preferred
size, the context pool creates and uses a new pooled context instance
regardless of whether an idle connection is available. When a request
finishes with a pooled context instance and the pool size is greater
than the preferred size, the context pool closes and removes the pooled
context instance from the pool.
The valid range for this parameter
is from 0 to 100. Setting the value of this parameter
to 0 means that there is no preferred size and a request
for a pooled context instance results in a newly created context instance
only if no idle ones are available. The default value is 3.
(Integer,
optional)
- -poolTimeOut
- An integer that represents the number of seconds that an idle
context instance might remain in the pool without being closed and
removed from the pool. When a context instance is requested from the
pool, if this context already exists in the pool for more than the
time defined by poolTimeout, this connection is closed no matter whether
this context instance is stale or active. A new context instance is
created and put back to the pool after it has been released from the
request.
The minimum value for this parameter is 0. There
is no maximum value. Setting the value of this parameter to 0 means
that the context instances in the pool remain until they are staled.
The context pool catches the communication exception and recreates
a new context instance. The default value is 0.
(Integer,
optional)
- -poolWaitTime
- The time interval in milliseconds that the request waits until
the context pool rechecks if there are idle context instances available
in the pool when the number of context instances reaches the maximum
pool size. If no idle context instance, the request will continue
waiting for the same period of time until next checking.
The minimum
value for the poolWaitout parameter is 0. There is no maximum
value. A value of 0 for this parameter means that the context
pool will not check if idle context exists. The request will be notified
when a context instance releases from other requests. The default
value is 3000.
(Integer, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask setIdMgrLDAPContextPool {-id id_name}
Using Jython string:
AdminTask.setIdMgrLDAPContextPool ('[-id id_name]')
Using Jython list:
AdminTask.setIdMgrLDAPContextPool (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask setIdMgrLDAPContextPool {-interactive}
Using Jython string:
AdminTask.setIdMgrLDAPContextPool ('[-interactive]')
Using Jython list:
AdminTask.setIdMgrLDAPContextPool (['-interactive'])
setIdMgrLDAPGroupConfig
The setIdMgrLDAPGroupConfig command sets up the LDAP group configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -updateGroup Membership
- Updates the group membership if the member is deleted or renamed.
Some LDAP servers, for example, Domino server, do not clean up the
membership of the user when a user is deleted or renamed. If you choose
these LDAP server types in the ldapServerType property, the value
of this parameter is set to true. Use this parameter to change
the value. The default value is false. (Boolean, optional)
- -name
- The name of the membership attribute. For example, memberOf in
an active directory server and ibm-allGroups in IDS. (String,
optional)
- -scope
- The scope of the membership attribute. The following are the possible
values for this parameter:
- direct - The membership attribute only contains direct groups.
Direct groups contain the member and are not contained through a nested
group. For example, if group1 contains group2, group2 contains user1,
then group2 is a direct group of user1, but group1 is not a direct
group of user1.
- nested - The membership attribute contains both direct groups
and nested groups.
- all - The membership attribute contains direct groups, nested
groups, and dynamic members.
The default value is direct. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask setIdMgrLDAPGroupConfig {-id id_name}
Using Jython string:
AdminTask.setIdMgrLDAPGroupConfig ('[-id id_name]')
Using Jython list:
AdminTask.setIdMgrLDAPGroupConfig (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask setIdMgrLDAPGroupConfig {-interactive}
Using Jython string:
AdminTask.setIdMgrLDAPGroupConfig ('[-interactive]')
Using Jython list:
AdminTask.setIdMgrLDAPGroupConfig (['-interactive'])
setIdMgrLDAPSearchResultCache
The setIdMgrLDAPSearchResultCache command sets up the LDAP search result
cache configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -cachesDiskOffLoad
- Loads the attributes caches and the search results onto hard disk.
By default, when the number of cache entries reaches the maximum size
of the cache, cache entries are evicted to allow new entries to enter
the caches. If you enable this parameter, the evicted cache entries
will be copied to disk for future access. The default value is false.
(Boolean, optional)
- -enabled
- Enables the search results cache. The default value is true.
(Boolean, optional)
- -cacheSize
- The maximum size of the search results cache. The number of naming
enumeration objects that can be put into the search results cache.
The minimum value of this parameter is 100. The default value
is 2000. (Integer, optional)
- -cacheTimeOut
- The amount of time in seconds before the cached entries in the
search results cache can be not valid. The minimum value for this
parameter is 0. A value of 0 means that the cached
naming enumeration objects will stay in the search results cache until
there are configuration changes. The default value is 600.
(Integer, optional)
- -searchResultSizeLimit
- The maximum number of entries contained in the naming enumeration
object that can be cached in the search results cache.For example,
if the results from a search contains 2000 users, the search results
will not cache in the search results cache if the value of the of
this property is set to 1000. The default value is 1000.
(Integer, optional)
- -cacheDistPolicy
- The distribution policy for the dynamic cache in a cluster environment.
The
valid values are none (for NOT_SHARED), push (for
SHARED_PUSH), and push_pull (for SHARED_PUSH_PULL)
and the default value is none. The value of
this parameter is read during the adapter startup process and the
cache policy is set accordingly.
(String, optional)
Examples
Batch mode
example usage:
Using Jacl:
$AdminTask setIdMgrLDAPSearchResultCache {-id id_name}
Using Jython string:
AdminTask.setIdMgrLDAPSearchResultCache ('[-id id_name]')
Using Jython list:
AdminTask.setIdMgrLDAPSearchResultCache (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask setIdMgrLDAPSearchResultCache {-interactive}
Using Jython string:
AdminTask.setIdMgrLDAPSearchResultCache ('[-interactive]')
Using Jython list:
AdminTask.setIdMgrLDAPSearchResultCache (['-interactive'])
setIdMgrEntryMappingRepository
The setIdMgrEntryMappingRepository command sets or updates an entry mapping
repository configuration.
Required
parameters
- -dataSourceName
- The name of the data source. The default value is jdbc/wimDS.
The parameter is required if the property extension is not set. The
parameter is not required if the command is used to update the existing
configuration. (String)
- -databaseType
- The type of the database. The default value is DB2. The
parameter is required if the property extension is not set. The parameter
is not required if the command is used to update the existing configuration.
(String)
- -dbURL
- The URL of the database. The parameter is required if the property
extension is not set. The parameter is not required if the command
is used to update the existing configuration. (String)
- -dbAdminId
- The database administrator ID. (String, required if database type
is not Apache Derby.)
- -dbAdminPassword
- The database administrator password. (String, required if database
type is not Apache Derby.)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -JDBCDriverClass
- The JDBC driver class name. (String, optional)
- -dbSchema
- The database schema of the database repository that you want to
configure. The default value is the default schema of the database
according to the database type. Typically, the default schema is the
namespace of the current database user. (String, optional).
- -tablespacePrefix
- The tablespace prefix. The maximum length allowed for this string
is 3 characters. The value of tablespacePrefix parameter is required
when you use the dbSchema parameter. It is specific to DB2 for z/OS
and will be ignored for any other database type. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask setIdMgrEntryMappingRepository {-dbAdminId database_administrator_ID -dbAdminPassword database_administrator_password}
Using Jython string:
AdminTask.setIdMgrEntryMappingRepository ('[-dbAdminId database_administrator_ID -dbAdminPassword database_administrator_password]')
Using Jython list:
AdminTask.setIdMgrEntryMappingRepository (['-dbAdminId', 'database_administrator_ID', '-dbAdminPassword', 'database_administrator_password'])
Interactive mode example usage:
Using Jacl:
$AdminTask setIdMgrEntryMappingRepository {-interactive}
Using Jython string:
AdminTask.setIdMgrEntryMappingRepository ('[-interactive]')
Using Jython list:
AdminTask.setIdMgrEntryMappingRepository (['-interactive'])
setIdMgrPropertyExtensionRepository
The setIdMgrPropertyExtensionRepository command
sets or updates the property extension repository configuration.
Important: The application server cannot validate the data source
when you run this command in the local mode.
Required parameters
- -dataSourceName
- The name of the data source. The default value is jdbc/wimDS.
The parameter is required if the property extension is not set. The
parameter is not required if the command is used to update the existing
configuration. (String)
- -databaseType
- The type of the database. The default value is DB2. The
parameter is required if the property extension is not set. The parameter
is not required if the command is used to update the existing configuration.
(String)
- -dbURL
- The URL of the database. The parameter is required if the property
extension is not set. The parameter is not required if the command
is used to update the existing configuration. (String)
- -dbAdminId
- The database administrator ID. (String, required if database type
is not Apache Derby.)
- -dbAdminPassword
- The database administrator password. (String, required if database
type is not Apache Derby.)
- -entityRetrievalLimit
- The limit for the retrieval of entities. (Integer, required)
- -JDBCDriverClass
- The JDBC driver class name. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -dbSchema
- The database schema of the database repository that you want to
configure. The default value is the default schema of the database
according to the database type. Typically, the default schema is the
namespace of the current database user. (String, optional).
- -tablespacePrefix
- The tablespace prefix. The maximum length allowed for this string
is 3 characters. The value of tablespacePrefix parameter is required
when you use the dbSchema parameter. It is specific to DB2 for z/OS
and will be ignored for any other database type. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask setIdMgrPropertyExtensionRepository {-entityRetrievalLimit limit_value -JDBCDriverClass class_name}
Using Jython string:
AdminTask.setIdMgrPropertyExtensionRepository ('[-entityRetrievalLimit limit_value -JDBCDriverClass class_name]')
Using Jython list:
AdminTask.setIdMgrPropertyExtensionRepository (['-entityRetrievalLimit', 'limit_value', '-JDBCDriverClass', 'class_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask setIdMgrPropertyExtensionRepository {-interactive}
Using Jython string:
AdminTask.setIdMgrPropertyExtensionRepository ('[-interactive]')
Using Jython list:
AdminTask.setIdMgrPropertyExtensionRepository (['-interactive'])
updateIdMgrDBRepository
The updateIdMgrDBRepository command updates the configuration for the database
repository that you specify.
Required
parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -dataSourceName
- The name of the data source. The default value is jdbc/wimDS.
(String, optional)
- -databaseType
- The type of the database. The default value is DB2. (String,
optional)
- -dbURL
- The URL of the database. (String, optional)
- -dbAdminId
- The database administrator ID. (String, optional)
- -dbAdminPassword
- The database administrator password. (String, optional)
- -entityRetrievalLimit
- Indicates the value of the retrieval limit on database entries.
The default value is 200. (Integer, optional)
- -JDBCDriverClass
- The JDBC driver class name. (String, optional)
- -saltLength
- The salt length in bits. The default value is 12. (Integer,
optional)
- -encryptionKey
- The default value is rZ15ws0ely9yHk3zCs3sTMv/ho8fY17s.
(String, optional)
- -dbSchema
- The database schema of the database repository that you want to
configure. The default value is the default schema of the database
according to the database type. Typically, the default schema is the
namespace of the current database user. (String, optional).
- -tablespacePrefix
- The tablespace prefix. The maximum length allowed for this string
is 3 characters. The value of tablespacePrefix parameter is required
when you use the dbSchema parameter. It is specific to DB2 for z/OS
and will be ignored for any other database type. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask updateIdMgrDBRepository {-id id_name}
Using Jython string:
AdminTask.updateIdMgrDBRepository ('[-id id_name]')
Using Jython list:
AdminTask.updateIdMgrDBRepository (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask updateIdMgrDBRepository {-interactive}
Using Jython string:
AdminTask.updateIdMgrDBRepository ('[-interactive]')
Using Jython list:
AdminTask.updateIdMgrDBRepository (['-interactive'])
updateIdMgrFileRepository
The updateIdMgrFileRepository command updates the configuration for the file
repository that you specify. To update other properties of the file
repository use the updateIdMgrRepository command.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -messageDigest Algorithm
- The message digest algorithm that will be used for hashing the
password. The default value is SHA-1. Valid values include
the following: SHA-1, SHA-384, or SHA-512.(String,
optional)
- -baseDirectory
- The base directory where the fill will be created in order to
store the data. The default is to be dynamically built during run
time using user.install.root and cell name. (String, optional)
- -fileName
- The file name of the repository. The default value is fileRegistry.xml.
(String, optional)
- -saltLength
- The salt length of the randomly generated salt for password hashing.
The default value is 12. (Integer, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask updateIdMgrFileRepository {-id id_name}
Using Jython string:
AdminTask.updateIdMgrFileRepository ('[-id id_name]')
Using Jython list:
AdminTask.updateIdMgrFileRepository (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask updateIdMgrFileRepository {-interactive}
Using Jython string:
AdminTask.updateIdMgrFileRepository ('[-interactive]')
Using Jython list:
AdminTask.updateIdMgrFileRepository (['-interactive'])
updateIdMgrLDAPAttrCache
The updateIdMgrLDAPAttrCache command updates the LDAP attribute cache configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -cachesDiskOffLoad
- (String, optional)
- -enabled
- Indicates if you want to enable attribute caching. The default
value is true. (Boolean, optional)
- -cacheSize
- The maximum size of the attribute cache defined by the number
of attribute objects that are permitted in the attribute cache. The
minimum value of this parameter is 100. The default value
is 4000. (Integer, optional)
- -cacheTimeOut
- The amount of time in seconds before the cached entries that are
located in the attributes cache can be not valid. The minimum value
of this parameter is 0. The attribute objects that are cached
will remain in the attributes cache until the virtual member manager
changes the attribute objects. The default value is 1200.
(Integer, optional)
- -attributeSizeLimit
- An integer that represents the maximum number of attribute object
values that can cache in the attributes cache.
Some attributes,
for example, the member attribute, contain many values. The attributeSizeLimit
parameter prevents the attributes cache to cache large attributes.
The default value is 2000.
(Integer, optional)
- -serverTTLAttribute
- The name of the ttl attribute that is supported by the LDAP server.
The attributes cache uses the value of this attribute to determine
when the cached entries in the attributes cache will time out.
The
ttl attribute contains the time, in seconds, that any information
from the entry should be kept by a client before it is considered
stale and a new copy is fetched. A value of 0 implies that
the object will not be cached. For more information about this attribute,
go to: http://www.ietf.org/proceedings/98aug/I-D/draft-ietf-asid-ldap-cache-01.txt.
The
ttl attribute is not supported by all LDAP servers. If this attribute
is supported by an LDAP server, you can set the value of the serverTTLAttribute
parameter to the name of the ttl attribute in order to allow the value
of the ttyl attribute to determine when cached entries will time out.
The time out value for different entries in attributes cache can be
different.
- -cacheDistPolicy
- The distribution policy for the dynamic cache in a cluster environment.
The
valid values are none (for NOT_SHARED), push (for
SHARED_PUSH), and push_pull (for SHARED_PUSH_PULL)
and the default value is none. The value of
this parameter is read during the adapter startup process and the
cache policy is set accordingly.
(String, optional)
For example, if the value of the serverTTLAttribute parameter
is ttl and the attributes cache retrieves attributes of a user from
an LDAP server, it will also retrieve the value of the ttl attribute
of this user. If the value is 200, the WMM uses this value to set
the time out for the attributes of the user in the attributes cache
instead of using the value of cacheTimeout. You can set different
ttl attribute values for different users. (String, optional)
Examples
Batch mode example
usage:
Using Jacl:
$AdminTask updateIdMgrLDAPAttrCache {-id id_name}
Using Jython string:
AdminTask.updateIdMgrLDAPAttrCache ('[-id id_name]')
Using Jython list:
AdminTask.updateIdMgrLDAPAttrCache (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPAttrCache {-interactive}
Using Jython string:
AdminTask.updateIdMgrLDAPAttrCache ('[-interactive]')
Using Jython list:
AdminTask.updateIdMgrLDAPAttrCache (['-interactive'])
updateIdMgrLDAPContextPool
The updateIdMgrLDAPContextPool command updates the LDAP context pool configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -enabled
- By default, the context pool is enabled. If you set the value
of this parameter to false, the context pool is disabled
which means that a new context instance will be created for each request.
The default value is true. (Boolean, optional)
- -initPoolSize
- The number of context instances that the virtual member manager
LDAP adapter creates when it creates the pool. The valid range for
this parameter is 1 to 50. The default value is 1.
(Integer, optional)
- -maxPoolSize
- The maximum number of context instances that can be maintained
concurrently by the context pool. Both in-use and idle context instances
contribute to this number. When the pool size reaches this number,
new context instances cannot created for new request. The new request
is blocked until a context instance is released by another request
or is removed. The request checks periodically if there are context
instances available in the pool according to the value defined for
the poolWaitTime parameter. The minimum value of the maxPoolSize parameter
is 0. There is no maximum value. A maximum pool size of 0
means that there is no maximum size and that a request for a pooled
context instance will use an existing pooled idle context instance
or a newly created pooled context instance. The default value is 0.
(Integer, optional)
- -prefPoolSize
- The preferred number of context instances that the Context Pool
should maintain. Both in-use and idle context instances contribute
to this number. When there is a request for the use of a pooled context
instance and the pool size is less than the preferred size, Context
Pool will create and use a new pooled context instance regardless
of whether an idle connection is available. When a request is finished
with a pooled context instance and the pool size is greater than the
preferred size, the Context Pool will close and remove the pooled
context instance from the pool. The valid range of the prefPoolSize
parameter is 0 to 100. A preferred pool size of
0 means that there is no preferred size: A request for a pooled context
instance will result in a newly created context instance only if no
idle ones are available. The default value is 3. (Integer,
optional)
- -poolTimeOut
- An integer that represents the number of seconds that an idle
context instance may remain in the pool without being closed and removed
from the pool. When a context instance is requested from the pool,
if this context already exists in the pool for more than the time
defined by poolTimeout, this connection will be closed no matter this
context instance is stale or active. A new context instance will be
created and put back to the pool after it has been released from the
request.The minimum value of poolTimeout is 0. There is no maximum
value.A poolTimeout of 0 means that the context instances in the pool
will remain in the pool until they are staled. In this case, Context
Pool will catch the communication exception and recreate a new context
instance. The default value is 0. (Integer, optional)
- -poolWaitTime
- The time interval (in milliseconds) that the request will wait
until the Context Pool checks again if there are idle context instance
available in the pool when the number of context instances reaches
the maximum pool size. If there is still no idle context instance,
the request will continue waiting for the same period of time until
next checking. The minimum value of poolWaitout is 0. There is no
maximum value. A poolWaitTime of 0 means the Context Pool will not
check if there are idle context. Instead, the request will be notified
when there is a context instance is released from other requests.
The default value is 3000. (Integer, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPContextPool {-id id_name}
Using Jython string:
AdminTask.updateIdMgrLDAPContextPool ('[-id id_name]')
Using Jython list:
AdminTask.updateIdMgrLDAPContextPool (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPContextPool {-interactive}
Using Jython string:
AdminTask.updateIdMgrLDAPContextPool ('[-interactive]')
Using Jython list:
AdminTask.updateIdMgrLDAPContextPool (['-interactive'])
updateIdMgrLDAPEntityType
The updateIdMgrLDAPEntityType command updates an existing LDAP entity type
definition to LDAP repository configuration. You can use this command
to add more values to multi-valued parameters. If the property already
exists, the value of the property will be replaced. If the property
does not exist, it will be added.
Required
parameters
- -id
- The ID of the repository. (String, required)
- -name
- The name of the entity type. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -searchFilter
- The search filter that you want to use to search the entity type.
(String, optional)
- -objectClasses
- One or more object classes for the entity type. (String, optional)
- -objectClassesForCreate
- The object class that will be when you create an entity type object.
You do not have to specify the value of this parameter if it is the
same as the value of the objectClasses parameter. (String, optional)
- -searchBases
- The search base or bases to use while searching the entity type.
(String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPEntityType {-id id_name -name name_value}
Using Jython string:
AdminTask.updateIdMgrLDAPEntityType ('[-id id_name -name name_value]')
Using Jython list:
AdminTask.updateIdMgrLDAPEntityType (['-id', 'id_name', '-name', 'name_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPEntityType {-interactive}
Using Jython string:
AdminTask.updateIdMgrLDAPEntityType ('[-interactive]')
Using Jython list:
AdminTask.updateIdMgrLDAPEntityType (['-interactive'])
updateIdMgrLDAPGroupDynamicMemberAttr
The updateIdMgrLDAPGroupDynamicMemberAttr command
updates a dynamic member attribute configuration to an LDAP group
configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
- -name
- The name of the LDAP attribute that is used as the group member
attribute. For example, memberURL. (String, required)
- -objectClass
- The group object class that contains the dynamic member attribute.
For example groupOfURLs. If you do not define this parameter,
the dynamic member attribute will apply to all group object classes.
(String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPGroupDynamicMemberAttr {-id id_name -name name_value -objectClass groupOfURLs}
Using Jython string:
AdminTask.updateIdMgrLDAPGroupDynamicMemberAttr ('[-id id_name -name name_value -objectClass groupOfURLs]')
Using Jython list:
AdminTask.updateIdMgrLDAPGroupDynamicMemberAttr (['-id', 'id_name', '-name', 'name_value', '-objectClass', 'groupOfURLs'])
Interactive mode example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPGroupDynamicMemberAttr {-interactive}
Using Jython string:
AdminTask.updateIdMgrLDAPGroupDynamicMemberAttr ('[-interactive]')
Using Jython list:
AdminTask.updateIdMgrLDAPGroupDynamicMemberAttr (['-interactive'])
updateIdMgrLDAPGroupMemberAttr
The updateIdMgrLDAPGroupMemberAttr command updates a member attribute configuration
of an LDAP group configuration.
Required
parameters
- -id
- The ID of the repository. (String, required)
- -name
- The name of the LDAP attribute that is used as the group member
attribute. For example, member or uniqueMember.
(String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -objectClass
- The group object class that contains the member attribute. For
example, groupOfNames or groupOfUniqueNames. If
you do not define this parameter, the member attribute applies to
all group object classes. (String, optional)
- -scope
- The scope of the member attribute. The following are the valid
values:
- direct - The member attribute only contains direct members whereby
the member is directly contained by the group and not contained in
a nested group. For example, if group1 contains group2, group2 contains
user1, then group2 is a direct member of group1 but user1 is not a
direct member of group1. Both member and uniqueMember are direct member
attributes.
- nested - The member attribute contains both direct members and
nested members.
- -dummyMember
- When you create a group without specifying a member, a dummy member
will be filled in automatically to avoid receiving an exception that
indicates that there is a mandatory attribute missing. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPGroupMemberAttr {-id id_name -name name_value}
Using Jython string:
AdminTask.updateIdMgrLDAPGroupMemberAttr ('[-id id_name -name name_value]')
Using Jython list:
AdminTask.updateIdMgrLDAPGroupMemberAttr (['-id', 'id_name', '-name', 'name_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPGroupMemberAttr {-interactive}
Using Jython string:
AdminTask.updateIdMgrLDAPGroupMemberAttr ('[-interactive]')
Using Jython list:
AdminTask.updateIdMgrLDAPGroupMemberAttr (['-interactive'])
updateIdMgrLDAPRepository
The updateIdMgrLDAPRepository command updates an LDAP repository configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -ldapServerType
- The type of LDAP server that is being used. The default value
is IDS51. (String, optional)
- -adapterClassName
- The default value is com.ibm.ws.wim.adapter.ldap.LdapAdapter. (String,
optional)
- -certificateMapMode
- Specifies whether to map X.509 certificates into a LDAP directory
by exact distinguished name or by certificate filter. The default
value is exactdn. To use the certificate filter for the mapping,
specify certificatefilter. (String, optional)
- -certificateFilter
- If certificateMapMode has the value certificatefilter,
then this property specifies the LDAP filter which maps attributes
in the client certificate to entries in LDAP. (String, optional)
- -isExtIdUnique
- Specifies if the external ID is unique. The default value is true.
(Boolean, optional)
- -loginProperties
- Indicates the property name used for login. (String , optional)
Supported configurations: If you define multiple login
properties, then the first login property is programmatically mapped
to the federated repositories principalName property. For example,
if you set
uid;mail as the login properties,
the LDAP attribute uid value is mapped to the federated repositories
principalName property. If you define multiple login properties, after
login, the first login property is returned as the value of the principalName
property. For example, if you pass
joe@yourco.com as the principalName value and the login properties are configured
as uid;mail, the principalName is returned as joe.
sptcfg
- -primaryServerQueryTimeInterval
- Indicates the polling interval for testing the primary server
availability. The value of this parameter is specified in minutes.
The default value is 15. (Integer, optional)
- -returnToPrimaryServer
- Indicates to return to the primary LDAP server when it is available.
The default value is true. (Boolean, optional)
- -searchCountLimit
- The value of search count limit. (Integer, optional)
- -searchPageSize
- The value of search page size. (Integer, optional)
- -searchTimeLimit
- The value of search time limit. (Integer, optional)
- -sslConfiguration
- The SSL configuration. (String, optional)
- -supportAsyncMode
- Indicates if the async mode is supported or not. The default value
is false. (Boolean, optional)
- -supportChangeLog
- This parameter indicates whether the repository supports change
tracking. Valid values for this parameter are none or native. The
default value is none. (String, optional)
- -supportSorting
- Indicates if sorting is supported or not. The default value is false.
(Boolean, optional)
- -supportPaging
- Indicates if paging is supported or not. The default value is false.
(Boolean, optional)
- -supportTransactions
- Indicates if transactions are supported or not. The default value
is false. (Boolean, optional)
- -supportExternalName
- Indicates if external names are supported or not. The default
value is false. (Boolean, optional)
- -translateRDN
- Indicates to translate RDN or not. The default value is false.
(Boolean, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPRepository {-id id_name}
Using Jython string:
AdminTask.updateIdMgrLDAPRepository ('[-id id_name]')
Using Jython list:
AdminTask.updateIdMgrLDAPRepository (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPRepository {-interactive}
Using Jython string:
AdminTask.updateIdMgrLDAPRepository ('[-interactive]')
Using Jython list:
AdminTask.updateIdMgrLDAPRepository (['-interactive'])
updateIdMgrLDAPSearchResultCache
The updateIdMgrLDAPSearchResultCache command updates the LDAP search result
cache configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -cachesDiskOffLoad
- Loads the attributes caches and the search results onto hard disk.
By default, when the number of cache entries reaches the maximum size
of the cache, cache entries are evicted to allow new entries to enter
the caches. If you enable this parameter, the evicted cache entries
will be copied to disk for future access. The default value is false.
(Boolean, optional)
- -enabled
- Enables the search results cache. The default value is true.
(Boolean, optional)
- -cacheSize
- The maximum size of the search results cache. The number of naming
enumeration objects that can be put into the search results cache.
The minimum value of this parameter is 100. The default value
is 2000. (Integer, optional)
- -cacheTimeOut
- The amount of time in seconds before the cached entries in the
search results cache can be not valid. The minimum value for this
parameter is 0. A value of 0 means that the cached
naming enumeration objects will stay in the search results cache until
there are configuration changes. The default value is 600.
(Integer, optional)
- -searchResultSizeLimit
- The maximum number of entries contained in the naming enumeration
object that can be cached in the search results cache.For example,
if the results from a search contains 2000 users, the search results
will not cache in the search results cache if the value of the of
this property is set to 1000. The default value is 1000.
(Integer, optional)
- -cacheDistPolicy
- The distribution policy for the dynamic cache in a cluster environment.
The
valid values are none (for NOT_SHARED), push (for
SHARED_PUSH), and push_pull (for SHARED_PUSH_PULL)
and the default value is none. The value of
this parameter is read during the adapter startup process and the
cache policy is set accordingly.
(String, optional)
Examples
Batch mode
example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPSearchResultCache {-id id_name}
Using Jython string:
AdminTask.updateIdMgrLDAPSearchResultCache ('[-id id_name]')
Using Jython list:
AdminTask.updateIdMgrLDAPSearchResultCache (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPSearchResultCache {-interactive}
Using Jython string:
AdminTask.updateIdMgrLDAPSearchResultCache ('[-interactive]')
Using Jython list:
AdminTask.updateIdMgrLDAPSearchResultCache (['-interactive'])
updateIdMgrLDAPServer
The updateIdMgrLDAPServer command updates an LDAP server configuration for the
LDAP repository ID that you specify.
Required
parameters and return values
- -id
- The ID of the repository. (String, required)
- -host
- The host name for the LDAP server that contains the properties
that you want to modify. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -port
- The port number for the LDAP server. (Integer, optional)
- -authentication
- Indicates the authentication method to use. The default value
is simple. Valid values include: none or strong.
(String, optional)
- -bindDN
- The binding domain name for the LDAP server. (String, optional)
- -bindPassword
- The binding password. The password is encrypted before it is stored.(String,
optional)
- -certificateMapMode
- Specifies whether to map X.509 certificates into a LDAP directory
by exact distinguished name or by certificate filter. The default
value is exactdn. To use the certificate filter for the mapping,
specify certificatefilter. (String, optional)
- -certificateFilter
- If certificateMapMode has the value certificatefilter,
then this property specifies the LDAP filter which maps attributes
in the client certificate to entries in LDAP. (String, optional)
- -connectTimeout
- The connection timeout measured in seconds. (Integer, optional)
Restriction: Due to a current JNDI limitation, the maximum connection
timeout is 20 seconds. Even if you specify a value above 20 seconds,
the connection still times out at 20 seconds.
- -connectionPool
- The connection pool. The default value is false. (Boolean,
optional)
- -derefAliases
- Controls how aliases are dereferenced. The default value is always.
Valid values include:
- never - never deference aliases
- finding - deferences aliases only during name resolution
- searching - deferences aliases only after name resolution
(String, optional)
- -ldapServerType
- The type of LDAP server being used. The default value is IDS51.
(String, optional)
- -primary_host
- The host name for the primary LDAP server. (String, optional)
- -referal
- The LDAP referral. The default value is ignore. Valid
values include: follow, throw, or false.
(String, optional)
- -sslConfiguration
- The SSL configuration. (String, optional)
- -sslEnabled
- Indicates to enable SSL or not. The default value is false.
(Boolean, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPServer {-id id_name -host myhost.ibm.com}
Using Jython string:
AdminTask.updateIdMgrLDAPServer ('[-id id_name -host myhost.ibm.com]')
Using Jython list:
AdminTask.updateIdMgrLDAPServer (['-id', 'id_name', '-host', 'myhost.ibm.com'])
Interactive mode example usage:
Using Jacl:
$AdminTask updateIdMgrLDAPServer {-interactive}
Using Jython string:
AdminTask.updateIdMgrLDAPServer ('[-interactive]')
Using Jython list:
AdminTask.updateIdMgrLDAPServer (['-interactive'])
updateIdMgrRepository
The updateIdMgrRepository command updates the common repository configuration.
Required parameters
- -id
- The ID of the repository. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -adapterClassName
- The implementation class name for the repository adapter. (String,
optional)
- -EntityTypesNot AllowCreate
- The name of the entity type that should not be created in this
repository. (String, optional)
- -EntityTypesNotAllowUpdate
- The name of the entity type that should not be updated in this
repository. (String, optional)
- -EntityTypesNotAllowRead
- The name of the entity type that should not be read from this
repository. (String, optional)
- -EntityTypesNotAllowDelete
- The name of the entity type that should not be deleted from this
repository. (String, optional)
- -isExtIdUnique
- Specifies if the external ID is unique or not. (Boolean, optional)
- -loginProperties
- Indicates the property name used for login. (String, optional)
- -readOnly
- Indicates if this is a read only repository. The default value
is false. (Boolean, optional)
- -repositoriesForGroups
- The repository ID where group data is stored. (String, optional)
- -supportAsyncMode
- Indicates if the adapter supports async mode or not. The default
value is false. (Boolean, optional)
- -supportChangeLog
- This parameter indicates whether the repository supports change
tracking. Valid values for this parameter are none or native. The
default value is none. (String, optional)
- -supportPaging
- Indicates if the repository supports paging or not. (Boolean,
optional)
- -supportSorting
- Indicates if the repository supports sorting or not. (Boolean,
optional)
- -supportTransactions
- Indicates if the repository supports transaction or not. (Boolean,
optional)
- -supportedExternalName
- Indicates if the repository supports external names or not. (Boolean,
optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask updateIdMgrRepository {-id id_name}
Using Jython string:
AdminTask.updateIdMgrRepository ('[-id id_name]')
Using Jython list:
AdminTask.updateIdMgrRepository (['-id', 'id_name'])
Interactive mode example usage:
Using Jacl:
$AdminTask updateIdMgrRepository {-interactive}
Using Jython string:
AdminTask.updateIdMgrRepository ('[-interactive]')
Using Jython list:
AdminTask.updateIdMgrRepository (['-interactive'])
updateIdMgrRepositoryBaseEntry
The updateIdMgrRepositoryBaseEntry command updates a base entry to the specified
repository.
Required parameters
- -id
- The ID of the repository. (String, required)
- -name
- The distinguished name of a base entry. (String, required)
Optional parameters
- -securityDomainName
- Use this parameter to specify the name that uniquely identifies
the security domain. If you do not specify this parameter, the command
uses the global federated repository. (String, optional)
- -nameInRepository
- The distinguished name in the repository that uniquely identifies
the base entry name. (String, optional)
Avoid trouble: ![[Updated in August 2011]](../../delta.gif)
The values specified for both
name and
nameInRepository parameters
must be the same for a database repository.
![[Updated in August 2011]](../../deltaend.gif)
aug2011
gotcha
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask updateIdMgrRepositoryBaseEntry {-id id_name name name_value}
Using Jython string:
AdminTask.updateIdMgrRepositoryBaseEntry ('[-id id_name name name_value]')
Using Jython list:
AdminTask.updateIdMgrRepositoryBaseEntry (['-id', 'id_name', 'name', 'name_value'])
Interactive mode example usage:
Using Jacl:
$AdminTask updateIdMgrRepositoryBaseEntry {-interactive}
Using Jython string:
AdminTask.updateIdMgrRepositoryBaseEntry ('[-interactive]')
Using Jython list:
AdminTask.updateIdMgrRepositoryBaseEntry (['-interactive'])