IdMgrConfig

Use the Jython or Jacl scripting languages to configure the virtual member manager with the wsadmin tool. The commands in the IdMgrConfig group can be used to manage your entity type configuration.

The IdMgrConfig .includes the following commands:

• createIdMgrSupportedEntityType
• deleteIdMgrSupportedEntityType
• getIdMgrSupportedEntityType
• isIdMgrUseGlobalSchemaForModel
• listIdMgrSupportedEntityTypes
• listIdMgrGroupsForRoles
• listIdMgrUsersForRoles
• mapIdMgrUserToRole
• mapIdMgrGroupToRole
• removeIdMgrGroupsFromRole
• removeIdMgrUsersFromRole
• resetIdMgrConfig
• setIdMgrUseGlobalSchemaForModel
• showIdMgrConfig
• updateIdMgrLDAPBindInfo
• updateIdMgrSupportedEntityType

createIdMgrSupportedEntityType

Create a supported entity type configuration.

Parameters

-name

The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)

-defaultParent

The default parent node for the supported entity type. (String, required)

-rdnProperties

The RDN attribute name for the supported entity type in the entity domain name. To reset all values of the rdnProperties parameter, specify a blank string ("") (String, required)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask createIdMgrSupportedEntityType {-name entity1 -defaultParent node1 -rdnProperties rdn1}

• Jython string:
  AdminTask.createIdMgrSupportedEntityType ('[-name entity1 -defaultParent node1 -rdnProperties rdn1]')

• Jython list:
  AdminTask.createIdMgrSupportedEntityType (['-name', 'entity1', '-defaultParent', 'node1', '-rdnProperties', 'rdn1'])

Interactive mode example usage:

• Jacl:
  $AdminTask createIdMgrSupportedEntityType {-interactive}

• Jython string:
  AdminTask.createIdMgrSupportedEntityType ('[-interactive]')

• Jython list:
  AdminTask.createIdMgrSupportedEntityType (['-interactive'])

deleteIdMgrSupportedEntityType

Delete the supported entity type configuration specified.

Parameters

-name

The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask deleteIdMgrSupportedEntityType {-name entity1}

• Jython string:
  AdminTask.deleteIdMgrSupportedEntityType ('[-name entity1]')

• Jython list:
  AdminTask.deleteIdMgrSupportedEntityType (['-name', 'entity1'])

Interactive mode example usage:

• Jacl:
  $AdminTask deleteIdMgrSupportedEntityType {-interactive}

• Jython string:
  AdminTask.deleteIdMgrSupportedEntityType ('[-interactive]')

• Jython list:
  AdminTask.deleteIdMgrSupportedEntityType (['-interactive'])

getIdMgrSupportedEntityType

Return the configuration of the supported entity type specified.

Parameters

-name

The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask getIdMgrSupportedEntityType {-name entity1}

• Jython string:
  AdminTask.getIdMgrSupportedEntityType ('[-name entity1]')

• Jython list:
  AdminTask.getIdMgrSupportedEntityType (['-name', 'entity1'])

Interactive mode example usage:

• Jacl:
  $AdminTask getIdMgrSupportedEntityType {-interactive}

• Jython string:
  AdminTask.getIdMgrSupportedEntityType ('[-interactive]')

• Jython list:
  AdminTask.getIdMgrSupportedEntityType (['-interactive'])

isIdMgrUseGlobalSchemaForModel

Return a boolean that indicates whether the global schema option is enabled for the data model for the specified domain in a multiple security domain environment.

Parameters

-securityDomainName

The name that uniquely identifies the security domain. (String, required)

Returns

A Boolean value that indicates whether global schema option is enabled for the data model for the specified domain.

Examples

Batch mode example usage:

• Jacl:
  $AdminTask isIdMgrUseGlobalSchemaForModel {-securityDomainName mysecDomain}

• Jython string:
  AdminTask.isIdMgrUseGlobalSchemaForModel ('[-securityDomainName mysecDomain]')

• Jython list:
  AdminTask.isIdMgrUseGlobalSchemaForModel (['-securityDomainName', 'mysecDomain'])

Interactive mode example usage:

• Jacl:
  $AdminTask isIdMgrUseGlobalSchemaForModel {-interactive}

• Jython string:
  AdminTask.isIdMgrUseGlobalSchemaForModel ('[-interactive]')

• Jython list:
  AdminTask.isIdMgrUseGlobalSchemaForModel (['-interactive'])

listIdMgrSupportedEntityTypes

List all of the supported entity types configured.

Parameters

-securityDomainName

The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Returns

A list containing the names of the supported entity types

Examples

Batch mode example usage:

• Jacl:
  $AdminTask listIdMgrSupportedEntityTypes

• Jython string:
  AdminTask.listIdMgrSupportedEntityTypes()

• Jython list:
  AdminTask.listIdMgrSupportedEntityTypes()

Interactive mode example usage:

• Jacl:
  $AdminTask listIdMgrSupportedEntityTypes {-interactive}

• Jython string:
  AdminTask.listIdMgrSupportedEntityTypes ('[-interactive]')

• Jython list:
  AdminTask.listIdMgrSupportedEntityTypes (['-interactive'])

listIdMgrGroupsForRoles

List the mapping of groups to roles in federated repositories.

Parameters

-securityDomainName

The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Returns

A Map object containing roleName as the key, and the value of each key is a list of uniqueNames.

Examples

Batch mode example usage:

• Jacl:
  $AdminTask listIdMgrGroupsForRoles

• Jython string:
  AdminTask.listIdMgrGroupsForRoles ()

• Jython list:
  AdminTask.listIdMgrGroupsForRoles ()

Interactive mode example usage:

• Jacl:
  $AdminTask listIdMgrGroupsForRoles {-interactive}

• Jython string:
  AdminTask.listIdMgrGroupsForRoles ('[interactive]')

• Jython list:
  AdminTask.listIdMgrGroupsForRoles (['interactive'])

listIdMgrUsersForRoles

List the mapping of users to roles in federated repositories.

Parameters

-securityDomainName

The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Returns

A Map object containing roleName as the key, and the value of each key is a list of uniqueNames.

Examples

Batch mode example usage:

• Jacl:
  $AdminTask listIdMgrUsersForRoles

• Jython string:
  AdminTask.listIdMgrUsersForRoles ()

• Jython list:
  AdminTask.listIdMgrUsersForRoles ()

Interactive mode example usage:

• Jacl:
  $AdminTask listIdMgrUsersForRoles {-interactive}

• Jython string:
  AdminTask.listIdMgrUsersForRoles ('[-interactive]')

• Jython list:
  AdminTask.listIdMgrUsersForRoles (['-interactive'])

mapIdMgrUserToRole

Map a user to a specified role in federated repositories. We can map a user to only one role.

Parameters

-roleName

The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)

-userId

The user ID or unique name of the user to whom we want to map the specified role. If we specify the user ID, it should correspond to a unique user in the repository. (String, required)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask mapIdMgrUserToRole {-roleName IdMgrWriter -userId uid=user1,o=customrealm}

• Jython string:
  AdminTask.mapIdMgrUserToRole ('[-roleName IdMgrWriter -userId user1,o=customrealm]')

• Jython list:
  AdminTask.mapIdMgrUserToRole (['-roleName', 'IdMgrWriter', '-userId', 'uid=user1,o=customrealm'])

Interactive mode example usage:

• Jacl:
  $AdminTask mapIdMgrUserToRole {-interactive}}

• Jython string:
  AdminTask.mapIdMgrUserToRole ('[-interactive]')

• Jython list:
  AdminTask.mapIdMgrUserToRole (['-interactive'])

mapIdMgrGroupToRole

Map a group to a specified role in federated repositories. We can map a group to only one role.

Parameters

-roleName

The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)

-groupId

The common name or unique name of the group to which we want to map the specified role. If we specify the common name, it should correspond to a unique group in the repository. Alternately, to map all logged-in users to the specified role, we can specify a special subject with the value ALLAUTHENTICATED. (String, required)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl (example 1):
  $AdminTask mapIdMgrGroupToRole {-roleName IdMgrReader -groupId cn=group1,o=customrealm}

  Use Jacl (example 2):

  $AdminTask mapIdMgrGroupToRole {-roleName IdMgrWriter -groupId ALLAUTHENTICATED}

• Jython string (example 1):
  AdminTask.mapIdMgrGroupToRole ('[-roleName IdMgrReader -groupId cn=group1,o=customrealm]')

  Use Jython string (example 2):

  AdminTask.mapIdMgrGroupToRole ('[-roleName IdMgrWriter -groupId ALLAUTHENTICATED]')

• Jython list (example 1):
  AdminTask.mapIdMgrGroupToRole (['-roleName', 'IdMgrReader', '-groupId', 'cn=group1,o=customrealm'])

  Use Jython list (example 2):

  AdminTask.mapIdMgrGroupToRole (['-roleName', 'IdMgrReader', '-groupId', 'ALLAUTHENTICATED'])

Interactive mode example usage:

• Jacl:
  $AdminTask mapIdMgrGroupToRole {-interactive}

• Jython string:
  AdminTask.mapIdMgrGroupToRole ('[-interactive]')

• Jython list:
  AdminTask.mapIdMgrGroupToRole (['-interactive'])

removeIdMgrGroupsFromRole

Remove a group from a specified role in federated repositories.

Parameters

-roleName

The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)

-groupId

The common name or unique name of the group to which we want to map the specified role. If we specify the common name, it should correspond to a unique group in the repository. Alternately, to remove the mapping of all logged-in users to the specified role, we can specify a special subject with the value ALLAUTHENTICATED. (String, required)

We can specify an asterisk (*) to remove all users mapped to the specified role.

-securityDomainName

The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl (example 1):
  $AdminTask removeIdMgrGroupsFromRole {-roleName IdMgrReader -groupId cn=group1,o=customrealm}

  Use Jacl (example 2):

  $AdminTask removeIdMgrGroupsFromRole {-roleName IdMgrReader -groupId ALLAUTHENTICATED}

• Jython string (example 1):
  AdminTask.removeIdMgrGroupsFromRole ('[-roleName IdMgrReader -groupId cn=group1,o=customrealm]')

  Use Jython string (example 2):

  AdminTask.removeIdMgrGroupsFromRole ('[-roleName IdMgrReader -groupId ALLAUTHENTICATED]')

• Jython list (example 1):
  AdminTask.removeIdMgrGroupsFromRole (['-roleName', 'IdMgrReader', '-groupId', 'cn=group1,o=customrealm'])

  Use Jython list (example 2):

  AdminTask.removeIdMgrGroupsFromRole (['-roleName', 'IdMgrReader', '-groupId', 'ALLAUTHENTICATED'])

Interactive mode example usage:

• Jacl:
  $AdminTask removeIdMgrGroupsFromRole {-interactive}

• Jython string:
  AdminTask.removeIdMgrGroupsFromRole ('[-interactive]')

• Jython list:
  AdminTask.removeIdMgrGroupsFromRole (['-interactive'])'])

removeIdMgrUsersFromRole

Remove a user from a specified role in federated repositories.

Parameters

-roleName

The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)

-userId

The user ID or unique name of the user whose mapping to the specified role we want to remove. If we specify the user ID, it should correspond to a unique user in the repository. (String, required)

We can specify an asterisk (*) to remove all users mapped to the specified role.

-securityDomainName

The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask removeIdMgrUsersFromRole {-roleName IdMgrWriter -userId uid=user1,o=customrealm}

• Jython string:
  AdminTask.removeIdMgrUsersFromRole ('[-roleName IdMgrWriter -userId uid=user1,o=customrealm]')

• Jython list:
  AdminTask.removeIdMgrUsersFromRole (['-roleName', 'IdMgrWriter', '-userId', 'uid=user1,o=customrealm'])

Interactive mode example usage:

• Jacl:
  $AdminTask removeIdMgrUsersFromRole {-interactive}

• Jython string:
  AdminTask.removeIdMgrUsersFromRole ('[-interactive]')

• Jython list:
  AdminTask.removeIdMgrUsersFromRole (['-interactive'])

resetIdMgrConfig

Reset the current configuration to the last configuration that was saved.

Parameters

-securityDomainName

The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Returns

None.

Examples

Batch mode example usage:

• Jacl:
  $AdminTask resetIdMgrConfig

• Jython string:
  AdminTask.resetIdMgrConfig()

• Jython list:
  AdminTask.resetIdMgrConfig()

Interactive mode example usage:

• Jacl:
  $AdminTask resetIdMgrConfig {-interactive}

• Jython string:
  AdminTask.resetIdMgrConfig ('[-interactive]')

• Jython list:
  AdminTask.resetIdMgrConfig (['-interactive'])

setIdMgrUseGlobalSchemaForModel

Set the global schema option for the data model in a multiple security domain environment. Global schema refers to the schema of the admin domain.

Application domains that are set to use global schema share the same schema of the admin domain. Hence, if you extend the schema for an application in one domain, we must take into consideration how that might affect applications of other domains as they are also bound by the same schema. For example, adding a mandatory property for one application might cause other applications to fail.

Parameters

-useGlobalSchema

Specifies whether the data model should use the global schema. Global schema refers to the schema of the admin domain. The default value of this parameter is false. (Boolean, required)

-securityDomainName

The name that uniquely identifies the security domain. (String, required)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask setIdMgrUseGlobalSchemaForModel {-useGlobalSchema true -securityDomainName mysecDomain}

• Jython string:
  AdminTask.setIdMgrUseGlobalSchemaForModel ('[-useGlobalSchema true -securityDomainName mysecDomain]')

• Jython list:
  AdminTask.setIdMgrUseGlobalSchemaForModel (['-useGlobalSchema', 'true', '-securityDomainName', 'mysecDomain'])

Interactive mode example usage:

• Jacl:
  $AdminTask setIdMgrUseGlobalSchemaForModel {-interactive}

• Jython string:
  AdminTask.setIdMgrUseGlobalSchemaForModel ('[-interactive]')

• Jython list:
  AdminTask.setIdMgrUseGlobalSchemaForModel (['-interactive'])

showIdMgrConfig

Return the current configuration XML in string format.

Parameters

-file

The name of the file where we want to save the configuration XML string. (String, optional)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Returns

None.

Examples

Batch mode example usage:

• Jacl:
  $AdminTask showIdMgrConfig

• Jython string:
  AdminTask.showIdMgrConfig()

• Jython list:
  AdminTask.showIdMgrConfig()

Interactive mode example usage:

• Jacl:
  $AdminTask showIdMgrConfig {-interactive}

• Jython string:
  AdminTask.showIdMgrConfig ('[-interactive]')

• Jython list:
  AdminTask.showIdMgrConfig (['-interactive'])

updateIdMgrLDAPBindInfo

Dynamically update the LDAP server bind information. If we specify a value for the bindDN parameter, then we must specify a value for the bindPassword parameter. If we specify the id parameter only, then the LDAP server information is refreshed.

Parameters

-id

The ID of the repository. (String, required)

-bindDN

The binding distinguished name for the LDAP server. (String, optional)

-bindPassword

The binding password for the LDAP server. (String, optional)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Use Jython:
  AdminTask.updateIdMgrLDAPBindInfo('[-id id1 -bindDN cn=root -bindPassword myPassword22]')

• Use Jython list:
  AdminTask.updateIdMgrLDAPBindInfo(['-id id1 -bindDN cn=root -bindPassword myPassword22'])

• Use Jacl:
  $AdminTask updateIdMgrLDAPBindInfo {-id id1 -bindDN cn=root -bindPassword myPassword22}

Interactive mode example usage:

• Use Jython:
  AdminTask.updateIdMgrLDAPBindInfo(['-interactive'])

• Use Jacl:
  $AdminTask updateIdMgrLDAPBindInfo {-interactive}

updateIdMgrSupportedEntityType

Update the configuration specified for a supported entity type.

Parameters

-name

The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)

-securityDomainName

The name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-defaultParent

The default parent node for the supported entity type. (String, optional)

-rdnProperties

The RDN attribute name for the supported entity type in the entity domain name. To reset all the values of the rdnProperties parameter, specify a blank string (""). (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask updateIdMgrSupportedEntityType {-name entity1}

• Jython string:
  AdminTask.updateIdMgrSupportedEntityType ('[-name entity1]')

• Jython list:
  AdminTask.updateIdMgrSupportedEntityType (['-name', 'entity1'])

Interactive mode example usage:

• Jacl:
  $AdminTask updateIdMgrSupportedEntityType {-interactive}

• Jython string:
  AdminTask.updateIdMgrSupportedEntityType ('[-interactive]')

• Jython list:
  AdminTask.updateIdMgrSupportedEntityType (['-interactive'])

wsadmin AdminTask

Commands for the AdminTask object

IdMgrRepositoryConfig

IdMgrRealmConfig