Network Deployment (Distributed operating systems), v8.0 > Reference > Commands (wsadmin scripting)
IdMgrConfig command group
Use the Jython or Jacl scripting languages to configure the virtual member manager with wsadmin.sh. The commands and parameters in the IdMgrConfig group can be used to create and manage your entity type configuration.
The IdMgrConfig command group includes the following commands:
- createIdMgrSupportedEntityType
- deleteIdMgrSupportedEntityType
- getIdMgrSupportedEntityType
- isIdMgrUseGlobalSchemaForModel
- listIdMgrSupportedEntityTypes
- listIdMgrGroupsForRoles
- listIdMgrUsersForRoles
- mapIdMgrUserToRole
- mapIdMgrGroupToRole
- removeIdMgrGroupsFromRole
- removeIdMgrUsersFromRole
- resetIdMgrConfig
- setIdMgrUseGlobalSchemaForModel
- showIdMgrConfig
- updateIdMgrLDAPBindInfo
- updateIdMgrSupportedEntityType
createIdMgrSupportedEntityType
The createIdMgrSupportedEntityType command creates a supported entity type configuration.
Parameters
-name
The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)
-defaultParent
The default parent node for the supported entity type. (String, required)
-rdnProperties
The RDN attribute name for the supported entity type in the entity domain name. To reset all values of the rdnProperties parameter, specify a blank string ("") (String, required)
-securityDomainName
The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional) Examples
Batch example...
### Jacl
$AdminTask createIdMgrSupportedEntityType {-name entity1 –defaultParent node1 –rdnProperties rdn1}### Jython string
AdminTask.createIdMgrSupportedEntityType ('[-name entity1 –defaultParent node1 –rdnProperties rdn1]')
Jython list:
AdminTask.createIdMgrSupportedEntityType (['-name', 'entity1', '–defaultParent', 'node1', '–rdnProperties', 'rdn1'])
Interactive example...
### Jacl
$AdminTask createIdMgrSupportedEntityType {-interactive}### Jython string
AdminTask.createIdMgrSupportedEntityType ('[-interactive]')
Jython list:
AdminTask.createIdMgrSupportedEntityType (['-interactive'])
deleteIdMgrSupportedEntityType
The deleteIdMgrSupportedEntityType command deletes the supported entity type configuration that you specify.
Parameters
-name
The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)
-securityDomainName
The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional) Examples
Batch example...
### Jacl
$AdminTask deleteIdMgrSupportedEntityType {-name entity1}### Jython string
AdminTask.deleteIdMgrSupportedEntityType ('[-name entity1]')
Jython list:
AdminTask.deleteIdMgrSupportedEntityType (['-name', 'entity1'])
Interactive example...
### Jacl
$AdminTask deleteIdMgrSupportedEntityType {-interactive}### Jython string
AdminTask.deleteIdMgrSupportedEntityType ('[-interactive]')
Jython list:
AdminTask.deleteIdMgrSupportedEntityType (['-interactive'])
getIdMgrSupportedEntityType
The getIdMgrSupportedEntityType command returns the configuration of the supported entity type that you specify.
Parameters
-name
The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)
-securityDomainName
The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional) Examples
Batch example...
### Jacl
$AdminTask getIdMgrSupportedEntityType {-name entity1}### Jython string
AdminTask.getIdMgrSupportedEntityType ('[-name entity1]')
Jython list:
AdminTask.getIdMgrSupportedEntityType (['-name', 'entity1'])
Interactive example...
### Jacl
$AdminTask getIdMgrSupportedEntityType {-interactive}### Jython string
AdminTask.getIdMgrSupportedEntityType ('[-interactive]')
Jython list:
AdminTask.getIdMgrSupportedEntityType (['-interactive'])
isIdMgrUseGlobalSchemaForModel
The isIdMgrUseGlobalSchemaForModel command returns a boolean that indicates whether the global schema option is enabled for the data model for the specified domain in a multiple security domain environment.
Parameters
-securityDomainName
The name that uniquely identifies the security domain. (String, required) Returns
A Boolean value that indicates whether global schema option is enabled for the data model for the specified domain.
Examples
Batch example...
### Jacl
$AdminTask isIdMgrUseGlobalSchemaForModel {–securityDomainName mysecDomain}### Jython string
AdminTask.isIdMgrUseGlobalSchemaForModel ('[–securityDomainName mysecDomain]')
Jython list:
AdminTask.isIdMgrUseGlobalSchemaForModel (['–securityDomainName', 'mysecDomain'])
Interactive example...
### Jacl
$AdminTask isIdMgrUseGlobalSchemaForModel {-interactive}### Jython string
AdminTask.isIdMgrUseGlobalSchemaForModel ('[-interactive]')
Jython list:
AdminTask.isIdMgrUseGlobalSchemaForModel (['-interactive'])
listIdMgrSupportedEntityTypes
The listIdMgrSupportedEntityTypes command lists all of the supported entity types that are configured.
Parameters
-securityDomainName
The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional) Returns
A list that contains the names of the supported entity types
Examples
Batch example...:
### Jacl
$AdminTask listIdMgrSupportedEntityTypes### Jython string
AdminTask.listIdMgrSupportedEntityTypes()
Jython list:
AdminTask.listIdMgrSupportedEntityTypes()
Interactive example...
### Jacl
$AdminTask listIdMgrSupportedEntityTypes {-interactive}### Jython string
AdminTask.listIdMgrSupportedEntityTypes ('[-interactive]')
Jython list:
AdminTask.listIdMgrSupportedEntityTypes (['-interactive'])
listIdMgrGroupsForRoles
The listIdMgrGroupsForRoles command lists the mapping of groups to roles in federated repositories.
Parameters
-securityDomainName
The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional) Returns
A Map object that contains roleName as the key, and the value of each key is a list of uniqueNames.
Examples
Batch example...
### Jacl
$AdminTask listIdMgrGroupsForRoles### Jython string
AdminTask.listIdMgrGroupsForRoles ()
Jython list:
AdminTask.listIdMgrGroupsForRoles ()
Interactive example...
### Jacl
$AdminTask listIdMgrGroupsForRoles {-interactive}### Jython string
AdminTask.listIdMgrGroupsForRoles ('[interactive]')
Jython list:
AdminTask.listIdMgrGroupsForRoles (['interactive'])
listIdMgrUsersForRoles
The listIdMgrUsersForRoles command lists the mapping of users to roles in federated repositories.
Parameters
-securityDomainName
The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional) Returns
A Map object that contains roleName as the key, and the value of each key is a list of uniqueNames.
Examples
Batch example...
### Jacl
$AdminTask listIdMgrUsersForRoles### Jython string
AdminTask.listIdMgrUsersForRoles ()
Jython list:
AdminTask.listIdMgrUsersForRoles ()
Interactive example...
### Jacl
$AdminTask listIdMgrUsersForRoles {-interactive}### Jython string
AdminTask.listIdMgrUsersForRoles ('[-interactive]')
Jython list:
AdminTask.listIdMgrUsersForRoles (['-interactive'])
mapIdMgrUserToRole
The mapIdMgrUserToRole command maps a user to a specified role in federated repositories. We can map a user to only one role.
Parameters
-roleName
The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)
-userId
The user ID or unique name of the user to whom to map the specified role. If you specify the user ID, it should correspond to a unique user in the repository. (String, required)
-securityDomainName
The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional) Examples
Batch example...
### Jacl
$AdminTask mapIdMgrUserToRole {-roleName IdMgrWriter -userId uid=user1,o=customrealm}### Jython string
AdminTask.mapIdMgrUserToRole ('[-roleName IdMgrWriter -userId user1,o=customrealm]')
Jython list:
AdminTask.mapIdMgrUserToRole (['-roleName', 'IdMgrWriter', '-userId', 'uid=user1,o=customrealm'])
Interactive example...
### Jacl
$AdminTask mapIdMgrUserToRole {-interactive}}### Jython string
AdminTask.mapIdMgrUserToRole ('[-interactive]')
Jython list:
AdminTask.mapIdMgrUserToRole (['-interactive'])
mapIdMgrGroupToRole
The mapIdMgrGroupToRole command maps a group to a specified role in federated repositories. We can map a group to only one role.
Parameters
-roleName
The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)
-groupId
The common name or unique name of the group to which you want to map the specified role. If you specify the common name, it should correspond to a unique group in the repository. Alternately, to map all logged-in users to the specified role, you can specify a special subject with the value ALLAUTHENTICATED. (String, required)
-securityDomainName
The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional) Examples
Batch example...
Use Jacl (example 1):
$AdminTask mapIdMgrGroupToRole {-roleName IdMgrReader -groupId cn=group1,o=customrealm}Use Jacl (example 2):
$AdminTask mapIdMgrGroupToRole {-roleName IdMgrWriter -groupId ALLAUTHENTICATED}
Jython string (example 1):
AdminTask.mapIdMgrGroupToRole ('[-roleName IdMgrReader -groupId cn=group1,o=customrealm]')Jython string (example 2):
AdminTask.mapIdMgrGroupToRole ('[-roleName IdMgrWriter -groupId ALLAUTHENTICATED]')
Jython list (example 1):
AdminTask.mapIdMgrGroupToRole (['-roleName', 'IdMgrReader', '-groupId', 'cn=group1,o=customrealm'])Jython list (example 2):
AdminTask.mapIdMgrGroupToRole (['-roleName', 'IdMgrReader', '-groupId', 'ALLAUTHENTICATED'])
Interactive example...
### Jacl
$AdminTask mapIdMgrGroupToRole {-interactive}### Jython string
AdminTask.mapIdMgrGroupToRole ('[-interactive]')
Jython list:
AdminTask.mapIdMgrGroupToRole (['-interactive'])
removeIdMgrGroupsFromRole
The removeIdMgrGroupsFromRole command removes a group from a specified role in federated repositories.
Parameters
-roleName
The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)
-groupId
The common name or unique name of the group to which you want to map the specified role. If you specify the common name, it should correspond to a unique group in the repository. Alternately, to remove the mapping of all logged-in users to the specified role, you can specify a special subject with the value ALLAUTHENTICATED. (String, required) We can specify an asterisk (*) to remove all users mapped to the specified role.
-securityDomainName
The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional) Examples
Batch example...
Use Jacl (example 1):
$AdminTask removeIdMgrGroupsFromRole {-roleName IdMgrReader -groupId cn=group1,o=customrealm}Use Jacl (example 2):
$AdminTask removeIdMgrGroupsFromRole {-roleName IdMgrReader -groupId ALLAUTHENTICATED}
Jython string (example 1):
AdminTask.removeIdMgrGroupsFromRole ('[-roleName IdMgrReader -groupId cn=group1,o=customrealm]')Jython string (example 2):
AdminTask.removeIdMgrGroupsFromRole ('[-roleName IdMgrReader -groupId ALLAUTHENTICATED]')
Jython list (example 1):
AdminTask.removeIdMgrGroupsFromRole (['-roleName', 'IdMgrReader', '-groupId', 'cn=group1,o=customrealm'])Jython list (example 2):
AdminTask.removeIdMgrGroupsFromRole (['-roleName', 'IdMgrReader', '-groupId', 'ALLAUTHENTICATED'])
Interactive example...
### Jacl
$AdminTask removeIdMgrGroupsFromRole {-interactive}### Jython string
AdminTask.removeIdMgrGroupsFromRole ('[-interactive]')
Jython list:
AdminTask.removeIdMgrGroupsFromRole (['-interactive'])'])
removeIdMgrUsersFromRole
The removeIdMgrUsersFromRole command removes a user from a specified role in federated repositories.
Parameters
-roleName
The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)
-userId
The user ID or unique name of the user whose mapping to the specified role to remove. If you specify the user ID, it should correspond to a unique user in the repository. (String, required) We can specify an asterisk (*) to remove all users mapped to the specified role.
-securityDomainName
The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional) Examples
Batch example...
### Jacl
$AdminTask removeIdMgrUsersFromRole {-roleName IdMgrWriter -userId uid=user1,o=customrealm}### Jython string
AdminTask.removeIdMgrUsersFromRole ('[-roleName IdMgrWriter -userId uid=user1,o=customrealm]')
Jython list:
AdminTask.removeIdMgrUsersFromRole (['-roleName', 'IdMgrWriter', '-userId', 'uid=user1,o=customrealm'])
Interactive example...
### Jacl
$AdminTask removeIdMgrUsersFromRole {-interactive}### Jython string
AdminTask.removeIdMgrUsersFromRole ('[-interactive]')
Jython list:
AdminTask.removeIdMgrUsersFromRole (['-interactive'])
resetIdMgrConfig
The resetIdMgrConfig command resets the current configuration to the last configuration that was saved.
Parameters
-securityDomainName
The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional) Returns None.
Examples
Batch example...:
### Jacl
$AdminTask resetIdMgrConfig### Jython string
AdminTask.resetIdMgrConfig()
Jython list:
AdminTask.resetIdMgrConfig()
Interactive example...
### Jacl
$AdminTask resetIdMgrConfig {-interactive}### Jython string
AdminTask.resetIdMgrConfig ('[-interactive]')
Jython list:
AdminTask.resetIdMgrConfig (['-interactive'])
setIdMgrUseGlobalSchemaForModel
The setIdMgrUseGlobalSchemaForModel command sets the global schema option for the data model in a multiple security domain environment. Global schema refers to the schema of the admin domain. Application domains that are set to use global schema share the same schema of the admin domain. Hence, if you extend the schema for an application in one domain, take into consideration how that might affect applications of other domains as they are also bound by the same schema. For example, adding a mandatory property for one application might cause other applications to fail.
Parameters
-useGlobalSchema
Whether the data model should use the global schema. Global schema refers to the schema of the admin domain. The default value of this parameter is false. (Boolean, required)
-securityDomainName
The name that uniquely identifies the security domain. (String, required) Examples
Batch example...
### Jacl
$AdminTask setIdMgrUseGlobalSchemaForModel {-useGlobalSchema true –securityDomainName mysecDomain}### Jython string
AdminTask.setIdMgrUseGlobalSchemaForModel ('[-useGlobalSchema true –securityDomainName mysecDomain]')
Jython list:
AdminTask.setIdMgrUseGlobalSchemaForModel (['-useGlobalSchema', 'true', '–securityDomainName', 'mysecDomain'])
Interactive example...
### Jacl
$AdminTask setIdMgrUseGlobalSchemaForModel {-interactive}### Jython string
AdminTask.setIdMgrUseGlobalSchemaForModel ('[-interactive]')
Jython list:
AdminTask.setIdMgrUseGlobalSchemaForModel (['-interactive'])
showIdMgrConfig
The showIdMgrConfig command returns the current configuration XML in string format.
Parameters
-file
The name of the file where to save the configuration XML string. (String, optional)
-securityDomainName
The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional) Returns None.
Examples
Batch example...:
### Jacl
$AdminTask showIdMgrConfig### Jython string
AdminTask.showIdMgrConfig()
Jython list:
AdminTask.showIdMgrConfig()
Interactive example...
### Jacl
$AdminTask showIdMgrConfig {-interactive}### Jython string
AdminTask.showIdMgrConfig ('[-interactive]')
Jython list:
AdminTask.showIdMgrConfig (['-interactive'])
updateIdMgrLDAPBindInfo
The updateIdMgrLDAPBindInfo command dynamically updates the LDAP server bind information. If you specify a value for the bindDN parameter, then specify a value for the bindPassword parameter. If you specify the id parameter only, then the LDAP server information is refreshed.
Parameters
-id
The ID of the repository. (String, required)
-bindDN
The binding distinguished name for the LDAP server. (String, optional)
-bindPassword
The binding password for the LDAP server. (String, optional)
-securityDomainName
The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional) Examples
Batch example...
### Jython
AdminTask.updateIdMgrLDAPBindInfo('[-id id1 -bindDN cn=root -bindPassword myPassword22]')
Use Jython list: AdminTask.updateIdMgrLDAPBindInfo(['-id id1 -bindDN cn=root -bindPassword myPassword22'])### Jacl
$AdminTask updateIdMgrLDAPBindInfo {-id id1 -bindDN cn=root -bindPassword myPassword22}
Interactive example...
### Jython
AdminTask.updateIdMgrLDAPBindInfo(['-interactive'])### Jacl
$AdminTask updateIdMgrLDAPBindInfo {-interactive}
updateIdMgrSupportedEntityType
The updateIdMgrSupportedEntityType command updates the configuration that you specify for a supported entity type.
Parameters
-name
The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)
-securityDomainName
The name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)
-defaultParent
The default parent node for the supported entity type. (String, optional)
-rdnProperties
The RDN attribute name for the supported entity type in the entity domain name. To reset all the values of the rdnProperties parameter, specify a blank string (""). (String, optional)
Examples
Batch example...
### Jacl
$AdminTask updateIdMgrSupportedEntityType {-name entity1}### Jython string
AdminTask.updateIdMgrSupportedEntityType ('[-name entity1]')
Jython list:
AdminTask.updateIdMgrSupportedEntityType (['-name', 'entity1'])
Interactive example...
### Jacl
$AdminTask updateIdMgrSupportedEntityType {-interactive}### Jython string
AdminTask.updateIdMgrSupportedEntityType ('[-interactive]')
Jython list:
AdminTask.updateIdMgrSupportedEntityType (['-interactive'])
Use the wsadmin scripting AdminTask object for scripted administration
Related
Commands using wsadmin.sh
IdMgrRepositoryConfig command group
IdMgrRealmConfig command group