IdMgrConfig (AdminTask)

IdMgrConfig (AdminTask)

IdMgrConfig commands manage your entity type configuration.

createIdMgrSupportedEntityType

Create a supported entity type configuration.
Parameters

-name The name of the supported entity type. (String, required)
-defaultParent The default parent node for the supported entity type. (String, required)
-rdnProperties The RDN attribute name for the supported entity type in the entity domain name. To reset all values of the rdnProperties parameter, specify a blank string ("") (String, required)
-securityDomainName The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Batch mode example:

Jacl
$AdminTask createIdMgrSupportedEntityType {-name entity1 -defaultParent node1 -rdnProperties rdn1}

Jython string:
AdminTask.createIdMgrSupportedEntityType ('[-name entity1 -defaultParent node1 -rdnProperties rdn1]')

Jython list:
AdminTask.createIdMgrSupportedEntityType (['-name', 'entity1', '-defaultParent', 'node1', '-rdnProperties', 'rdn1'])

Interactive mode:

Jacl $AdminTask createIdMgrSupportedEntityType {-interactive}

Jython string: AdminTask.createIdMgrSupportedEntityType ('[-interactive]')

Jython list: AdminTask.createIdMgrSupportedEntityType (['-interactive'])

deleteIdMgrSupportedEntityType

Delete the supported entity type configuration specified.
Parameters

-name The name of the supported entity type. Value must be one of the supported entity types. (String, required)
-securityDomainName The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Batch mode example:

Jacl $AdminTask deleteIdMgrSupportedEntityType {-name entity1}

Jython string: AdminTask.deleteIdMgrSupportedEntityType ('[-name entity1]')

Jython list: AdminTask.deleteIdMgrSupportedEntityType (['-name', 'entity1'])

Interactive mode:

Jacl $AdminTask deleteIdMgrSupportedEntityType {-interactive}

Jython string: AdminTask.deleteIdMgrSupportedEntityType ('[-interactive]')

Jython list: AdminTask.deleteIdMgrSupportedEntityType (['-interactive'])

getIdMgrSupportedEntityType

Return the configuration of the supported entity type specified.
Parameters

-name The name of the supported entity type. Value must be one of the supported entity types. (String, required)
-securityDomainName The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Batch mode example:

Jacl $AdminTask getIdMgrSupportedEntityType {-name entity1}

Jython string: AdminTask.getIdMgrSupportedEntityType ('[-name entity1]')

Jython list: AdminTask.getIdMgrSupportedEntityType (['-name', 'entity1'])

Interactive mode:

Jacl $AdminTask getIdMgrSupportedEntityType {-interactive}

Jython string: AdminTask.getIdMgrSupportedEntityType ('[-interactive]')

Jython list: AdminTask.getIdMgrSupportedEntityType (['-interactive'])

isIdMgrUseGlobalSchemaForModel

Return a boolean that indicates whether the global schema option is enabled for the data model for the specified domain in a multiple security domain environment.
Parameters

-securityDomainName The name that uniquely identifies the security domain. (String, required)

Returns
A Boolean value that indicates whether global schema option is enabled for the data model for the specified domain.
Batch mode example:

Jacl $AdminTask isIdMgrUseGlobalSchemaForModel {-securityDomainName mysecDomain}

Jython string: AdminTask.isIdMgrUseGlobalSchemaForModel ('[-securityDomainName mysecDomain]')

Jython list: AdminTask.isIdMgrUseGlobalSchemaForModel (['-securityDomainName', 'mysecDomain'])

Interactive mode:

Jacl $AdminTask isIdMgrUseGlobalSchemaForModel {-interactive}

Jython string: AdminTask.isIdMgrUseGlobalSchemaForModel ('[-interactive]')

Jython list: AdminTask.isIdMgrUseGlobalSchemaForModel (['-interactive'])

listIdMgrSupportedEntityTypes

List all of the supported entity types configured.
Parameters

-securityDomainName The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Returns
A list containing the names of the supported entity types
Batch mode example:

Jacl $AdminTask listIdMgrSupportedEntityTypes

Jython string: AdminTask.listIdMgrSupportedEntityTypes()

Jython list: AdminTask.listIdMgrSupportedEntityTypes()

Interactive mode:

Jacl $AdminTask listIdMgrSupportedEntityTypes {-interactive}

Jython string: AdminTask.listIdMgrSupportedEntityTypes ('[-interactive]')

Jython list: AdminTask.listIdMgrSupportedEntityTypes (['-interactive'])

listIdMgrGroupsForRoles

List the mapping of groups to roles in federated repositories.
Parameters

-securityDomainName The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Returns
A Map object containing roleName as the key, and the value of each key is a list of uniqueNames.
Batch mode example:

Jacl $AdminTask listIdMgrGroupsForRoles

Jython string: AdminTask.listIdMgrGroupsForRoles ()

Jython list: AdminTask.listIdMgrGroupsForRoles ()

Interactive mode:

Jacl $AdminTask listIdMgrGroupsForRoles {-interactive}

Jython string: AdminTask.listIdMgrGroupsForRoles ('[interactive]')

Jython list: AdminTask.listIdMgrGroupsForRoles (['interactive'])

listIdMgrUsersForRoles

List the mapping of users to roles in federated repositories.
Parameters

-securityDomainName The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Returns
A Map object containing roleName as the key, and the value of each key is a list of uniqueNames.
Batch mode example:

Jacl $AdminTask listIdMgrUsersForRoles

Jython string: AdminTask.listIdMgrUsersForRoles ()

Jython list: AdminTask.listIdMgrUsersForRoles ()

Interactive mode:

Jacl $AdminTask listIdMgrUsersForRoles {-interactive}

Jython string: AdminTask.listIdMgrUsersForRoles ('[-interactive]')

Jython list: AdminTask.listIdMgrUsersForRoles (['-interactive'])

mapIdMgrUserToRole

Map a user to a specified role in federated repositories. We can map a user to only one role.
Parameters

-roleName The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)
-userId The user ID or unique name of the user to whom to map the specified role. If we specify the user ID, it should correspond to a unique user in the repository. (String, required)
-securityDomainName The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Batch mode example:

Jacl $AdminTask mapIdMgrUserToRole {-roleName IdMgrWriter -userId uid=user1,o=customrealm}

Jython string: AdminTask.mapIdMgrUserToRole ('[-roleName IdMgrWriter -userId user1,o=customrealm]')

Jython list: AdminTask.mapIdMgrUserToRole (['-roleName', 'IdMgrWriter', '-userId', 'uid=user1,o=customrealm'])

Interactive mode:

Jacl $AdminTask mapIdMgrUserToRole {-interactive}}

Jython string: AdminTask.mapIdMgrUserToRole ('[-interactive]')

Jython list: AdminTask.mapIdMgrUserToRole (['-interactive'])

mapIdMgrGroupToRole

Map a group to a specified role in federated repositories. We can map a group to only one role.
Parameters

-roleName The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)
-groupId The common name or unique name of the group to which to map the specified role. If we specify the common name, it should correspond to a unique group in the repository. Alternately, to map all logged-in users to the specified role, we can specify a special subject with the value ALLAUTHENTICATED. (String, required)
-securityDomainName The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Batch mode example:

Jacl (example 1):
$AdminTask mapIdMgrGroupToRole {-roleName IdMgrReader -groupId cn=group1,o=customrealm}

Jacl (example 2):
$AdminTask mapIdMgrGroupToRole {-roleName IdMgrWriter -groupId ALLAUTHENTICATED}

Jython string:(example 1):
AdminTask.mapIdMgrGroupToRole ('[-roleName IdMgrReader -groupId cn=group1,o=customrealm]')

Jython string:(example 2):
AdminTask.mapIdMgrGroupToRole ('[-roleName IdMgrWriter -groupId ALLAUTHENTICATED]')

Jython list (example 1):
AdminTask.mapIdMgrGroupToRole (['-roleName', 'IdMgrReader', '-groupId', 'cn=group1,o=customrealm'])

Jython list (example 2):
AdminTask.mapIdMgrGroupToRole (['-roleName', 'IdMgrReader', '-groupId', 'ALLAUTHENTICATED'])

Interactive mode:

Jacl $AdminTask mapIdMgrGroupToRole {-interactive}

Jython string: AdminTask.mapIdMgrGroupToRole ('[-interactive]')

Jython list: AdminTask.mapIdMgrGroupToRole (['-interactive'])

removeIdMgrGroupsFromRole

Remove a group from a specified role in federated repositories.
Parameters

-roleName The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)
-groupId The common name or unique name of the group to which to map the specified role. If we specify the common name, it should correspond to a unique group in the repository. Alternately, to remove the mapping of all logged-in users to the specified role, we can specify a special subject with the value ALLAUTHENTICATED. (String, required)
We can specify an asterisk (*) to remove all users mapped to the specified role.
-securityDomainName The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Batch mode example:

Jacl (example 1):
$AdminTask removeIdMgrGroupsFromRole {-roleName IdMgrReader -groupId cn=group1,o=customrealm}

Jacl (example 2):
$AdminTask removeIdMgrGroupsFromRole {-roleName IdMgrReader -groupId ALLAUTHENTICATED}

Jython string:(example 1):
AdminTask.removeIdMgrGroupsFromRole ('[-roleName IdMgrReader -groupId cn=group1,o=customrealm]')

Jython string:(example 2):
AdminTask.removeIdMgrGroupsFromRole ('[-roleName IdMgrReader -groupId ALLAUTHENTICATED]')

Jython list (example 1):
AdminTask.removeIdMgrGroupsFromRole (['-roleName', 'IdMgrReader', '-groupId', 'cn=group1,o=customrealm'])

Jython list (example 2):
AdminTask.removeIdMgrGroupsFromRole (['-roleName', 'IdMgrReader', '-groupId', 'ALLAUTHENTICATED'])

Interactive mode:

Jacl $AdminTask removeIdMgrGroupsFromRole {-interactive}

Jython string: AdminTask.removeIdMgrGroupsFromRole ('[-interactive]')

Jython list: AdminTask.removeIdMgrGroupsFromRole (['-interactive'])'])

removeIdMgrUsersFromRole

Remove a user from a specified role in federated repositories.
Parameters

-roleName The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)
-userId The user ID or unique name of the user whose mapping to the specified role to remove. If we specify the user ID, it should correspond to a unique user in the repository. (String, required)
We can specify an asterisk (*) to remove all users mapped to the specified role.
-securityDomainName The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Batch mode example:

Jacl $AdminTask removeIdMgrUsersFromRole {-roleName IdMgrWriter -userId uid=user1,o=customrealm}

Jython string: AdminTask.removeIdMgrUsersFromRole ('[-roleName IdMgrWriter -userId uid=user1,o=customrealm]')

Jython list:
AdminTask.removeIdMgrUsersFromRole (['-roleName', 'IdMgrWriter', '-userId', 'uid=user1,o=customrealm'])

Interactive mode:

Jacl $AdminTask removeIdMgrUsersFromRole {-interactive}

Jython string: AdminTask.removeIdMgrUsersFromRole ('[-interactive]')

Jython list: AdminTask.removeIdMgrUsersFromRole (['-interactive'])

resetIdMgrConfig

Reset the current configuration to the last configuration that was saved.
Parameters

-securityDomainName The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Returns None.
Batch mode example:

Jacl $AdminTask resetIdMgrConfig

Jython string: AdminTask.resetIdMgrConfig()

Jython list: AdminTask.resetIdMgrConfig()

Interactive mode:

Jacl $AdminTask resetIdMgrConfig {-interactive}

Jython string: AdminTask.resetIdMgrConfig ('[-interactive]')

Jython list: AdminTask.resetIdMgrConfig (['-interactive'])

setIdMgrUseGlobalSchemaForModel

Set global schema option for the data model in a multiple security domain environment. Global schema refers to the schema of the admin domain.
Avoid trouble: Application domains that are set to use global schema share the same schema of the admin domain. Hence, if you extend the schema for an application in one domain, you must take into consideration how that might affect applications of other domains as they are also bound by the same schema. For example, adding a mandatory property for one application might cause other applications to fail.gotcha
Parameters

-useGlobalSchema Whether the data model should use the global schema. Global schema refers to the schema of the admin domain. The default value of this parameter is false. (Boolean, required)
-securityDomainName The name that uniquely identifies the security domain. (String, required)

Batch mode example:

Jacl
$AdminTask setIdMgrUseGlobalSchemaForModel {-useGlobalSchema true -securityDomainName mysecDomain}

Jython string:
AdminTask.setIdMgrUseGlobalSchemaForModel ('[-useGlobalSchema true -securityDomainName mysecDomain]')

Jython list:
AdminTask.setIdMgrUseGlobalSchemaForModel (['-useGlobalSchema', 'true', '-securityDomainName', 'mysecDomain'])

Interactive mode:

Jacl $AdminTask setIdMgrUseGlobalSchemaForModel {-interactive}

Jython string: AdminTask.setIdMgrUseGlobalSchemaForModel ('[-interactive]')

Jython list: AdminTask.setIdMgrUseGlobalSchemaForModel (['-interactive'])

showIdMgrConfig

Return the current configuration XML in string format.
Parameters

-file The name of the file where to save the configuration XML string. (String, optional)
-securityDomainName The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Returns None.
Batch mode example:

Jacl $AdminTask showIdMgrConfig

Jython string: AdminTask.showIdMgrConfig()

Jython list: AdminTask.showIdMgrConfig()

Interactive mode:
Jacl $AdminTask showIdMgrConfig {-interactive}

Jython string: AdminTask.showIdMgrConfig ('[-interactive]')

Jython list: AdminTask.showIdMgrConfig (['-interactive'])

updateIdMgrLDAPBindInfo

Update the LDAP server bind information. If we specify a value for the bindDN parameter, then specify a value for the bindPassword parameter. If we specify the id parameter only, then the LDAP server information is refreshed.
Parameters

-id The ID of the repository. (String, required)
-bindDN The binding distinguished name for the LDAP server. (String, optional)
-bindPassword The binding password for the LDAP server. (String, optional)
-securityDomainName The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Batch mode example:

Jython: AdminTask.updateIdMgrLDAPBindInfo('[-id id1 -bindDN cn=root -bindPassword myPassword22]')

Jython list: AdminTask.updateIdMgrLDAPBindInfo(['-id id1 -bindDN cn=root -bindPassword myPassword22'])

Jacl $AdminTask updateIdMgrLDAPBindInfo {-id id1 -bindDN cn=root -bindPassword myPassword22}

Interactive mode:

Jython: AdminTask.updateIdMgrLDAPBindInfo(['-interactive'])

Jacl $AdminTask updateIdMgrLDAPBindInfo {-interactive}

updateIdMgrSupportedEntityType

Update the configuration specified for a supported entity type.
Parameters

-name The name of the supported entity type. Value must be one of the supported entity types. (String, required)
-securityDomainName The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)
-defaultParent The default parent node for the supported entity type. (String, optional)
-rdnProperties The RDN attribute name for the supported entity type in the entity domain name. To reset all the values of the rdnProperties parameter, specify a blank string (""). (String, optional)

Batch mode example:

Jacl $AdminTask updateIdMgrSupportedEntityType {-name entity1}

Jython string: AdminTask.updateIdMgrSupportedEntityType ('[-name entity1]')

Jython list: AdminTask.updateIdMgrSupportedEntityType (['-name', 'entity1'])

Interactive mode:

Jacl $AdminTask updateIdMgrSupportedEntityType {-interactive}

Jython string: AdminTask.updateIdMgrSupportedEntityType ('[-interactive]')

Jython list: AdminTask.updateIdMgrSupportedEntityType (['-interactive'])

Related tasks

Use the wsadmin scripting AdminTask object for scripted administration
Commands (AdminTask)
IdMgrRepositoryConfig (AdminTask)
IdMgrRealmConfig (AdminTask)

-name	The name of the supported entity type. (String, required)
-defaultParent	The default parent node for the supported entity type. (String, required)
-rdnProperties	The RDN attribute name for the supported entity type in the entity domain name. To reset all values of the rdnProperties parameter, specify a blank string ("") (String, required)
-securityDomainName	The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-name	The name of the supported entity type. Value must be one of the supported entity types. (String, required)
-securityDomainName	The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-roleName	The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)
-userId	The user ID or unique name of the user to whom to map the specified role. If we specify the user ID, it should correspond to a unique user in the repository. (String, required)
-securityDomainName	The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-roleName	The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)
-groupId	The common name or unique name of the group to which to map the specified role. If we specify the common name, it should correspond to a unique group in the repository. Alternately, to map all logged-in users to the specified role, we can specify a special subject with the value ALLAUTHENTICATED. (String, required)
-securityDomainName	The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-useGlobalSchema	Whether the data model should use the global schema. Global schema refers to the schema of the admin domain. The default value of this parameter is false. (Boolean, required)
-securityDomainName	The name that uniquely identifies the security domain. (String, required)

-file	The name of the file where to save the configuration XML string. (String, optional)
-securityDomainName	The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-id	The ID of the repository. (String, required)
-bindDN	The binding distinguished name for the LDAP server. (String, optional)
-bindPassword	The binding password for the LDAP server. (String, optional)
-securityDomainName	The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)