Network Deployment (Distributed operating systems), v8.0 > Reference > Commands (wsadmin scripting)

IdMgrRealmConfig command group

Use the Jython or Jacl scripting languages to configure federated repositories realms. The commands and parameters in the IdMgrRealmConfig group can be used to create and manage your realm configuration.

The IdMgrRealmConfig command group includes the following commands:

• addIdMgrRealmBaseEntry
• createIdMgrRealm
• deleteIdMgrRealm
• deleteIdMgrRealmBaseEntry
• getIdMgrDefaultRealm
• getIdMgrRepositoriesForRealm
• getIdMgrRealm
• listIdMgrRealms
• listIdMgrRealmBaseEntries
• listIdMgrRealmURAttrMappings
• renameIdMgrRealm
• setIdMgrDefaultRealm
• setIdMgrRealmURAttrMapping
• updateIdMgrRealm

addIdMgrRealmBaseEntry

Add a base entry to a specific realm configuration and link the realm with the repository.

Required parameters

-name

Name of the realm. (String, required)

-baseEntry

Name of the base entry. (String, optional)

Optional parameters

-securityDomainName

Name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Batch example:

### Jacl

$AdminTask addIdMgrRealmBaseEntry {-name defaultWIMFileBasedRealm -baseEntry o=sampleFileRepository}
• Jython string:
  AdminTask.addIdMgrRealmBaseEntry ('[-name defaultWIMFileBasedRealm -baseEntry o=sampleFileRepository]')

• Use Jython list:
  AdminTask.addIdMgrRealmBaseEntry (['-name', 'defaultWIMFileBasedRealm', '-baseEntry', 'o=sampleFileRepository'])

Interactive example...

### Jacl

$AdminTask addIdMgrRealmBaseEntry {-interactive}
• Jython string:
  AdminTask.addIdMgrRealmBaseEntry ('[-interactive]')

• Use Jython list:
  AdminTask.addIdMgrRealmBaseEntry (['-interactive'])

createIdMgrRealm

Create a realm configuration.

Required parameters

-name

Name of the realm. (String, required)

Optional parameters

-securityDomainName

Name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

-securityUse

Specifies a string that indicates if this virtual realm will be used in security now, later, or never. The default value is active. Additional values includes: inactive and nonSelectable. (String, optional)

-delimiter

Delimiter used for this realm. The default value is /. (String, optional)

-allowOperationIfReposDown

Whether the system allows a repository operation such as get or search to complete successfully, even if repositories in the realm are down. The default value is false. (Boolean, optional) Even if this parameter is specified, all repositories must be available when you start the server, or the federated repositories will not function properly.

Examples

Batch example...

### Jacl

$AdminTask createIdMgrRealm {-name realm1 -allowOperationIfReposDown true}
• Jython string:
  AdminTask.createIdMgrRealm ('[-name realm1 -allowOperationIfReposDown true]')

• Use Jython list:
  AdminTask.createIdMgrRealm (['-name', 'realm1', '-allowOperationIfReposDown', 'true'])

Interactive example...

### Jacl

$AdminTask createIdMgrRealm {-interactive}
• Jython string:
  AdminTask.createIdMgrRealm ('[-interactive]')

• Use Jython list:
  AdminTask.createIdMgrRealm (['-interactive'])

deleteIdMgrRealm

Delete the realm configuration specified.

Required parameters

-name

The realm name. (String, required)

Optional parameters

-securityDomainName

Name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask deleteIdMgrRealm {-name realm1}
• Jython string:
  AdminTask.deleteIdMgrRealm ('[-name realm1]')

• Use Jython list:
  AdminTask.deleteIdMgrRealm (['-name', 'realm1'])

Interactive example...

### Jacl

$AdminTask deleteIdMgrRealm {-interactive}
• Jython string:
  AdminTask.deleteIdMgrRealm ('[-interactive]')

• Use Jython list:
  AdminTask.deleteIdMgrRealm (['-interactive'])

deleteIdMgrRealmBaseEntry

Delete a base entry from a realm configuration specified.

The realm must always contain at least one base entry, thus you cannot remove every entry.

Required parameters

-name

Name of the realm. (String, required)

-baseEntry

Name of a base entry. (String, required)

Optional parameters

-securityDomainName

Name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask deleteIdMgrRealmBaseEntry {-name realm1 -baseEntry entry1}
• Jython string:
  AdminTask.deleteIdMgrRealmBaseEntry ('[-name realm1 -baseEntry entry1]')

• Use Jython list:
  AdminTask.deleteIdMgrRealmBaseEntry (['-name', 'realm1', '-baseEntry', 'entry1'])

Interactive example...

### Jacl

$AdminTask deleteIdMgrRealmBaseEntry {-interactive}
• Jython string:
  AdminTask.deleteIdMgrRealmBaseEntry ('[-interactive]')

• Use Jython list:
  AdminTask.deleteIdMgrRealmBaseEntry (['-interactive'])

getIdMgrDefaultRealm

Return the default realm name.

Required parameters None.

Optional parameters

-securityDomainName

Name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask getIdMgrDefaultRealm
• Jython string:
  AdminTask.getIdMgrDefaultRealm()

• Use Jython list:
  AdminTask.getIdMgrDefaultRealm()

Interactive example...

### Jacl

$AdminTask getIdMgrDefaultRealm {-interactive}
• Jython string:
  AdminTask.getIdMgrDefaultRealm ('[-interactive]')

• Use Jython list:
  AdminTask.getIdMgrDefaultRealm (['-interactive'])

getIdMgrRepositoriesForRealm

Return repository specific details for the repositories configured for a specified realm.

Required parameters

-name

Name of the realm. (String, required)

Optional parameters

-securityDomainName

Name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask getIdMgrRepositoriesForRealm {-name realm1}
• Jython string:
  AdminTask.getIdMgrRepositoriesForRealm ('[-name realm1]')

• Use Jython list:
  AdminTask.getIdMgrRepositoriesForRealm (['-name', 'realm1'])

Interactive example...

### Jacl

$AdminTask getIdMgrRepositoriesForRealm {-interactive}
• Jython string:
  AdminTask.getIdMgrRepositoriesForRealm ('[-interactive]')

• Use Jython list:
  AdminTask.getIdMgrRepositoriesForRealm (['-interactive'])

getIdMgrRealm

Return the configuration parameters for the realm specified.

Required parameters

-name

Name of the realm. (String, required)

Optional parameters

-securityDomainName

Name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask getIdMgrRealm {-name realm1}
• Jython string:
  AdminTask.getIdMgrRealm ('[-name realm1]')

• Use Jython list:
  AdminTask.getIdMgrRealm (['-name', 'realm1'])

Interactive example...

### Jacl

$AdminTask getIdMgrRealm {-interactive}
• Jython string:
  AdminTask.getIdMgrRealm ('[-interactive]')

• Use Jython list:
  AdminTask.getIdMgrRealm (['-interactive'])

listIdMgrRealms

Return all of the names of the configured realms.

Required parameters None.

Optional parameters

-securityDomainName

Name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask listIdMgrRealms
• Jython string:
  AdminTask.listIdMgrRealms()

• Use Jython list:
  AdminTask.listIdMgrRealms()

Interactive example...

### Jacl

$AdminTask listIdMgrRealms {-interactive}
• Jython string:
  AdminTask.listIdMgrRealms ('[-interactive]')

• Use Jython list:
  AdminTask.listIdMgrRealms (['-interactive'])

listIdMgrRealmBaseEntries

Return all of the names of the configured realms.

Required parameters

-name

Name of the realm. (String, required)

Optional parameters

-securityDomainName

Name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask listIdMgrRealmBaseEntries {-name realm1}
• Jython string:
  AdminTask.listIdMgrRealmBaseEntries ('[-name realm1]')

• Use Jython list:
  AdminTask.listIdMgrRealmBaseEntries (['-name', 'realm1'])

Interactive example...

### Jacl

$AdminTask listIdMgrRealmBaseEntries {-interactive}
• Jython string:
  AdminTask.listIdMgrRealmBaseEntries ('[-interactive]')

• Use Jython list:
  AdminTask.listIdMgrRealmBaseEntries (['-interactive'])

listIdMgrRealmURAttrMappings

List the mappings between the user or group attributes for a user registry and the federated repository properties of a specified realm.

Optional parameters

-securityDomainName

Name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

-name

Use this parameter to specify a valid realm name for which you want to list the mapping.

If you do not specify the -name parameter, the listIdMgrRealmURAttrMappings command returns the mapping of the default realm in the federated repository.

(String, optional)

Return values

The listIdMgrRealmURAttrMappings command returns a HashMap that contains the following structure:

• The key is the user registry attribute name (URAttrName parameter).

• The value is another HashMap that contains the propertyForInput and propertyForOutput as keys and the corresponding mapping as the values.

The following example shows a sample output. The example is broken into multiple lines for illustration purposes only.

{userDisplayName={propertyForInput=principalName, propertyForOutput=principalName}, userSecurityName={propertyForInput=principalName, propertyForOutput=principalName}, uniqueUserId={propertyForInput=uniqueName, propertyForOutput=uniqueName}, uniqueGroupId={propertyForInput=uniqueName, propertyForOutput=uniqueName}, groupSecurityName={propertyForInput=cn, propertyForOutput=cn}, groupDisplayName={propertyForInput=cn, propertyForOutput=cn}}

Batch example...:

### Jacl

$AdminTask listIdMgrRealmURAttrMappings

### Jython string

AdminTask.listIdMgrRealmURAttrMappings()

• Jython list:

  AdminTask.listIdMgrRealmURAttrMappings()

Interactive example...

### Jacl

$AdminTask listIdMgrRealmURAttrMappings {-interactive}

### Jython string

AdminTask.listIdMgrRealmURAttrMappings ('[-interactive]')

• Jython list:

  AdminTask.listIdMgrRealmURAttrMappings (['-interactive'])

renameIdMgrRealm

Eename the name of the realm specified.

Renaming the federated repositories realm name does not update the realm name stored in the security.xml file.

Required parameters

-name

Name of the realm. (String, required)

-newName

New name of the realm. (String, required)

Optional parameters

-securityDomainName

Name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask renameIdMgrRealm {-name realm1 -newName

realm2

}

• Jython string:
  AdminTask.renameIdMgrRealm ('[-name realm1 -newName

  realm2

  ]')

• Use Jython list:
  AdminTask.renameIdMgrRealm (['-name', 'realm1', ' -newName

  ', ' realm2

  '])

Interactive example...

### Jacl

$AdminTask renameIdMgrRealm {-interactive}
• Jython string:
  AdminTask.renameIdMgrRealm ('[-interactive]')

• Use Jython list:
  AdminTask.renameIdMgrRealm (['-interactive'])

setIdMgrDefaultRealm

Sets the default realm name.

Required parameters

-name

Name of the realm used as a default realm when the caller does not specify any in context. (String, required)

Optional parameters

-securityDomainName

Name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask setIdMgrDefaultRealm {-name realm1}
• Jython string:
  AdminTask.setIdMgrDefaultRealm ('[-name realm1]')

• Use Jython list:
  AdminTask.setIdMgrDefaultRealm (['-name', 'realm1'])

Interactive example...

### Jacl

$AdminTask setIdMgrDefaultRealm {-interactive}
• Jython string:
  AdminTask.setIdMgrDefaultRealm ('[-interactive]')

setIdMgrRealmURAttrMapping

Set or modify the mapping of the user or group attribute for a user registry to a federated repository property of a specified realm.

The setIdMgrRealmURAttrMapping command is available in both connected and local modes. If you run the setIdMgrRealmURAttrMapping command in connected mode, the realm attribute mapping changes take effect after you restart the server.

Target object None

Required parameters

-URAttrName

Name of the user or group attribute in a user registry to map. The following case-sensitive values are valid for the URAttrName parameter:

• uniqueUserId

• userSecurityName

• userDisplayName

• uniqueGroupId

• groupSecurityName

• groupDisplayName

If you run the setIdMgrRealmURAttrMapping command multiple times for the same user registry attribute name, it overwrites the previous value.

(String, required)

-propertyForInput

Name of the federated repository property that maps to the specified user registry attribute (URAttrName parameter) when it is an input parameter for the user registry interface. (String, required)

-propertyForOutput

Name of the federated repository property that maps to the specified user registry attribute (URAttrName parameter) when it is an output parameter (return value) for the user registry interface. (String, required)

In most cases, the propertyForInput and propertyForInput would be the same.

Optional parameters

-securityDomainName

Name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

-name

Use this parameter to specify a valid realm name for which you want to set or modify the mapping. If you do not specify the name parameter, the setIdMgrRealmURAttrMapping command uses the default realm in the federated repository. (String, optional)

Examples

Batch example...

### Jacl

$AdminTask setIdMgrRealmURAttrMapping {-URAttrName unique_user_ID -propertyForInput unique_name -propertyForOutput unique_name}

### Jython string

AdminTask.setIdMgrRealmURAttrMapping ('[-URAttrName unique_user_ID -propertyForInput unique_name -propertyForOutput unique_name]')

• Jython list:

  AdminTask.setIdMgrRealmURAttrMapping (['-URAttrName', 'unique_user_ID', '-propertyForInput', 'unique_name', '-propertyForOutput', 'unique_name'])

Interactive example...

### Jacl

$AdminTask setIdMgrRealmURAttrMapping {-interactive}

### Jython string

AdminTask.setIdMgrRealmURAttrMapping ('[-interactive]')

• Jython list:

  AdminTask.setIdMgrRealmURAttrMapping (['-interactive'])

updateIdMgrRealm

Update the configuration for a realm that you specify.

Required parameters

-name

Name of the realm. (String, required)

Optional parameters

-securityDomainName

Name that uniquely identifies the security domain. If not specified, uses the global federated repository. (String, optional)

-securityUse

Specifies a string that indicates if this realm will be used in security now, later, or never. The default value is active. Additional values includes: inactive and nonSelectable. (String, optional)

-delimiter

specifies the delimiter used for this realm. The default value is /. (String, optional)

-allowOperationIfReposDown

Whether the system allows a repository operation such as get or search to complete successfully, even if repositories in the realm are down. (Boolean, optional) Even if this parameter is specified, all repositories must be available when you start the server, or the virtual member manager might not function properly.

Examples

Batch example...

### Jacl

$AdminTask updateIdMgrRealm {-name realm1}
• Jython string:
  AdminTask.updateIdMgrRealm ('[-name realm1]')

• Use Jython list:
  AdminTask.updateIdMgrRealm (['-name', 'realm1'])

Interactive example...

### Jacl

$AdminTask updateIdMgrRealm {-interactive}
• Jython string:
  AdminTask.updateIdMgrRealm ('[-interactive]')

• Use Jython list:
  AdminTask.updateIdMgrRealm (['-interactive'])

Use the wsadmin scripting AdminTask object for scripted administration

Related

Commands using wsadmin.sh
IdMgrRepositoryConfig command group
IdMgrConfig command group

+

Search Tips   |   Advanced Search