IdMgrRealmConfig command group for the AdminTask object

You can use the Jython or Jacl scripting languages to configure federated repositories realms. The commands and parameters in the IdMgrRealmConfig group can be used to create and manage your realm configuration.

The IdMgrRealmConfig command group for the AdminTask object includes the following commands:

addIdMgrRealmBaseEntry

The addIdMgrRealmBaseEntry command adds a base entry to a specific realm configuration and links the realm with the repository.

Target Object

None.

Required parameters

-name
Specifies the name of the realm. (String, required)
-baseEntry
Specifies the name of the base entry. (String, optional)

Optional parameters

-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

createIdMgrRealm

The createIdMgrRealm command creates a realm configuration.

Target Object

None.

Required parameters

-name
Specifies the name of the realm. (String, required)

Optional parameters

-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
-securityUse
Specifies a string that indicates if this virtual realm will be used in security now, later, or never. The default value is active. Additional values includes: inactive and nonSelectable. (String, optional)
-delimiter
Specifies the delimiter used for this realm. The default value is /. (String, optional)
-allowOperationIfReposDown
Specifies whether the system allows a repository operation such as get or search to complete successfully, even if repositories in the realm are down. The default value is false. (Boolean, optional)
Avoid trouble Avoid trouble: Even if this parameter is specified, all repositories must be available when you start the server, or the federated repositories will not function properly. gotcha

Examples

Batch mode example usage:

Interactive mode example usage:

deleteIdMgrRealm

The deleteIdMgrRealm command deletes the realm configuration that you specified.

Target Object

None.

Required parameters

-name
The realm name. (String, required)

Optional parameters

-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

deleteIdMgrRealmBaseEntry

The deleteIdMgrRealmBaseEntry command deletes a base entry from a realm configuration that you specified.

The realm must always contain at least one base entry, thus you cannot remove every entry.

Target Object

None.

Required parameters

-name
Specifies the name of the realm. (String, required)
-baseEntry
Specifies the name of a base entry. (String, required)

Optional parameters

-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

deleteIdMgrRealmDefaultParent

Use the deleteIdMgrRealmDefaultParent command to delete the mapping of the default parent of an entity type for a realm.

Target Object

None.

Required parameters

-entityTypeName
Use this parameter to specify the name of a valid supported entity type for which you want to delete the default parent mapping. You can specify an asterisk (*) to delete the default parent mapping for all entity types in the realm. (String, required)

Optional parameters

-name
Use this parameter to specify a valid realm name for which you want to delete the mapping. If you do not specify the -name parameter, the command deletes the mapping for defaultWIMFileBasedRealm, which is the default realm in the federated repository configuration. (String, optional)
-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

getIdMgrDefaultRealm

The getIdMgrDefaultRealm command returns the default realm name.

Target Object

None.

Required parameters

None.

Optional parameters

-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

getIdMgrRepositoriesForRealm

The getIdMgrRepositoriesForRealm command returns repository specific details for the repositories configured for a specified realm.

Target Object

None.

Required parameters

-name
Specifies the name of the realm. (String, required)

Optional parameters

-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

getIdMgrRealm

The getIdMgrRealm command returns the configuration parameters for the realm that you specified.

Target Object

None.

Required parameters

-name
Specifies the name of the realm. (String, required)

Optional parameters

-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

listIdMgrRealms

The listIdMgrRealms command returns all of the names of the configured realms.

Target Object

None.

Required parameters

None.

Optional parameters

-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

listIdMgrRealmBaseEntries

The listIdMgrRealmBaseEntries command returns all of the names of the configured realms.

Target Object

None.

Required parameters

-name
Specifies the name of the realm. (String, required)

Optional parameters

-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

listIdMgrRealmDefaultParents

Use the listIdMgrRealmDefaultParents command to list the mapping of the default parent uniqueName for all entity types in a specified realm.

Target Object

None.

Required parameters

None.

Optional parameters

-name
Use this parameter to specify a valid realm name for which you want to list the mapping. If you do not specify the -name parameter, the command returns the mapping for defaultWIMFileBasedRealm, which is the default realm in the federated repository configuration. (String, optional)
-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Return values

The listIdMgrRealmDefaultParents command returns the mapping of each entity type to default parent uniqueName for the specified realm. The results are returned as a Map where the key is entityType and the value is parentUniqueName.

Examples

Batch mode example usage:

Interactive mode example usage:

listIdMgrRealmURAttrMappings

Use the listIdMgrRealmURAttrMappings command to list the mappings between the user or group attributes for a user registry and the federated repository properties of a specified realm.

Target object

None.

Optional parameters

-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
-name
Use this parameter to specify a valid realm name for which you want to list the mapping.

If you do not specify the -name parameter, the listIdMgrRealmURAttrMappings command returns the mapping of the default realm in the federated repository configuration.

(String, optional)

Return values

The listIdMgrRealmURAttrMappings command returns a HashMap that contains the following structure:
  • The key is the user registry attribute name (URAttrName parameter).
  • The value is another HashMap that contains the propertyForInput and propertyForOutput as keys and the corresponding mapping as the values.
The following example shows a sample output. The example is broken into multiple lines for illustration purposes only.
{userDisplayName={propertyForInput=principalName, propertyForOutput=principalName},
userSecurityName={propertyForInput=principalName, propertyForOutput=principalName},
uniqueUserId={propertyForInput=uniqueName, propertyForOutput=uniqueName},
uniqueGroupId={propertyForInput=uniqueName, propertyForOutput=uniqueName},
groupSecurityName={propertyForInput=cn, propertyForOutput=cn},
groupDisplayName={propertyForInput=cn, propertyForOutput=cn}}

Examples

Batch mode example usage:

Interactive mode example usage:

renameIdMgrRealm

The renameIdMgrRealm command renames the name of the realm that you specified.

Note: Renaming the federated repositories realm name does not update the realm name stored in the security.xml file.

Target Object

None.

Required parameters

-name
Specifies the name of the realm. (String, required)
-newName
Specifies the new name of the realm. (String, required)

Optional parameters

-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

setIdMgrDefaultRealm

The setIdMgrDefaultRealm command sets the default realm name.

Required parameters

-name
Specifies the name of the realm that is used as a default realm when the caller does not specify any in context. (String, required)

Optional parameters

-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

setIdMgrRealmDefaultParent

Use the setIdMgrRealmDefaultParent command to set or modify the default parent uniqueName for an entity type in a specified realm.

Target object

None.

Required parameters

-entityTypeName
Use this parameter to specify the name of a valid supported entity type for which you want to set or modify the default parent. (String, required)
-parentUniqueName
Use this parameter to specify the default parent of the entity type in the specified realm. The default parent specified should be a valid uniqueName in this realm. (String, required)

Optional parameters

-name
Use this parameter to specify a valid realm name for which you want to set or modify the mapping. If you do not specify the -name parameter, the command sets or modifies the mapping for defaultWIMFileBasedRealm, which is the default realm in the federated repository configuration. (String, optional)
-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

setIdMgrRealmURAttrMapping

Use the setIdMgrRealmURAttrMapping command to set or modify the mapping of the user or group attribute for a user registry to a federated repository property of a specified realm.

The setIdMgrRealmURAttrMapping command is available in both connected and local modes. If you run the setIdMgrRealmURAttrMapping command in connected mode, the realm attribute mapping changes take effect after you restart the server.

Target object

None.

Required parameters

-URAttrName
Use this parameter to specify the name of the user or group attribute in a user registry that you want to map. The following case-sensitive values are valid for the URAttrName parameter:
  • uniqueUserId
  • userSecurityName
  • userDisplayName
  • uniqueGroupId
  • groupSecurityName
  • groupDisplayName
Avoid trouble Avoid trouble: If you run the setIdMgrRealmURAttrMapping command multiple times for the same user registry attribute name, it overwrites the previous value.gotcha

(String, required)

-propertyForInput
Use this parameter to specify the name of the federated repository property that maps to the specified user registry attribute (URAttrName parameter) when it is an input parameter for the user registry interface. (String, required)
-propertyForOutput
Use this parameter to specify the name of the federated repository property that maps to the specified user registry attribute (URAttrName parameter) when it is an output parameter (return value) for the user registry interface. (String, required)
Attention: In most cases, the propertyForInput and propertyForInput would be the same.

Optional parameters

-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
-name
Use this parameter to specify a valid realm name for which you want to set or modify the mapping. If you do not specify the name parameter, the setIdMgrRealmURAttrMapping command uses the default realm in the federated repository configuration. (String, optional)

Examples

Batch mode example usage:

Interactive mode example usage:

updateIdMgrRealm

The updateIdMgrRealm command updates the configuration for a realm that you specify.

Target Object

None.

Required parameters

-name
Specifies the name of the realm. (String, required)

Optional parameters

-securityDomainName
Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
-securityUse
Specifies a string that indicates if this realm will be used in security now, later, or never. The default value is active. Additional values includes: inactive and nonSelectable. (String, optional)
-delimiter
specifies the delimiter used for this realm. The default value is /. (String, optional)
-allowOperationIfReposDown
Specifies whether the system allows a repository operation such as get or search to complete successfully, even if repositories in the realm are down. (Boolean, optional)
Avoid trouble Avoid trouble: Even if this parameter is specified, all repositories must be available when you start the server, or the virtual member manager might not function properly. gotcha

Examples

Batch mode example usage:

Interactive mode example usage:

Reference topic    

Terms and conditions for information centers | Feedback

Last updated: April 17, 2014 10:32 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-express-iseries&topic=rxml_atidmgrrealmconfig
File name: rxml_atidmgrrealmconfig.html