Network Deployment (Distributed operating systems), v8.0 > Reference > Commands (wsadmin scripting)

IdMgrConfig command group

Use the Jython or Jacl scripting languages to configure the virtual member manager with wsadmin.sh. The commands and parameters in the IdMgrConfig group can be used to create and manage your entity type configuration.

The IdMgrConfig command group includes the following commands:

• createIdMgrSupportedEntityType

• deleteIdMgrSupportedEntityType

• getIdMgrSupportedEntityType

• isIdMgrUseGlobalSchemaForModel

• listIdMgrSupportedEntityTypes

• listIdMgrGroupsForRoles

• listIdMgrUsersForRoles

• mapIdMgrUserToRole

• mapIdMgrGroupToRole

• removeIdMgrGroupsFromRole

• removeIdMgrUsersFromRole

• resetIdMgrConfig

• setIdMgrUseGlobalSchemaForModel

• showIdMgrConfig

• updateIdMgrLDAPBindInfo

• updateIdMgrSupportedEntityType

createIdMgrSupportedEntityType

The createIdMgrSupportedEntityType command creates a supported entity type configuration.

Parameters

-name

The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)

-defaultParent

The default parent node for the supported entity type. (String, required)

-rdnProperties

The RDN attribute name for the supported entity type in the entity domain name.

To reset all values of the rdnProperties parameter, specify a blank string ("") (String, required)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask createIdMgrSupportedEntityType {-name entity1
–defaultParent node1 –rdnProperties rdn1}

### Jython string

AdminTask.createIdMgrSupportedEntityType ('[-name entity1
–defaultParent node1 –rdnProperties rdn1]')

• Jython list:

  AdminTask.createIdMgrSupportedEntityType (['-name', 'entity1',
  '–defaultParent', 'node1', '–rdnProperties', 'rdn1'])
  

Interactive example...

### Jacl

$AdminTask createIdMgrSupportedEntityType {-interactive}

### Jython string

AdminTask.createIdMgrSupportedEntityType ('[-interactive]')

• Jython list:

  AdminTask.createIdMgrSupportedEntityType (['-interactive'])
  

deleteIdMgrSupportedEntityType

The deleteIdMgrSupportedEntityType command deletes the supported entity type configuration that you specify.

Parameters

-name

The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask deleteIdMgrSupportedEntityType {-name entity1}

### Jython string

AdminTask.deleteIdMgrSupportedEntityType ('[-name entity1]')

• Jython list:

  AdminTask.deleteIdMgrSupportedEntityType (['-name', 'entity1'])
  

Interactive example...

### Jacl

$AdminTask deleteIdMgrSupportedEntityType {-interactive}

### Jython string

AdminTask.deleteIdMgrSupportedEntityType ('[-interactive]')

• Jython list:

  AdminTask.deleteIdMgrSupportedEntityType (['-interactive'])
  

getIdMgrSupportedEntityType

The getIdMgrSupportedEntityType command returns the configuration of the supported entity type that you specify.

Parameters

-name

The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask getIdMgrSupportedEntityType {-name entity1}

### Jython string

AdminTask.getIdMgrSupportedEntityType ('[-name entity1]')

• Jython list:

  AdminTask.getIdMgrSupportedEntityType (['-name', 'entity1'])
  

Interactive example...

### Jacl

$AdminTask getIdMgrSupportedEntityType {-interactive}

### Jython string

AdminTask.getIdMgrSupportedEntityType ('[-interactive]')

• Jython list:

  AdminTask.getIdMgrSupportedEntityType (['-interactive'])
  

isIdMgrUseGlobalSchemaForModel

The isIdMgrUseGlobalSchemaForModel command returns a boolean that indicates whether the global schema option is enabled for the data model for the specified domain in a multiple security domain environment.

Parameters

-securityDomainName

The name that uniquely identifies the security domain. (String, required)

Returns

A Boolean value that indicates whether global schema option is enabled for the data model for the specified domain.

Examples

Batch example...

### Jacl

$AdminTask isIdMgrUseGlobalSchemaForModel {–securityDomainName mysecDomain}

### Jython string

AdminTask.isIdMgrUseGlobalSchemaForModel ('[–securityDomainName mysecDomain]')

• Jython list:

  AdminTask.isIdMgrUseGlobalSchemaForModel (['–securityDomainName', 'mysecDomain'])
  

Interactive example...

### Jacl

$AdminTask isIdMgrUseGlobalSchemaForModel {-interactive}

### Jython string

AdminTask.isIdMgrUseGlobalSchemaForModel ('[-interactive]')

• Jython list:

  AdminTask.isIdMgrUseGlobalSchemaForModel (['-interactive'])
  

listIdMgrSupportedEntityTypes

The listIdMgrSupportedEntityTypes command lists all of the supported entity types that are configured.

Parameters

-securityDomainName

The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Returns

A list that contains the names of the supported entity types

Examples

Batch example...:

### Jacl

$AdminTask listIdMgrSupportedEntityTypes

### Jython string

AdminTask.listIdMgrSupportedEntityTypes()

• Jython list:

  AdminTask.listIdMgrSupportedEntityTypes()
  

Interactive example...

### Jacl

$AdminTask listIdMgrSupportedEntityTypes {-interactive}

### Jython string

AdminTask.listIdMgrSupportedEntityTypes ('[-interactive]')

• Jython list:

  AdminTask.listIdMgrSupportedEntityTypes (['-interactive'])
  

listIdMgrGroupsForRoles

The listIdMgrGroupsForRoles command lists the mapping of groups to roles in federated repositories.

Parameters

-securityDomainName

The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Returns

A Map object that contains roleName as the key, and the value of each key is a list of uniqueNames.

Examples

Batch example...

### Jacl

$AdminTask listIdMgrGroupsForRoles

### Jython string

AdminTask.listIdMgrGroupsForRoles ()

• Jython list:

  AdminTask.listIdMgrGroupsForRoles ()
  

Interactive example...

### Jacl

$AdminTask listIdMgrGroupsForRoles {-interactive}

### Jython string

AdminTask.listIdMgrGroupsForRoles ('[interactive]')

• Jython list:

  AdminTask.listIdMgrGroupsForRoles (['interactive'])
  

listIdMgrUsersForRoles

The listIdMgrUsersForRoles command lists the mapping of users to roles in federated repositories.

Parameters

-securityDomainName

The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Returns

A Map object that contains roleName as the key, and the value of each key is a list of uniqueNames.

Examples

Batch example...

### Jacl

$AdminTask listIdMgrUsersForRoles

### Jython string

AdminTask.listIdMgrUsersForRoles ()

• Jython list:

  AdminTask.listIdMgrUsersForRoles ()
  

Interactive example...

### Jacl

$AdminTask listIdMgrUsersForRoles {-interactive}

### Jython string

AdminTask.listIdMgrUsersForRoles ('[-interactive]')

• Jython list:

  AdminTask.listIdMgrUsersForRoles (['-interactive'])
  

mapIdMgrUserToRole

The mapIdMgrUserToRole command maps a user to a specified role in federated repositories. We can map a user to only one role.

Parameters

-roleName

The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)

-userId

The user ID or unique name of the user to whom to map the specified role. If you specify the user ID, it should correspond to a unique user in the repository. (String, required)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask mapIdMgrUserToRole {-roleName IdMgrWriter -userId uid=user1,o=customrealm}

### Jython string

AdminTask.mapIdMgrUserToRole ('[-roleName IdMgrWriter -userId user1,o=customrealm]')

• Jython list:

  AdminTask.mapIdMgrUserToRole (['-roleName', 'IdMgrWriter', '-userId', 'uid=user1,o=customrealm'])
  

Interactive example...

### Jacl

$AdminTask mapIdMgrUserToRole {-interactive}}

### Jython string

AdminTask.mapIdMgrUserToRole ('[-interactive]')

• Jython list:

  AdminTask.mapIdMgrUserToRole (['-interactive'])
  

mapIdMgrGroupToRole

The mapIdMgrGroupToRole command maps a group to a specified role in federated repositories. We can map a group to only one role.

Parameters

-roleName

The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)

-groupId

The common name or unique name of the group to which you want to map the specified role. If you specify the common name, it should correspond to a unique group in the repository. Alternately, to map all logged-in users to the specified role, you can specify a special subject with the value ALLAUTHENTICATED. (String, required)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

• Use Jacl (example 1):

  $AdminTask mapIdMgrGroupToRole {-roleName IdMgrReader
  -groupId cn=group1,o=customrealm}
  

  Use Jacl (example 2):

  $AdminTask mapIdMgrGroupToRole {-roleName IdMgrWriter
  -groupId ALLAUTHENTICATED}
  

• Jython string (example 1):

  AdminTask.mapIdMgrGroupToRole ('[-roleName IdMgrReader
  -groupId cn=group1,o=customrealm]')
  

  Jython string (example 2):

  AdminTask.mapIdMgrGroupToRole ('[-roleName IdMgrWriter
  -groupId ALLAUTHENTICATED]')
  

• Jython list (example 1):

  AdminTask.mapIdMgrGroupToRole (['-roleName', 'IdMgrReader',
  '-groupId', 'cn=group1,o=customrealm'])
  

  Jython list (example 2):

  AdminTask.mapIdMgrGroupToRole (['-roleName', 'IdMgrReader',
  '-groupId', 'ALLAUTHENTICATED'])
  

Interactive example...

### Jacl

$AdminTask mapIdMgrGroupToRole {-interactive}

### Jython string

AdminTask.mapIdMgrGroupToRole ('[-interactive]')

• Jython list:

  AdminTask.mapIdMgrGroupToRole (['-interactive'])
  

removeIdMgrGroupsFromRole

The removeIdMgrGroupsFromRole command removes a group from a specified role in federated repositories.

Parameters

-roleName

The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)

-groupId

The common name or unique name of the group to which you want to map the specified role. If you specify the common name, it should correspond to a unique group in the repository. Alternately, to remove the mapping of all logged-in users to the specified role, you can specify a special subject with the value ALLAUTHENTICATED. (String, required)

We can specify an asterisk (*) to remove all users mapped to the specified role.

-securityDomainName

The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

• Use Jacl (example 1):

  $AdminTask removeIdMgrGroupsFromRole {-roleName IdMgrReader
  -groupId cn=group1,o=customrealm}
  

  Use Jacl (example 2):

  $AdminTask removeIdMgrGroupsFromRole {-roleName IdMgrReader
  -groupId ALLAUTHENTICATED}
  

• Jython string (example 1):

  AdminTask.removeIdMgrGroupsFromRole ('[-roleName IdMgrReader
  -groupId cn=group1,o=customrealm]')
  

  Jython string (example 2):

  AdminTask.removeIdMgrGroupsFromRole ('[-roleName IdMgrReader
  -groupId ALLAUTHENTICATED]')
  

• Jython list (example 1):

  AdminTask.removeIdMgrGroupsFromRole (['-roleName', 'IdMgrReader',
  '-groupId', 'cn=group1,o=customrealm'])
  

  Jython list (example 2):

  AdminTask.removeIdMgrGroupsFromRole (['-roleName', 'IdMgrReader',
  '-groupId', 'ALLAUTHENTICATED'])
  

Interactive example...

### Jacl

$AdminTask removeIdMgrGroupsFromRole {-interactive}

### Jython string

AdminTask.removeIdMgrGroupsFromRole ('[-interactive]')

• Jython list:

  AdminTask.removeIdMgrGroupsFromRole (['-interactive'])'])
  

removeIdMgrUsersFromRole

The removeIdMgrUsersFromRole command removes a user from a specified role in federated repositories.

Parameters

-roleName

The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)

-userId

The user ID or unique name of the user whose mapping to the specified role to remove. If you specify the user ID, it should correspond to a unique user in the repository. (String, required)

We can specify an asterisk (*) to remove all users mapped to the specified role.

-securityDomainName

The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask removeIdMgrUsersFromRole {-roleName IdMgrWriter -userId uid=user1,o=customrealm}

### Jython string

AdminTask.removeIdMgrUsersFromRole ('[-roleName IdMgrWriter -userId uid=user1,o=customrealm]')

• Jython list:

  AdminTask.removeIdMgrUsersFromRole (['-roleName', 'IdMgrWriter',
  '-userId', 'uid=user1,o=customrealm'])
  

Interactive example...

### Jacl

$AdminTask removeIdMgrUsersFromRole {-interactive}

### Jython string

AdminTask.removeIdMgrUsersFromRole ('[-interactive]')

• Jython list:

  AdminTask.removeIdMgrUsersFromRole (['-interactive'])
  

resetIdMgrConfig

The resetIdMgrConfig command resets the current configuration to the last configuration that was saved.

Parameters

-securityDomainName

The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Returns None.

Examples

Batch example...:

### Jacl

$AdminTask resetIdMgrConfig

### Jython string

AdminTask.resetIdMgrConfig()

• Jython list:

  AdminTask.resetIdMgrConfig()
  

Interactive example...

### Jacl

$AdminTask resetIdMgrConfig {-interactive}

### Jython string

AdminTask.resetIdMgrConfig ('[-interactive]')

• Jython list:

  AdminTask.resetIdMgrConfig (['-interactive'])
  

setIdMgrUseGlobalSchemaForModel

The setIdMgrUseGlobalSchemaForModel command sets the global schema option for the data model in a multiple security domain environment. Global schema refers to the schema of the admin domain. Application domains that are set to use global schema share the same schema of the admin domain. Hence, if you extend the schema for an application in one domain, take into consideration how that might affect applications of other domains as they are also bound by the same schema. For example, adding a mandatory property for one application might cause other applications to fail.

Parameters

-useGlobalSchema

Whether the data model should use the global schema. Global schema refers to the schema of the admin domain. The default value of this parameter is false. (Boolean, required)

-securityDomainName

The name that uniquely identifies the security domain. (String, required)

Examples

Batch example...

### Jacl

$AdminTask setIdMgrUseGlobalSchemaForModel {-useGlobalSchema true
–securityDomainName mysecDomain}

### Jython string

AdminTask.setIdMgrUseGlobalSchemaForModel ('[-useGlobalSchema true
–securityDomainName mysecDomain]')

• Jython list:

  AdminTask.setIdMgrUseGlobalSchemaForModel (['-useGlobalSchema', 'true',
  '–securityDomainName', 'mysecDomain'])
  

Interactive example...

### Jacl

$AdminTask setIdMgrUseGlobalSchemaForModel {-interactive}

### Jython string

AdminTask.setIdMgrUseGlobalSchemaForModel ('[-interactive]')

• Jython list:

  AdminTask.setIdMgrUseGlobalSchemaForModel (['-interactive'])
  

showIdMgrConfig

The showIdMgrConfig command returns the current configuration XML in string format.

Parameters

-file

The name of the file where to save the configuration XML string. (String, optional)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Returns None.

Examples

Batch example...:

### Jacl

$AdminTask showIdMgrConfig

### Jython string

AdminTask.showIdMgrConfig()

• Jython list:

  AdminTask.showIdMgrConfig()
  

Interactive example...

### Jacl

$AdminTask showIdMgrConfig {-interactive}

### Jython string

AdminTask.showIdMgrConfig ('[-interactive]')

• Jython list:

  AdminTask.showIdMgrConfig (['-interactive'])
  

updateIdMgrLDAPBindInfo

The updateIdMgrLDAPBindInfo command dynamically updates the LDAP server bind information. If you specify a value for the bindDN parameter, then specify a value for the bindPassword parameter. If you specify the id parameter only, then the LDAP server information is refreshed.

Parameters

-id

The ID of the repository. (String, required)

-bindDN

The binding distinguished name for the LDAP server. (String, optional)

-bindPassword

The binding password for the LDAP server. (String, optional)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jython

AdminTask.updateIdMgrLDAPBindInfo('[-id id1 -bindDN cn=root -bindPassword myPassword22]')

• Use Jython list:

  AdminTask.updateIdMgrLDAPBindInfo(['-id id1 -bindDN cn=root -bindPassword myPassword22'])
  

  ### Jacl

  $AdminTask updateIdMgrLDAPBindInfo {-id id1 -bindDN cn=root -bindPassword myPassword22}
  

Interactive example...

### Jython

AdminTask.updateIdMgrLDAPBindInfo(['-interactive'])

### Jacl

$AdminTask updateIdMgrLDAPBindInfo {-interactive}

updateIdMgrSupportedEntityType

The updateIdMgrSupportedEntityType command updates the configuration that you specify for a supported entity type.

Parameters

-name

The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

-defaultParent

The default parent node for the supported entity type. (String, optional)

-rdnProperties

The RDN attribute name for the supported entity type in the entity domain name.

To reset all the values of the rdnProperties parameter, specify a blank string (""). (String, optional)

Examples

Batch example...

### Jacl

$AdminTask updateIdMgrSupportedEntityType {-name entity1}

### Jython string

AdminTask.updateIdMgrSupportedEntityType ('[-name entity1]')

• Jython list:

  AdminTask.updateIdMgrSupportedEntityType (['-name', 'entity1'])
  

Interactive example...

### Jacl

$AdminTask updateIdMgrSupportedEntityType {-interactive}

### Jython string

AdminTask.updateIdMgrSupportedEntityType ('[-interactive]')

• Jython list:

  AdminTask.updateIdMgrSupportedEntityType (['-interactive'])
  

Use the wsadmin scripting AdminTask object for scripted administration

Related

Commands using wsadmin.sh
IdMgrRepositoryConfig command group
IdMgrRealmConfig command group

+

Search Tips   |   Advanced Search