WAS v8.5 > Reference > Commands (wsadmin scripting)

IdMgrRealmConfig command group for AdminTask

We can use the Jython or Jacl scripting languages to configure federated repositories realms. The commands and parameters in the IdMgrRealmConfig group can be used to create and manage your realm configuration.

The IdMgrRealmConfig command group for AdminTask includes the following commands:

• addIdMgrRealmBaseEntry
• createIdMgrRealm
• deleteIdMgrRealm
• deleteIdMgrRealmBaseEntry
• deleteIdMgrRealmDefaultParent
• getIdMgrDefaultRealm
• getIdMgrRepositoriesForRealm
• getIdMgrRealm
• listIdMgrRealms
• listIdMgrRealmBaseEntries
• listIdMgrRealmDefaultParents
• listIdMgrRealmURAttrMappings
• renameIdMgrRealm
• setIdMgrDefaultRealm
• setIdMgrRealmDefaultParent
• setIdMgrRealmURAttrMapping
• updateIdMgrRealm

addIdMgrRealmBaseEntry

The addIdMgrRealmBaseEntry command adds a base entry to a specific realm configuration and links the realm with the repository.

Target Object None.

Required parameters

-name

Name of the realm. (String, required)

-baseEntry

Name of the base entry. (String, optional)

Optional parameters

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask addIdMgrRealmBaseEntry {-name defaultWIMFileBasedRealm -baseEntry o=sampleFileRepository}
• Jython string:
  AdminTask.addIdMgrRealmBaseEntry ('[-name defaultWIMFileBasedRealm -baseEntry o=sampleFileRepository]')
• Jython list:
  AdminTask.addIdMgrRealmBaseEntry (['-name', 'defaultWIMFileBasedRealm', '-baseEntry', 'o=sampleFileRepository'])

Interactive mode example usage:

• Jacl:
  $AdminTask addIdMgrRealmBaseEntry {-interactive}
• Jython string:
  AdminTask.addIdMgrRealmBaseEntry ('[-interactive]')
• Jython list:
  AdminTask.addIdMgrRealmBaseEntry (['-interactive'])

createIdMgrRealm

The createIdMgrRealm command creates a realm configuration.

Target Object None.

Required parameters

-name

Name of the realm. (String, required)

Optional parameters

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

-securityUse

Specifies a string that indicates if this virtual realm will be used in security now, later, or never. Default is active. Additional values includes: inactive and nonSelectable. (String, optional)

-delimiter

Delimiter used for this realm. The default value is /. (String, optional)

-allowOperationIfReposDown

Whether the system allows a repository operation such as get or search to complete successfully, even if repositories in the realm are down. Default is false. (Boolean, optional)

Even if this parameter is specified, all repositories must be available when we start the server, or the federated repositories will not function properly. gotcha

Examples

Batch mode example usage:

• Jacl:
  $AdminTask createIdMgrRealm {-name realm1 -allowOperationIfReposDown true}
• Jython string:
  AdminTask.createIdMgrRealm ('[-name realm1 -allowOperationIfReposDown true]')
• Jython list:
  AdminTask.createIdMgrRealm (['-name', 'realm1', '-allowOperationIfReposDown', 'true'])

Interactive mode example usage:

• Jacl:
  $AdminTask createIdMgrRealm {-interactive}
• Jython string:
  AdminTask.createIdMgrRealm ('[-interactive]')
• Jython list:
  AdminTask.createIdMgrRealm (['-interactive'])

deleteIdMgrRealm

The deleteIdMgrRealm command deletes the realm configuration that you specified.

Target Object None.

Required parameters

-name

The realm name. (String, required)

Optional parameters

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask deleteIdMgrRealm {-name realm1}
• Jython string:
  AdminTask.deleteIdMgrRealm ('[-name realm1]')
• Jython list:
  AdminTask.deleteIdMgrRealm (['-name', 'realm1'])

Interactive mode example usage:

• Jacl:
  $AdminTask deleteIdMgrRealm {-interactive}
• Jython string:
  AdminTask.deleteIdMgrRealm ('[-interactive]')
• Jython list:
  AdminTask.deleteIdMgrRealm (['-interactive'])

deleteIdMgrRealmBaseEntry

The deleteIdMgrRealmBaseEntry command deletes a base entry from a realm configuration that you specified.

The realm must always contain at least one base entry, thus we cannot remove every entry.

Target Object None.

Required parameters

-name

Name of the realm. (String, required)

-baseEntry

Name of a base entry. (String, required)

Optional parameters

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask deleteIdMgrRealmBaseEntry {-name realm1 -baseEntry entry1}
• Jython string:
  AdminTask.deleteIdMgrRealmBaseEntry ('[-name realm1 -baseEntry entry1]')
• Jython list:
  AdminTask.deleteIdMgrRealmBaseEntry (['-name', 'realm1', '-baseEntry', 'entry1'])

Interactive mode example usage:

• Jacl:
  $AdminTask deleteIdMgrRealmBaseEntry {-interactive}
• Jython string:
  AdminTask.deleteIdMgrRealmBaseEntry ('[-interactive]')
• Jython list:
  AdminTask.deleteIdMgrRealmBaseEntry (['-interactive'])

deleteIdMgrRealmDefaultParent

Use the deleteIdMgrRealmDefaultParent command to delete the mapping of the default parent of an entity type for a realm.

Target Object None.

Required parameters

-entityTypeName

Specify the name of a valid supported entity type for which to delete the default parent mapping. We can specify an asterisk (*) to delete the default parent mapping for all entity types in the realm. (String, required)

Optional parameters

-name

Specify a valid realm name for which to delete the mapping. If we do not specify the -name parameter, the command deletes the mapping for defaultWIMFileBasedRealm, which is the default realm in the federated repository configuration. (String, optional)

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask deleteIdMgrRealmDefaultParent {-entityTypeName entity_type}
• Jython string:
  AdminTask.deleteIdMgrRealmDefaultParent ('[-entityTypeName entity_type]')
• Jython list:
  AdminTask.deleteIdMgrRealmDefaultParent (['-entityTypeName', 'entity_type'])

Interactive mode example usage:

• Jacl:
  $AdminTask deleteIdMgrRealmDefaultParent {-interactive}
• Jython string:
  AdminTask.deleteIdMgrRealmDefaultParent ('[-interactive]')
• Jython list:
  AdminTask.deleteIdMgrRealmDefaultParent (['-interactive'])

getIdMgrDefaultRealm

The getIdMgrDefaultRealm command returns the default realm name.

Target Object None.

Required parameters None.

Optional parameters

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask getIdMgrDefaultRealm
• Jython string:
  AdminTask.getIdMgrDefaultRealm()
• Jython list:
  AdminTask.getIdMgrDefaultRealm()

Interactive mode example usage:

• Jacl:
  $AdminTask getIdMgrDefaultRealm {-interactive}
• Jython string:
  AdminTask.getIdMgrDefaultRealm ('[-interactive]')
• Jython list:
  AdminTask.getIdMgrDefaultRealm (['-interactive'])

getIdMgrRepositoriesForRealm

The getIdMgrRepositoriesForRealm command returns repository specific details for the repositories configured for a specified realm.

Target Object None.

Required parameters

-name

Name of the realm. (String, required)

Optional parameters

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask getIdMgrRepositoriesForRealm {-name realm1}
• Jython string:
  AdminTask.getIdMgrRepositoriesForRealm ('[-name realm1]')
• Jython list:
  AdminTask.getIdMgrRepositoriesForRealm (['-name', 'realm1'])

Interactive mode example usage:

• Jacl:
  $AdminTask getIdMgrRepositoriesForRealm {-interactive}
• Jython string:
  AdminTask.getIdMgrRepositoriesForRealm ('[-interactive]')
• Jython list:
  AdminTask.getIdMgrRepositoriesForRealm (['-interactive'])

getIdMgrRealm

The getIdMgrRealm command returns the configuration parameters for the realm that you specified.

Target Object None.

Required parameters

-name

Name of the realm. (String, required)

Optional parameters

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask getIdMgrRealm {-name realm1}
• Jython string:
  AdminTask.getIdMgrRealm ('[-name realm1]')
• Jython list:
  AdminTask.getIdMgrRealm (['-name', 'realm1'])

Interactive mode example usage:

• Jacl:
  $AdminTask getIdMgrRealm {-interactive}
• Jython string:
  AdminTask.getIdMgrRealm ('[-interactive]')
• Jython list:
  AdminTask.getIdMgrRealm (['-interactive'])

listIdMgrRealms

The listIdMgrRealms command returns all of the names of the configured realms.

Target Object None.

Required parameters None.

Optional parameters

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask listIdMgrRealms
• Jython string:
  AdminTask.listIdMgrRealms()
• Jython list:
  AdminTask.listIdMgrRealms()

Interactive mode example usage:

• Jacl:
  $AdminTask listIdMgrRealms {-interactive}
• Jython string:
  AdminTask.listIdMgrRealms ('[-interactive]')
• Jython list:
  AdminTask.listIdMgrRealms (['-interactive'])

listIdMgrRealmBaseEntries

The listIdMgrRealmBaseEntries command returns all of the names of the configured realms.

Target Object None.

Required parameters

-name

Name of the realm. (String, required)

Optional parameters

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask listIdMgrRealmBaseEntries {-name realm1}
• Jython string:
  AdminTask.listIdMgrRealmBaseEntries ('[-name realm1]')
• Jython list:
  AdminTask.listIdMgrRealmBaseEntries (['-name', 'realm1'])

Interactive mode example usage:

• Jacl:
  $AdminTask listIdMgrRealmBaseEntries {-interactive}
• Jython string:
  AdminTask.listIdMgrRealmBaseEntries ('[-interactive]')
• Jython list:
  AdminTask.listIdMgrRealmBaseEntries (['-interactive'])

listIdMgrRealmDefaultParents

Use the listIdMgrRealmDefaultParents command to list the mapping of the default parent uniqueName for all entity types in a specified realm.

Target Object None.

Required parameters None.

Optional parameters

-name

Specify a valid realm name for which to list the mapping. If we do not specify the -name parameter, the command returns the mapping for defaultWIMFileBasedRealm, which is the default realm in the federated repository configuration. (String, optional)

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

Return values The listIdMgrRealmDefaultParents command returns the mapping of each entity type to default parent uniqueName for the specified realm. The results are returned as a Map where the key is entityType and the value is parentUniqueName.

Examples

:

• Jacl:
  $AdminTask listIdMgrRealmDefaultParents {-name realm_name}
• Jython string:
  AdminTask.listIdMgrRealmDefaultParents ('[-name realm_name]')
• Jython list:
  AdminTask.listIdMgrRealmDefaultParents ((['-name', 'realm_name'])

Interactive mode example usage:

• Jacl:
  $AdminTask listIdMgrRealmDefaultParents {-interactive}
• Jython string:
  AdminTask.listIdMgrRealmDefaultParents ('[-interactive]')
• Jython list:
  AdminTask.listIdMgrRealmDefaultParents (['-interactive'])

listIdMgrRealmURAttrMappings

Use the listIdMgrRealmURAttrMappings command to list the mappings between the user or group attributes for a user registry and the federated repository properties of a specified realm.

Target object

None.

Optional parameters

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

-name

Specify a valid realm name for which to list the mapping.

If we do not specify the -name parameter, the listIdMgrRealmURAttrMappings command returns the mapping of the default realm in the federated repository configuration.

(String, optional)

Return values

The listIdMgrRealmURAttrMappings command returns a HashMap containing the following structure:

• The key is the user registry attribute name (URAttrName parameter).
• The value is another HashMap containing the propertyForInput and propertyForOutput as keys and the corresponding mapping as the values.

The following example shows a sample output. The example is broken into multiple lines for illustration purposes only.

{userDisplayName={propertyForInput=principalName, propertyForOutput=principalName},
userSecurityName={propertyForInput=principalName, propertyForOutput=principalName},
uniqueUserId={propertyForInput=uniqueName, propertyForOutput=uniqueName},
uniqueGroupId={propertyForInput=uniqueName, propertyForOutput=uniqueName},
groupSecurityName={propertyForInput=cn, propertyForOutput=cn},
groupDisplayName={propertyForInput=cn, propertyForOutput=cn}}

Examples

:

• Jacl:

  $AdminTask listIdMgrRealmURAttrMappings

• Jython string:

  AdminTask.listIdMgrRealmURAttrMappings()

• Jython list:

  AdminTask.listIdMgrRealmURAttrMappings()

Interactive mode example usage:

• Jacl:

  $AdminTask listIdMgrRealmURAttrMappings {-interactive}

• Jython string:

  AdminTask.listIdMgrRealmURAttrMappings ('[-interactive]')

• Jython list:

  AdminTask.listIdMgrRealmURAttrMappings (['-interactive'])

renameIdMgrRealm

The renameIdMgrRealm command renames the name of the realm that you specified.

Renaming the federated repositories realm name does not update the realm name stored in the security.xml file.

Target Object None.

Required parameters

-name

Name of the realm. (String, required)

-newName

New name of the realm. (String, required)

Optional parameters

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask renameIdMgrRealm {-name realm1 -newName realm2}
• Jython string:
  AdminTask.renameIdMgrRealm ('[-name realm1 -newName realm2]')
• Jython list:
  AdminTask.renameIdMgrRealm (['-name', 'realm1', '-newName', 'realm2'])

Interactive mode example usage:

• Jacl:
  $AdminTask renameIdMgrRealm {-interactive}
• Jython string:
  AdminTask.renameIdMgrRealm ('[-interactive]')
• Jython list:
  AdminTask.renameIdMgrRealm (['-interactive'])

setIdMgrDefaultRealm

The setIdMgrDefaultRealm command sets the default realm name.

Required parameters

-name

Name of the realm used as a default realm when the caller does not specify any in context. (String, required)

Optional parameters

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask setIdMgrDefaultRealm {-name realm1}
• Jython string:
  AdminTask.setIdMgrDefaultRealm ('[-name realm1]')
• Jython list:
  AdminTask.setIdMgrDefaultRealm (['-name', 'realm1'])

Interactive mode example usage:

• Jacl:
  $AdminTask setIdMgrDefaultRealm {-interactive}
• Jython string:
  AdminTask.setIdMgrDefaultRealm ('[-interactive]')

setIdMgrRealmDefaultParent

Use the setIdMgrRealmDefaultParent command to set or modify the default parent uniqueName for an entity type in a specified realm.

Target object

None.

Required parameters

-entityTypeName

Specify the name of a valid supported entity type for which to set or modify the default parent. (String, required)

-parentUniqueName

Specify the default parent of the entity type in the specified realm. The default parent specified should be a valid uniqueName in this realm. (String, required)

Optional parameters

-name

Specify a valid realm name for which to set or modify the mapping. If we do not specify the -name parameter, the command sets or modifies the mapping for defaultWIMFileBasedRealm, which is the default realm in the federated repository configuration. (String, optional)

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask setIdMgrRealmDefaultParent {-entityTypeName entity_type -parentUniqueName unique_name}
• Jython string:
  AdminTask.setIdMgrRealmDefaultParent ('[-entityTypeName entity_type -parentUniqueName unique_name]')
• Jython list:
  AdminTask.setIdMgrRealmDefaultParent (['-entityTypeName', 'entity_type', '-parentUniqueName', 'unique_name'])

Interactive mode example usage:

• Jacl:
  $AdminTask setIdMgrRealmDefaultParent {-interactive}
• Jython string:
  AdminTask.setIdMgrRealmDefaultParent ('[-interactive]')
• Jython list:
  AdminTask.setIdMgrRealmDefaultParent (['-interactive'])

setIdMgrRealmURAttrMapping

Use the setIdMgrRealmURAttrMapping command to set or modify the mapping of the user or group attribute for a user registry to a federated repository property of a specified realm.

The setIdMgrRealmURAttrMapping command is available in both connected and local modes. If you run the setIdMgrRealmURAttrMapping command in connected mode, the realm attribute mapping changes take effect after you restart the server.

Target object

None.

Required parameters

-URAttrName

Specify the name of the user or group attribute in a user registry to map. The following case-sensitive values are valid for the URAttrName parameter:

• uniqueUserId
• userSecurityName
• userDisplayName
• uniqueGroupId
• groupSecurityName
• groupDisplayName

If you run the setIdMgrRealmURAttrMapping command multiple times for the same user registry attribute name, it overwrites the previous value.

(String, required)

-propertyForInput

Specify the name of the federated repository property that maps to the specified user registry attribute (URAttrName parameter) when it is an input parameter for the user registry interface. (String, required)

-propertyForOutput

Specify the name of the federated repository property that maps to the specified user registry attribute (URAttrName parameter) when it is an output parameter (return value) for the user registry interface. (String, required)

In most cases, the propertyForInput and propertyForInput would be the same.

Optional parameters

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

-name

Specify a valid realm name for which to set or modify the mapping. If we do not specify the name parameter, the setIdMgrRealmURAttrMapping command uses the default realm in the federated repository configuration. (String, optional)

Examples

Batch mode example usage:

• Jacl:

  $AdminTask setIdMgrRealmURAttrMapping {-URAttrName unique_user_ID -propertyForInput unique_name -propertyForOutput unique_name}

• Jython string:

  AdminTask.setIdMgrRealmURAttrMapping ('[-URAttrName unique_user_ID -propertyForInput unique_name -propertyForOutput unique_name]')

• Jython list:

  AdminTask.setIdMgrRealmURAttrMapping (['-URAttrName', 'unique_user_ID', '-propertyForInput', 'unique_name', '-propertyForOutput', 'unique_name'])

Interactive mode example usage:

• Jacl:

  $AdminTask setIdMgrRealmURAttrMapping {-interactive}

• Jython string:

  AdminTask.setIdMgrRealmURAttrMapping ('[-interactive]')

• Jython list:

  AdminTask.setIdMgrRealmURAttrMapping (['-interactive'])

updateIdMgrRealm

The updateIdMgrRealm command updates the configuration for a realm specified.

Target Object None.

Required parameters

-name

Name of the realm. (String, required)

Optional parameters

-securityDomainName

Specify the name that uniquely identifies the security domain. If we do not specify this parameter, the command uses the global federated repository. (String, optional)

-securityUse

Specifies a string that indicates if this realm will be used in security now, later, or never. Default is active. Additional values includes: inactive and nonSelectable. (String, optional)

-delimiter

specifies the delimiter used for this realm. The default value is /. (String, optional)

-allowOperationIfReposDown

Whether the system allows a repository operation such as get or search to complete successfully, even if repositories in the realm are down. (Boolean, optional)

Even if this parameter is specified, all repositories must be available when we start the server, or the virtual member manager might not function properly. gotcha

Examples

Batch mode example usage:

• Jacl:

  $AdminTask updateIdMgrRealm {-name 
  realm1}

• Jython string:

  AdminTask.updateIdMgrRealm ('[-name 
  realm1]')

• Jython list:

  AdminTask.updateIdMgrRealm (['-name', 
  'realm1'])

Interactive mode example usage:

• Jacl:
  $AdminTask updateIdMgrRealm {-interactive}
• Jython string:
  AdminTask.updateIdMgrRealm ('[-interactive]')
• Jython list:
  AdminTask.updateIdMgrRealm (['-interactive'])

Related

Use the wsadmin scripting AdminTask object for scripted administration

Reference:

Commands for AdminTask using wsadmin.sh
IdMgrRepositoryConfig command group for AdminTask
IdMgrConfig command group for AdminTask

+

Search Tips   |   Advanced Search