You can use the Jython or Jacl scripting languages to configure
security with the wsadmin tool. The commands and parameters in the
WIMManagementCommands group can be used to create and manage groups,
members, and users in the virtual member manager.
Note: If the Use global security settings option is selected for
the user realm or the Global federated repositories option is selected
as the realm type for the specified domain, the user and group management
commands are executed on the federated repository of the admin domain.
For example, if you run the createUser command for the specified domain,
the user is created in the admin domain. However, configuration changes
that are performed on the domain are applied to the security domain-specific
configuration.
The WIMManagementCommands command group for the AdminTask object
includes the following commands:
addMemberToGroup
The addMemberToGroup command
adds a member to a group in the virtual member manager. If successful,
the addMemberToGroup command returns the unique name of the added
member.
Parameters and return values
- -memberUniqueName
- Specifies the unique name value for the user or group that you
want to add to the specified group. This parameter maps to the uniqueName
property in virtual member manager.
- -groupUniqueName
- Specifies the unique name value for the group to which you want
to add the user or group that you specified in the memberUniqueName
parameter. This parameter maps to the uniqueName property in virtual
member manager.
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask addMemberToGroup {-memberUniqueName uid=meyersd,cn=users,dc=yourco,dc=com –groupUniqueName
cn=admins,cn=groups,dc=yourco,dc=com}
Using Jython string:
AdminTask.addMemberToGroup ('[-memberUniqueName uid=meyersd,cn=users,dc=yourco,dc=com –groupUniqueName
cn=admins,cn=groups,dc=yourco,dc=com]')
Using Jython list:
AdminTask.addMemberToGroup (['-memberUniqueName', 'uid=meyersd', 'cn=users', 'dc=yourco', 'dc=yourco',
'groupUniqueName', 'cn=admins', 'cn=groups', 'dc=yourco', 'dc=com'])
Interactive mode example usage:
Using Jacl:
$AdminTask addMemberToGroup {-interactive}
Using Jython string:
AdminTask.addMemberToGroup ('[-interactive]')
Using Jython list:
AdminTask.addMemberToGroup (['-interactive'])
changeMyPassword
The changeMyPassword command
allows you to change your password when you are logged into WebSphere® Application Server.
It requires you to specify your old password and the new password,
and then confirm your new password. If your old password is validated
successfully, and the new password that you specify exactly matches
your confirmation of the new password, then the password is changed.
Important: You can use the changeMyPassword command only for
repositories that have a write adapter for federated repositories.
It will not work for read-only adapters or the federated repositories
user registry bridge that is configured with the local operating system
user registry or a custom user registry.
Parameters and return values
- -oldPassword
- The old password of the user. The value of the oldPassword parameter
is validated against the password of the user in the repository. (String,
required)
- -newPassword
- The new password that must be set for the user. (String, required)
- -confirmNewPassword
- The new password that must be set for the user. The value of the
newPassword and confirmNewPassword parameters must match. (String,
required)
Note: After you change your password, your old password
might continue to remain in effect, allowing you to login using your
old password. This happens if both the authentication cache and basic
authentication cache keys are enabled, causing the old password to
remain valid according to the value specified for cache timeout or
cache size.
You can clear the WebSphere Application Server security
cache so that you do not have to wait for the cacheTimeout to expire.
To clean entries from the AuthCache, you must use the SecurityAdmin
MBeanclearAuthCache methods, clearAuthCache or purgeUserFromCache.
Call
one of the following MBean methods on each WebSphere Application Server
process that requires the subject of the user to be cleared from the
cache. The AuthCache is a cache for each process, so every process
(not just the dmgr) that has the user authenticated must have this
method called:
/**
* clearAuthCache
*/
public void clearAuthCache()
/**
* purgeUserFromCache
*/
public void purgeUserFromAuthCache(String realm, String userid)
The following example shows how you can use wsadmin to
call the clearAuthCache method on the dmgr process:
set sa [$AdminControl queryNames type=SecurityAdmin,process=dmgr,*]
$AdminControl invoke $sa clearAuthCache
For more
information, read Authentication cache settings.
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask changeMyPassword {-oldPassword pwd1 –newPassword pwd2
–confirmNewPassword pwd2}
Using Jython string:
AdminTask.changeMyPassword ('[oldPassword pwd1 –newPassword pwd2
–confirmNewPassword pwd2]')
Using Jython list:
AdminTask.changeMyPassword (['oldPassword', 'pwd1', '–newPassword', 'pwd2',
'–confirmNewPassword', 'pwd2'])
Interactive mode example usage:
Using Jacl:
$AdminTask changeMyPassword {-interactive}
Using Jython string:
AdminTask.changeMyPassword ('[-interactive]'
Using Jython list:
AdminTask.changeMyPassword (['-interactive']))
clearIdMgrRepositoryCache
Use the clearIdMgrRepositoryCache command
to clear all the entities from all of the caches of a specified repository
adapter or all repository adapters.
Avoid trouble: Frequent use of this command to clear the cache may result
in performance degradation. When the entire cache is cleared, the
subsequent operation has to get the details from the repository and
update the cache with this newly retrieved data; so the subsequent
operation takes longer to complete.
gotcha
Parameters and return values
- -id
- Use this parameter to specify the repository ID of the repository
adapter whose cache must be cleared. If you do not specify this parameter
all the caches of all of the repository adapters are cleared. (String,
optional)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask clearIdMgrRepositoryCache {-id repository_ID}
Using Jython string:
AdminTask.clearIdMgrRepositoryCache ('[-id repository_ID]')
Using Jython list:
AdminTask.clearIdMgrRepositoryCache (['-id', 'repository_ID'])
Interactive mode example usage:
Using Jacl:
$AdminTask clearIdMgrRepositoryCache {-interactive}
Using Jython string:
AdminTask.clearIdMgrRepositoryCache ('[-interactive]')
Using Jython list:
AdminTask.clearIdMgrRepositoryCache (['-interactive'])
clearIdMgrUserFromCache
Use the clearIdMgrUserFromCache command
to clear the specified user from the cache of the repository adapter,
if the user exists in the cache.
Important: The
clearIdMgrUserFromCache command
does not clear the group membership details of the user. To clear
group membership information for a user from the cache, use the
getMembershipOfUser wsadmin
command with the
-clearCache parameter. For
more information see the description of the
getMembershipOfUser command.
Parameters and return values
- -principalName
- Use this parameter to specify the login ID of the user to be cleared
from the cache. If the user is in an LDAP repository, then the principalName
must be the distinguished name (DN) of the entry. The user is removed
from the cache of the adapter of the repository where the user exists.
If more than one user is found for the same principal name, then all
of them are cleared from the cache. If the user is not found in the
cache, then cache is not cleared and no error message appears. (String,
required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask clearIdMgrUserFromCache {-principalName login_ID}
Using Jython string:
AdminTask.clearIdMgrUserFromCache ('[-principalName login_ID]')
Using Jython list:
AdminTask.clearIdMgrUserFromCache (['-principalName', 'login_ID'])
Interactive mode example usage:
Using Jacl:
$AdminTask clearIdMgrUserFromCache {-interactive}
Using Jython string:
AdminTask.clearIdMgrUserFromCache ('[-interactive]')
Using Jython list:
AdminTask.clearIdMgrUserFromCache (['-interactive'])
createGroup
The createGroup command
creates a new group in the virtual member manager. After the command
completes, the new group will appear in the repository. For LDAP,
a group must contain a member. The memberUniqueName parameter is optional
in this case. If you set the memberUniqueName parameter to the unique
name of a group or a user, the group or user will be added as a member
of the group.
Parameters and return
values
- -cn
- Specifies the common name for the group that you want to create.
This parameter maps to the cn property in virtual member manager.
(String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
- -description
- Specifies additional information about the group that you want
to create. This parameter maps to the description property in a virtual
member manager object. (String, optional)
- -parent
- Specifies the repository in which you want to create the group.
This parameter maps to the parent property in the virtual member manager.
(String, optional)
- -memberUniqueName
- Specifies the unique name value for the user or group that you
want to add to the new group. This parameter maps to the uniqueName
property in the virtual member manager. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask createGroup {-cn groupA -description a group of admins}
Using Jython string:
AdminTask.createGroup ('[-cn groupA -description a group of admins]')
Using Jython list:
AdminTask.createGroup (['-cn', 'groupA', '-description', 'a group of admins'])
Interactive mode example usage:
Using Jacl:
$AdminTask createGroup {-interactive}
Using Jython string:
AdminTask.createGroup ('[-interactive]')
Using Jython list:
AdminTask.createGroup (['-interactive'])
createUser
The createUser command
creates a new user in the default repository or a repository that
the parent command parameter specifies. This command creates a person
entity and a login account entity in the virtual member manager.
Parameters and return values
- -uid
- Specifies the unique ID for the user that you want to create.
Virtual member manager then creates a uniqueId value and a uniqueName
value for the user. This parameter maps to the uid property in the
virutal member manager. (String, required)
- -password
- Specifies the password for the user. This parameter maps to the
password property in the virtual member manager. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
- -confirmPassword
- Specifies the password again to validate how it was entered for
the password parameter. This parameter maps to the password property
in virtual member manager. (String, optional)
- -cn
- Specifes the first name or given name of the user. This parameter
maps to the cn property in virutal member manager. (String, required)
- -sn
- Specifies the last name or family name of the user. This parameter
maps to the sn property in virtual member manager. (String, required)
- -mail
- Specifies the email address of the user. This parameter maps to
the ibm-PrimaryEmail property in the virtual member manager. (String,
optional)
- -parent
- Specifies the repository in which you want to create the user.
This parameter maps to the parent property in the virtual member manager.
(String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask createUser {-uid 123 -password tempPass -confirmPassword tempPass -cn
Jane -sn Doe -mail janedoe@acme.com}
Using Jython string:
AdminTask.createUser ('[-uid 123 -password tempPass -confirmPassword tempPass -cn
Jane -sn Doe -mail janedoe@acme.com]')
Using Jython list:
AdminTask.createUser (['-uid', '123', '-password', 'tempPass', '-confirmPassword',
'tempPass', '-cn', 'Jane', '-sn', 'Doe', '-mail', 'janedoe@acme.com'])
Interactive mode example usage:
Using Jacl:
$AdminTask createUser {-interactive}
Using Jython string:
AdminTask.createUser ('[-interactive]')
Using Jython list:
AdminTask.createUser (['-interactive'])
deleteGroup
The deleteGroup command
deletes a group in the virtual member manager. You cannot use this
command to delete descendants. When this command completes, the group
will be deleted from the repository.
Parameters
and return values
- -uniqueName
- Specifies the unique name value for the group that you want to
delete. This parameter maps to the uniqueName property in virtual
member manager. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask deleteGroup {-uniqueName cn=operators,cn=users,dc=yourco,dc=com}
Using Jython string:
AdminTask.deleteGroup ('[-uniqueName cn=operators,cn=users,dc=yourco,dc=com]')
Using Jython list:
AdminTask.deleteGroup (['-uniqueName', 'cn=operators,cn=users,dc=yourco,dc=com'])
Interactive mode example usage:
Using Jacl:
$AdminTask deleteGroup {-interactive}
Using Jython string:
AdminTask.deleteGroup ('[-interactive]')
Using Jython list:
AdminTask.deleteGroup (['-interactive'])
deleteUser
The deleteUser command
deletes a user from the virtual member manager. This includes a person
object and an account object in the non-merged repositories.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the user that you want to
delete. This parameter maps to the uniqueName property in virtual
member manager. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask deleteUser {-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com}
Using Jython string:
AdminTask.deleteUser ('[-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com]')
Using Jython list:
AdminTask.deleteUser (['-uniqueName', 'uid=dmeyers,cn=users,dc=yourco,dc=com'])
Interactive mode example usage:
Using Jacl:
$AdminTask deleteUser {-interactive}
Using Jython string:
AdminTask.deleteUser ('[-interactive]')
Using Jython list:
AdminTask.deleteUser (['-interactive'])
duplicateMembershipOfGroup
Use the duplicateMembershipOfGroup command to make a one group a member of all
of the same groups as another group. For example, group A is in group
B and group C. To add group D to the same groups as group A, use the duplicateMembershipOfGroup command.
Parameters
and return values
- -copyToUniqueName
- Specifies the name of the group to which you want to add the memberships
of the group specified in the copyFromUniqueName parameter. (String,
required)
- -copyFromUniqueName
- Specifies the name of the group from which you want to copy the
group memberships for another group to use. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask duplicateMembershipOfGroup {-copyToUniqueName cn=operators,cn=groups,dc=yourco,dc=com
-copyFromUniqueName cn=admins,cn=groups,dc=yourco,dc=com}
Using Jython string:
AdminTask.duplicateMembershipOfGroup ('[-copyToUniqueName cn=operators,cn=groups,dc=yourco,dc=com
-copyFromUniqueName cn=admins,cn=groups,dc=yourco,dc=com]')
Using Jython list:
AdminTask.duplicateMembershipOfGroup (['-copyToUniqueName', 'cn=operators,cn=groups,dc=yourco,dc=com',
'-copyFromUniqueName', 'cn=admins,cn=groups,dc=yourco,dc=com'])
Interactive mode example usage:
Using Jacl:
$AdminTask duplicateMembershipOfGroup {-interactive}
Using Jython string:
AdminTask.duplicateMembershipOfGroup ('[-interactive]')
Using Jython list:
AdminTask.duplicateMembershipOfGroup (['-interactive'])
duplicateMembershipOfUser
Use the duplicateMembershipOfUser command to make a one user a member of all of
the same groups as another user. For example, user 1 is in group B
and group C. To add user 2 to the same groups as user 1, use the duplicateMembershipOfUser command.
Parameters
and return values
- -copyToUniqueName
- Specifies the name of the user to which you want to add the memberships
of the user specified in the copyFromUniqueName parameter. (String,
required)
- -copyFromUniqueName
- Specifies the name of the user from which you want to copy the
group memberships for another user to use. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask duplicateMembershipOfUser {-copyToUniqueName uid=meyersd,cn=users,dc=yourco,dc=com
-copyFromUniqueName uid=jhart,cn=users,dc=yourco,dc=com}
Using Jython string:
AdminTask.duplicateMembershipOfUser ('[-copyToUniqueName uid=meyersd,cn=users,dc=yourco,dc=com
-copyFromUniqueName uid=jhart,cn=users,dc=yourco,dc=com]')
Using Jython list:
AdminTask.duplicateMembershipOfUser (['-copyToUniqueName', 'uid=meyersd,cn=users,dc=yourco,dc=com',
'-copyFromUniqueName', 'uid=jhart,cn=users,dc=yourco,dc=com'])
Interactive mode example usage:
Using Jacl:
$AdminTask duplicateMembershipOfUser {-interactive}
Using Jython string:
AdminTask.duplicateMembershipOfUser ('[-interactive]')
Using Jython list:
AdminTask.duplicateMembershipOfUser (['-interactive'])
getGroup
The getGroup command
retrieves the common name and description of a group.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the group that you want to
view. This parameter maps to the uniqueName property in virtual member
manager. (String, required)
- -clearCache
- Specifies whether the repository adapter cache should be cleared
before retrieving the specified group information. (String, optional)
- Valid values are:
- clearEntity: Clears the cache for the specified
group, if the group exists in the cache.
- clearAll: Clears cached information for
all of the entities in the adapter of the repository where the specified
group exists.
The values are not case-sensitive. There is no default value
for this parameter. If you do not specify a value, or specify a value
other than clearEntity or clearAll,
an error message appears.
Avoid trouble: Frequent use of this parameter
to clear the cache may result in performance degradation. When the
cache is cleared, the subsequent operation has to get the details
from the repository and update the cache with this newly retrieved
data. The impact on performance is more pronounced if you use the
clearAll mode,
as this invalidates the entire cache, and the subsequent operation
takes longer to complete.
gotcha
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getGroup {-uniqueName cn=operators,cn=groups,dc=yourco,dc=com}
Using Jython string:
AdminTask.getGroup ('[-uniqueName cn=operators,cn=groups,dc=yourco,dc=com]')
Using Jython list:
AdminTask.getGroup (['-uniqueName', 'cn=operators,cn=groups,dc=yourco,dc=com'])
Interactive mode example usage:
Using Jacl:
$AdminTask getGroup {-interactive}
Using Jython string:
AdminTask.getGroup ('[-interactive]')
Using Jython list:
AdminTask.getGroup (['-interactive'])
getIdMgrSupportedDataTypes
The getIdMgrSupportedDataTypes command
returns a list of all data types that are supported by a specified
repository or all default data types that are supported by federated
repositories. This command is available in both connected and local
modes.
Note: If you run this command in local mode
for a user registry that uses Resource Access Control Facility (RACF),
nothing is returned.
Parameters
and return values
- -id
- Use this parameter to specify the ID of the repository. If you
do not specify this parameter, the default data types that are supported
by federated repositories are returned. (String, optional)
- Specify LA as the value of the –id parameter
to retrieve the data types supported by property extension repository.
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
The getIdMgrSupportedDataTypes command
returns a list with the names of supported data types:
String
Int
Boolean
Long
Double
Base64binary
AnySimpleType
AnyURI
Byte
DateTime
Date
Short
Token
IdentifierType
Examples
Batch mode
example usage:
Using Jacl:
$AdminTask getIdMgrSupportedDataTypes
Using Jython string:
AdminTask.getIdMgrSupportedDataTypes ()
Using Jython list:
AdminTask.getIdMgrSupportedDataTypes ()
Interactive mode example usage:
Using Jacl:
$AdminTask getIdMgrSupportedDataTypes {-interactive}
Using Jython string:
AdminTask.getIdMgrSupportedDataTypes ('[-interactive]')
Using Jython list:
AdminTask.getIdMgrSupportedDataTypes (['-interactive'])
getMembershipOfGroup
The getMembershipOfGroup command retrieves the groups of which a group is a member.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the group whose group memberships
you want to view. This parameter maps to the uniqueName property in
virtual member manager. (String, required)
- -clearCache
- Specifies whether the repository adapter cache should be cleared
before retrieving the specified group information. (String, optional)
- Valid values are:
- clearEntity: Clears the cache for the specified
group, if the group exists in the cache.
- clearAll: Clears cached information for
all of the entities in the adapter of the repository where the specified
group exists.
The values are not case-sensitive. There is no default value
for this parameter. If you do not specify a value, or specify a value
other than clearEntity or clearAll,
an error message appears.
Avoid trouble: Frequent use of this parameter
to clear the cache may result in performance degradation. When the
cache is cleared, the subsequent operation has to get the details
from the repository and update the cache with this newly retrieved
data. The impact on performance is more pronounced if you use the
clearAll mode,
as this invalidates the entire cache, and the subsequent operation
takes longer to complete.
gotcha
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getMembershipOfGroup {-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com}
Using Jython string:
AdminTask.getMembershipOfGroup ('[-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com]')
Using Jython list:
AdminTask.getMembershipOfGroup (['-uniqueName', 'uid=dmeyers,cn=users,dc=yourco,dc=com'])
Interactive mode example usage:
Using Jacl:
$AdminTask getMembershipOfGroup {-interactive}
Using Jython string:
AdminTask.getMembershipOfGroup ('[-interactive]')
Using Jython list:
AdminTask.getMembershipOfGroup (['-interactive'])
getMembershipOfUser
The getMembershipOfUser command retrieves the groups of which a user is
a member.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the user whose group memberships
you want to view. This parameter maps to the uniqueName property in
virtual member manager. (String, required)
- -clearCache
- Specifies whether the repository adapter cache should be cleared
before retrieving the specified user information. (String, optional)
- Valid values are:
- clearEntity: Clears the cache for the specified
user, if the user exists in the cache.
- clearAll: Clears cached information for
all of the entities in the adapter of the repository where the specified
user exists.
The values are not case-sensitive. There is no default value
for this parameter. If you do not specify a value, or specify a value
other than clearEntity or clearAll,
an error message appears.
Avoid trouble: Frequent use of this parameter
to clear the cache may result in performance degradation. When the
cache is cleared, the subsequent operation has to get the details
from the repository and update the cache with this newly retrieved
data. The impact on performance is more pronounced if you use the
clearAll mode,
as this invalidates the entire cache, and the subsequent operation
takes longer to complete.
gotcha
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getMembershipOfUser {-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com}
Using Jython string:
AdminTask.getMembershipOfUser ('[-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com]')
Using Jython list:
AdminTask.getMembershipOfUser (['-uniqueName', 'uid=dmeyers,cn=users,dc=yourco,dc=com'])
Interactive mode example usage:
Using Jacl:
$AdminTask getMembershipOfUser {-interactive}
Using Jython string:
AdminTask.getMembershipOfUser ('[-interactive]')
Using Jython list:
AdminTask.getMembershipOfUser (['-interactive'])
getMembersOfGroup
The getMembersOfGroup command retrieves the members
of a group.
Parameters and return
values
- -uniqueName
- Specifies the unique name value for the group whose members you
want to view. This parameter maps to the uniqueName property in virtual
member manager. (String, required)
- -clearCache
- Specifies whether the repository adapter cache should be cleared
before retrieving the specified group information. (String, optional)
- Valid values are:
- clearEntity: Clears the cache for the specified
group, if the group exists in the cache.
- clearAll: Clears cached information for
all of the entities in the adapter of the repository where the specified
group exists.
The values are not case-sensitive. There is no default value
for this parameter. If you do not specify a value, or specify a value
other than clearEntity or clearAll,
an error message appears.
Avoid trouble: Frequent use of this parameter
to clear the cache may result in performance degradation. When the
cache is cleared, the subsequent operation has to get the details
from the repository and update the cache with this newly retrieved
data. The impact on performance is more pronounced if you use the
clearAll mode,
as this invalidates the entire cache, and the subsequent operation
takes longer to complete.
gotcha
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getMembersOfGroup {-uniqueName cn=operators,cn=groups,dc=yourco,dc=com}
Using Jython string:
AdminTask.getMembersOfGroup ('[-uniqueName cn=operators,cn=groups,dc=yourco,dc=com]')
Using Jython list:
AdminTask.getMembersOfGroup [('-uniqueName', 'cn=operators,cn=groups,dc=yourco,dc=com'])
Interactive mode example usage:
Using Jacl:
$AdminTask getMembersOfGroup {-interactive}
Using Jython string:
AdminTask.getMembersOfGroup ('[-interactive]')
Using Jython list:
AdminTask.getMembersOfGroup (['-interactive'])
getUser
The getUser command
retrieves information about a user in the virtual member manager.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the user that you want to
view. This parameter maps to the uniqueName property in the virtual
member manager. (String, required)
- -clearCache
- Specifies whether the repository adapter cache should be cleared
before retrieving the specified user information. (String, optional)
- Valid values are:
- clearEntity: Clears the cache for the specified
user, if the user exists in the cache.
- clearAll: Clears cached information for
all of the entities in the adapter of the repository where the specified
user exists.
The values are not case-sensitive. There is no default value
for this parameter. If you do not specify a value, or specify a value
other than clearEntity or clearAll,
an error message appears.
Avoid trouble: Frequent use of this parameter
to clear the cache may result in performance degradation. When the
cache is cleared, the subsequent operation has to get the details
from the repository and update the cache with this newly retrieved
data. The impact on performance is more pronounced if you use the
clearAll mode,
as this invalidates the entire cache, and the subsequent operation
takes longer to complete.
gotcha
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask getUser {-userName uid=dmeyers,cn=users,dc=yourco,dc=com}
Using Jython string:
AdminTask.getUser ('[-userName uid=dmeyers,cn=users,dc=yourco,dc=com]')
Using Jython list:
AdminTask.getUser (['-userName', 'uid=dmeyers,cn=users,dc=yourco,dc=com'])
Interactive mode example usage:
Using Jacl:
$AdminTask getUser {-interactive}
Using Jython string:
AdminTask.getUser ('[-interactive]')
Using Jython list:
AdminTask.getUser (['-interactive'])
removeMemberFromGroup
The removeMemberFromGroup command removes a user or a group from a group.
Parameters and return values
- -memberUniqueName
- Specifies the unique name value for the user or group that you
want to remove from the specified group. This parameter maps to the
uniqueName property in virtual member manager. (String, required)
- -groupUniqueName
- Specifies the unique name value for the group from which you want
to remove the user or group that you specified with the memberUniqueName
paramter. This parameter maps to the uniqueName property in virtual
member manager. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask removeMemberFromGroup {-memberUniqueName uid=meyersd,cn=users,dc=yourco,dc=com
-groupUniqueName cn=admins,cn-groups,dc=yourco,dc=com}
Using Jython string:
AdminTask.removeMemberFromGroup ('[-memberUniqueName uid=meyersd,cn=users,dc=yourco,dc=com
-groupUniqueName cn=admins,cn-groups,dc=yourco,dc=com]')
Using Jython list:
AdminTask.removeMemberFromGroup (['-memberUniqueName', 'uid=meyersd,cn=users,dc=yourco,dc=com',
'-groupUniqueName', 'cn=admins,cn-groups,dc=yourco,dc=com'])
Interactive mode example usage:
Using Jacl:
$AdminTask removeMemberFromGroup {-interactive}
Using Jython string:
AdminTask.removeMemberFromGroup ('[-interactive]')
Using Jython list:
AdminTask.removeMemberFromGroup (['-interactive'])
searchGroups
Use the searchGroups command
to find groups in the virtual member manager that match criteria that
you provide. For example, you can use the searchGroups command
to find all of the groups with a common name that begins with IBM.
You can search for any virtual member manager property because the
command is generic.
Parameters and
return values
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
- -cn
- The first name or given name of the user. This parameter maps
to the cn property in the virtual member manager. You must set this
parameter or the description parameter, but not both. (String, optional)
- -description
- Specifies information about the group. This parameter maps to
the description entity in a virtual member manager object. You must
set this parameter or the cn parameter, but not both. (String, optional)
- -timeLimit
- Specifies the maximum amount of time in milliseconds that the
search can run. The default value is no time limit. (String, optional)
- -countLimit
- Specifies the maximum number of results that you want returned
from the search. By default, all groups found in the search are returned.
(String, optional)
- -clearCache
- Specifies whether the repository adapter cache should be cleared
before performing the search operation for groups. (String, optional)
- The valid value is clearAll, which clears
all of the cached information in the repository adapter. The value
is not case-sensitive. There is no default value for this parameter.
If you do not specify a value, or specify a value other than clearAll,
an error message appears.
Avoid trouble: Frequent use of this parameter
to clear the cache may result in performance degradation. When the
cache is cleared, the subsequent operation has to get the details
from the repository and update the cache with this newly retrieved
data; so the subsequent operation takes longer to complete.
gotcha
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask searchGroups {cn *IBM*}
Using Jython string:
AdminTask.searchGroups('[-cn *IBM*]')
Using Jython list:
AdminTask.searchGroups(['-cn', '*IBM*'])
Interactive mode example usage:
Using Jacl:
$AdminTask searchGroups {-interactive}
Using Jython string:
AdminTask.searchGroups ('[-interactive]')
Using Jython list:
AdminTask.searchGroups (['-interactive'])
searchUsers
Use the searchUsers command
to find users in the virtual member manager that match criteria that
you provide. For example, you can use the searchUsers command
to find all of the telephone numbers that contain 919. You
can search for any virtual member manager property because the command
is generic.
Parameters and return
values
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
- -principalName
- Specifies the principal name oft he user that is used as the logon
ID for the user in the system. This parameter maps to the principalName
property in virtual member manager. You must specify only one of the
following parameters: principalName, uid, cn, sn, or ibm-primaryEmail.
(String, optional)
- -uid
- Specifies the unique ID value for the user for whom you want to
search. This parameter maps to the uid property in virtual member
manage. You must specify only one of the following parameters: principalName,
uid, cn, sn, or ibm-primaryEmail. (String, optional)
- -cn
- Specifies the first name or given name of the user. This parameter
maps to the cn property in virtual member manager. You must specify
only one of the following parameters: principalName, uid, cn, sn,
or ibm-primaryEmail. (String, optional)
- -sn
- Specifies the last name or family name of the user. This parameter
maps to the sn property in virtual member manager. You must specify
only one of the following parameters: principalName, uid, cn, sn,
or ibm-primaryEmail. (String, optional)
- -ibm-primaryEmail
- Specifies the email address of the user. This parameter maps to
the ibm-PrimaryEmail property in the virtual member manager. You must
specify only one of the following parameters: principalName, uid,
cn, sn, or ibm-primaryEmail. (String, optional)
- -timeLimit
- Specifies the maximum amount of time in milliseconds that the
search can run. The default is not time limit. (String, optional)
- -countLimit
- Specifies the maximum number of results that you want returned
from the search. By default, all users found int he search are returned.
(String, optional)
- -clearCache
- Specifies whether the repository adapter cache should be cleared
before performing the search operation for users. (String, optional)
- The valid value is clearAll, which clears
all of the cached information in the repository adapter. The value
is not case-sensitive. There is no default value for this parameter.
If you do not specify a value, or specify a value other than clearAll,
an error message appears.
Avoid trouble: Frequent use of this parameter
to clear the cache may result in performance degradation. When the
cache is cleared, the subsequent operation has to get the details
from the repository and update the cache with this newly retrieved
data; so the subsequent operation takes longer to complete.
gotcha
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask searchUsers {-principalName */IBM/US*}
Using Jython string:
AdminTask.searchUsers ('[-principalName */IBM/US*]')
Using Jython list:
AdminTask.searchUsers (['-principalName', '*/IBM/US*'])
Interactive mode example usage:
Using Jacl:
$AdminTask searchUsers {-interactive}
Using Jython string:
AdminTask.searchUsers ('[-interactive]')
Using Jython list:
AdminTask.searchUsers (['-interactive'])
updateGroup
The updateGroup command
updates the common name or the description of a group.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the group for which you want
to modify the properties. This parameter maps to the uniqueName property
in virtual member manager. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
- -cn
- Specifies the new common name used for the group. This parameter
maps to the cn property in virtual member manager. (String, optional)
- -description
- Specifies the new information about the group. This parameter
maps to the description entity in a virtual member manager object.
(String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask updateGroup {-uniqueName cn=operators,cn=groups,dc=yourco,dc=com -cn groupA}
Using Jython string:
AdminTask.updateGroup ('[-uniqueName cn=operators,cn=groups,dc=yourco,dc=com -cn groupA]')
Using Jython list:
AdminTask.updateGroup (['-uniqueName', 'cn=operators,cn=groups,dc=yourco,dc=com', '-cn', 'groupA'])
Interactive mode example usage:
Using Jacl:
$AdminTask updateGroup {-interactive}
Using Jython string:
AdminTask.updateGroup ('[-interactive]')
Using Jython list:
AdminTask.updateGroup (['-interactive'])
updateUser
The updateUser command
updates the following properties: uniqueName, uid, password, cn, sn,
or ibm-primaryEmail.
Parameters and
return values
- -uniqueName
- Specifies the unique name value for the user for which you want
to modify the properties. This parameter maps to the uniqueName property
in virtual member manager. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain.
If you do not specify this parameter, the command uses the global
federated repository. (String, optional)
- -uid
- Specifies the new unique ID value for the user. This parameter
maps to the uid property in virtual member manager. (String, optional)
- -password
- Specifies the new password for the user. This parameter maps to
the password property in virtual member manager. (String, optional)
- -confirmPassword
- Specifies the password again to validate how it was entered on
the password parameter. This parameter maps to the password property
in virtual member manager. (String, optional)
- -cn
- Specifies the new first name or given name of the user. This parameter
maps to the cn property in virtual member manager. (String, optional)
- -surname
- Specifies the new last name or family name of the user. This parameter
maps to the sn property in virtual member manager. (String, optional)
- -ibm-primaryEmail
- Specifies the new email address of the user. This parameter maps
to the mail property in virtual member manager. (String, optional)
Examples
Batch
mode example usage:
Using Jacl:
$AdminTask updateUser {-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com -uid 123}
Using Jython string:
AdminTask.updateUser ('[-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com -uid 123]')
Using Jython list:
AdminTask.updateUser (['-uniqueName', 'uid=dmeyers,cn=users,dc=yourco,dc=com', '-uid', '123'])
Interactive mode example usage:
Using Jacl:
$AdminTask updateUser {-interactive}
Using Jython string:
AdminTask.updateUser ('[-interactive]')
Using Jython list:
AdminTask.updateUser (['-interactive'])