WIMManagementCommands

Use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands in the WIMManagementCommands group can be used to manage groups, members, and users in the virtual member manager.

If the Use global security settings option is selected for the user realm or the Global federated repositories option is selected as the realm type for the specified domain, the user and group management commands are executed on the federated repository of the admin domain. For example, if we run the createUser command for the specified domain, the user is created in the admin domain. However, configuration changes that are performed on the domain are applied to the security domain-specific configuration.

The WIMManagementCommands command group for the AdminTask objectcommands include:

• addMemberToGroup
• changeMyPassword
• clearIdMgrRepositoryCache
• clearIdMgrUserFromCache
• createGroup
• createUser
• deleteGroup
• deleteUser
• duplicateMembershipOfGroup
• duplicateMembershipOfUser
• getGroup
• getIdMgrSupportedDataTypes
• getMembershipOfGroup
• getMembershipOfUser
• getMembersOfGroup
• getUser
• removeMemberFromGroup
• searchGroups
• searchUsers
• updateGroup
• updateUser

addMemberToGroup

Add a member to a group in the virtual member manager. If successful, the addMemberToGroup command returns the unique name of the added member.

Parameters and return values

-memberUniqueName

Unique name value for the user or group to add to the specified group. This parameter maps to the uniqueName property in virtual member manager.

-groupUniqueName

Unique name value for the group to which we want to add the user or group specified in the memberUniqueName parameter. This parameter maps to the uniqueName property in virtual member manager.

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask addMemberToGroup {-memberUniqueName uid=meyersd,cn=users,dc=yourco,dc=com -groupUniqueName cn=admins,cn=groups,dc=yourco,dc=com}

• Jython string:
  AdminTask.addMemberToGroup ('[-memberUniqueName uid=meyersd,cn=users,dc=yourco,dc=com -groupUniqueName cn=admins,cn=groups,dc=yourco,dc=com]')

• Jython list:
  AdminTask.addMemberToGroup (['-memberUniqueName', 'uid=meyersd', 'cn=users', 'dc=yourco', 'dc=yourco', 'groupUniqueName', 'cn=admins', 'cn=groups', 'dc=yourco', 'dc=com'])

Interactive mode example usage:

• Jacl:
  $AdminTask addMemberToGroup {-interactive}

• Jython string:
  AdminTask.addMemberToGroup ('[-interactive]')

• Jython list:
  AdminTask.addMemberToGroup (['-interactive'])

changeMyPassword

Allows you to change your password when logged into WebSphere Application Server. It requires you to specify our old password and the new password, and then confirm the new password. If our old password is validated successfully, and the new password specified exactly matches your confirmation of the new password, then the password is changed.

Important: Use the changeMyPassword command only for repositories that have a write adapter for federated repositories. It will not work for read-only adapters or the federated repositories user registry bridge configured with the local operating system user registry or a custom user registry.

Parameters and return values

-oldPassword

The old password of the user. The value of the oldPassword parameter is validated against the password of the user in the repository. (String, required)

-newPassword

The new password that must be set for the user. (String, required)

-confirmNewPassword

The new password that must be set for the user. The value of the newPassword and confirmNewPassword parameters must match. (String, required)

After we change your password, our old password might continue to remain in effect, allowing you to login using our old password. This happens if both the authentication cache and basic authentication cache keys are enabled, causing the old password to remain valid according to the value specified for cache timeout or cache size.

We can clear the WAS security cache so that we do not have to wait for the cacheTimeout to expire. To clean entries from the AuthCache, use the SecurityAdmin BeanclearAuthCache methods, clearAuthCache or purgeUserFromCache.

Call one of the following MBean methods on each WAS process that requires the subject of the user to be cleared from the cache. The AuthCache is a cache for each process, so every process (not just the dmgr) that has the user authenticated must have this method called:

• /** * clearAuthCache */ public void clearAuthCache()

• /** * purgeUserFromCache */ public void purgeUserFromAuthCache(String realm, String userid)

The following example shows how we can use wsadmin to call the clearAuthCache method on the dmgr process:

set sa [$AdminControl queryNames type=SecurityAdmin,process=dmgr,*] $AdminControl invoke $sa clearAuthCache

For more information, read Authentication cache settings.

Examples

Batch mode example usage:

• Jacl:
  $AdminTask changeMyPassword {-oldPassword pwd1 -newPassword pwd2 -confirmNewPassword pwd2}

• Jython string:
  AdminTask.changeMyPassword ('[oldPassword pwd1 -newPassword pwd2 -confirmNewPassword pwd2]')

• Jython list:
  AdminTask.changeMyPassword (['oldPassword', 'pwd1', '-newPassword', 'pwd2', '-confirmNewPassword', 'pwd2'])

Interactive mode example usage:

• Jacl:
  $AdminTask changeMyPassword {-interactive}

• Jython string:
  AdminTask.changeMyPassword ('[-interactive]'

• Jython list:
  AdminTask.changeMyPassword (['-interactive']))

clearIdMgrRepositoryCache

Clear all the entities from all of the caches of a specified repository adapter or all repository adapters.

Frequent use of this command to clear the cache may result in performance degradation. When the entire cache is cleared, the subsequent operation has to get the details from the repository and update the cache with this newly retrieved data; so the subsequent operation takes longer to complete.

Parameters and return values

-id

Specify the repository ID of the repository adapter whose cache must be cleared. If not specified all the caches of all of the repository adapters are cleared. (String, optional)

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask clearIdMgrRepositoryCache {-id repository_ID}

• Jython string:
  AdminTask.clearIdMgrRepositoryCache ('[-id repository_ID]')

• Jython list:
  AdminTask.clearIdMgrRepositoryCache (['-id', 'repository_ID'])

Interactive mode example usage:

• Jacl:
  $AdminTask clearIdMgrRepositoryCache {-interactive}

• Jython string:
  AdminTask.clearIdMgrRepositoryCache ('[-interactive]')

• Jython list:
  AdminTask.clearIdMgrRepositoryCache (['-interactive'])

clearIdMgrUserFromCache

Clear the specified user from the cache of the repository adapter, if the user exists in the cache.

Important: The clearIdMgrUserFromCache command does not clear the group membership details of the user. To clear group membership information for a user from the cache, use the getMembershipOfUser wsadmin command with the -clearCache parameter. See the description of the getMembershipOfUser command.

Parameters and return values

-principalName

Specify the login ID of the user to be cleared from the cache. If the user is in an LDAP repository, then the principalName must be the distinguished name (DN) of the entry. The user is removed from the cache of the adapter of the repository where the user exists. If more than one user is found for the same principal name, then all of them are cleared from the cache. If the user is not found in the cache, then cache is not cleared and no error message appears. (String, required)

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask clearIdMgrUserFromCache {-principalName login_ID}

• Jython string:
  AdminTask.clearIdMgrUserFromCache ('[-principalName login_ID]')

• Jython list:
  AdminTask.clearIdMgrUserFromCache (['-principalName', 'login_ID'])

Interactive mode example usage:

• Jacl:
  $AdminTask clearIdMgrUserFromCache {-interactive}

• Jython string:
  AdminTask.clearIdMgrUserFromCache ('[-interactive]')

• Jython list:
  AdminTask.clearIdMgrUserFromCache (['-interactive'])

createGroup

Create a new group in the virtual member manager. After the command completes, the new group will appear in the repository. For LDAP, a group must contain a member. The memberUniqueName parameter is optional in this case. If we set the memberUniqueName parameter to the unique name of a group or a user, the group or user will be added as a member of the group.

Parameters and return values

-cn

Common name for the group to create. This parameter maps to the cn property in virtual member manager. (String, required)

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-description

Specifies additional information about the group to create. This parameter maps to the description property in a virtual member manager object. (String, optional)

-parent

Repository in which we want to create the group. This parameter maps to the parent property in the virtual member manager. (String, optional)

-memberUniqueName

Unique name value for the user or group to add to the new group. This parameter maps to the uniqueName property in the virtual member manager. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask createGroup {-cn groupA -description a group of admins}

• Jython string:
  AdminTask.createGroup ('[-cn groupA -description a group of admins]')

• Jython list:
  AdminTask.createGroup (['-cn', 'groupA', '-description', 'a group of admins'])

Interactive mode example usage:

• Jacl:
  $AdminTask createGroup {-interactive}

• Jython string:
  AdminTask.createGroup ('[-interactive]')

• Jython list:
  AdminTask.createGroup (['-interactive'])

createUser

Create a new user in the default repository or a repository that the parent command parameter specifies. This command creates a person entity and a login account entity in the virtual member manager.

Parameters and return values

-uid

Unique ID for the user to create. Virtual member manager then creates a uniqueId value and a uniqueName value for the user. This parameter maps to the uid property in the virutal member manager. (String, required)

-password

Password for the user. This parameter maps to the password property in the virtual member manager. (String, required)

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-confirmPassword

Password again to validate how it was entered for the password parameter. This parameter maps to the password property in virtual member manager. (String, optional)

-cn

Specifes the first name or given name of the user. This parameter maps to the cn property in virutal member manager. (String, required)

-sn

Last name or family name of the user. This parameter maps to the sn property in virtual member manager. (String, required)

-mail

Email address of the user. This parameter maps to the ibm-PrimaryEmail property in the virtual member manager. (String, optional)

-parent

Repository in which we want to create the user. This parameter maps to the parent property in the virtual member manager. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask createUser {-uid 123 -password tempPass -confirmPassword tempPass -cn Jane -sn Doe -mail janedoe@acme.com}

• Jython string:
  AdminTask.createUser ('[-uid 123 -password tempPass -confirmPassword tempPass -cn Jane -sn Doe -mail janedoe@acme.com]')

• Jython list:
  AdminTask.createUser (['-uid', '123', '-password', 'tempPass', '-confirmPassword', 'tempPass', '-cn', 'Jane', '-sn', 'Doe', '-mail', 'janedoe@acme.com'])

Interactive mode example usage:

• Jacl:
  $AdminTask createUser {-interactive}

• Jython string:
  AdminTask.createUser ('[-interactive]')

• Jython list:
  AdminTask.createUser (['-interactive'])

deleteGroup

Celete a group in the virtual member manager. We cannot use this command to delete descendants. When this command completes, the group will be deleted from the repository.

Parameters and return values

-uniqueName

Unique name value for the group to delete. This parameter maps to the uniqueName property in virtual member manager. (String, required)

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask deleteGroup {-uniqueName cn=operators,cn=users,dc=yourco,dc=com}

• Jython string:
  AdminTask.deleteGroup ('[-uniqueName cn=operators,cn=users,dc=yourco,dc=com]')

• Jython list:
  AdminTask.deleteGroup (['-uniqueName', 'cn=operators,cn=users,dc=yourco,dc=com'])

Interactive mode example usage:

• Jacl:
  $AdminTask deleteGroup {-interactive}

• Jython string:
  AdminTask.deleteGroup ('[-interactive]')

• Jython list:
  AdminTask.deleteGroup (['-interactive'])

deleteUser

Delete a user from the virtual member manager. This includes a person object and an account object in the non-merged repositories.

Parameters and return values

-uniqueName

Unique name value for the user to delete. This parameter maps to the uniqueName property in virtual member manager. (String, required)

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask deleteUser {-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com}

• Jython string:
  AdminTask.deleteUser ('[-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com]')

• Jython list:
  AdminTask.deleteUser (['-uniqueName', 'uid=dmeyers,cn=users,dc=yourco,dc=com'])

Interactive mode example usage:

• Jacl:
  $AdminTask deleteUser {-interactive}

• Jython string:
  AdminTask.deleteUser ('[-interactive]')

• Jython list:
  AdminTask.deleteUser (['-interactive'])

duplicateMembershipOfGroup

Make a one group a member of all of the same groups as another group. For example, group A is in group B and group C. To add group D to the same groups as group A, use the duplicateMembershipOfGroup command.

Parameters and return values

-copyToUniqueName

Name of the group to which we want to add the memberships of the group specified in the copyFromUniqueName parameter. (String, required)

-copyFromUniqueName

Name of the group from which we want to copy the group memberships for another group to use. (String, required)

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask duplicateMembershipOfGroup {-copyToUniqueName cn=operators,cn=groups,dc=yourco,dc=com -copyFromUniqueName cn=admins,cn=groups,dc=yourco,dc=com}

• Jython string:
  AdminTask.duplicateMembershipOfGroup ('[-copyToUniqueName cn=operators,cn=groups,dc=yourco,dc=com -copyFromUniqueName cn=admins,cn=groups,dc=yourco,dc=com]')

• Jython list:
  AdminTask.duplicateMembershipOfGroup (['-copyToUniqueName', 'cn=operators,cn=groups,dc=yourco,dc=com', '-copyFromUniqueName', 'cn=admins,cn=groups,dc=yourco,dc=com'])

Interactive mode example usage:

• Jacl:
  $AdminTask duplicateMembershipOfGroup {-interactive}

• Jython string:
  AdminTask.duplicateMembershipOfGroup ('[-interactive]')

• Jython list:
  AdminTask.duplicateMembershipOfGroup (['-interactive'])

duplicateMembershipOfUser

Make a one user a member of all of the same groups as another user. For example, user 1 is in group B and group C. To add user 2 to the same groups as user 1, use the duplicateMembershipOfUser command.

Parameters and return values

-copyToUniqueName

Name of the user to which we want to add the memberships of the user specified in the copyFromUniqueName parameter. (String, required)

-copyFromUniqueName

Name of the user from which we want to copy the group memberships for another user to use. (String, required)

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask duplicateMembershipOfUser {-copyToUniqueName uid=meyersd,cn=users,dc=yourco,dc=com -copyFromUniqueName uid=jhart,cn=users,dc=yourco,dc=com}

• Jython string:
  AdminTask.duplicateMembershipOfUser ('[-copyToUniqueName uid=meyersd,cn=users,dc=yourco,dc=com -copyFromUniqueName uid=jhart,cn=users,dc=yourco,dc=com]')

• Jython list:
  AdminTask.duplicateMembershipOfUser (['-copyToUniqueName', 'uid=meyersd,cn=users,dc=yourco,dc=com', '-copyFromUniqueName', 'uid=jhart,cn=users,dc=yourco,dc=com'])

Interactive mode example usage:

• Jacl:
  $AdminTask duplicateMembershipOfUser {-interactive}

• Jython string:
  AdminTask.duplicateMembershipOfUser ('[-interactive]')

• Jython list:
  AdminTask.duplicateMembershipOfUser (['-interactive'])

getGroup

Retrieve the common name and description of a group.

Parameters and return values

-uniqueName

Unique name value for the group to view. This parameter maps to the uniqueName property in virtual member manager. (String, required)

-clearCache

Specifies whether the repository adapter cache should be cleared before retrieving the specified group information. (String, optional)

Valid values are:

• clearEntity: Clears the cache for the specified group, if the group exists in the cache.
• clearAll: Clears cached information for all of the entities in the adapter of the repository where the specified group exists.

The values are not case-sensitive. There is no default value for this parameter. If we do not specify a value, or specify a value other than clearEntity or clearAll, an error message appears.

Frequent use of this parameter to clear the cache may result in performance degradation. When the cache is cleared, the subsequent operation has to get the details from the repository and update the cache with this newly retrieved data. The impact on performance is more pronounced if we use the clearAll mode, as this invalidates the entire cache, and the subsequent operation takes longer to complete.

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask getGroup {-uniqueName cn=operators,cn=groups,dc=yourco,dc=com}

• Jython string:
  AdminTask.getGroup ('[-uniqueName cn=operators,cn=groups,dc=yourco,dc=com]')

• Jython list:
  AdminTask.getGroup (['-uniqueName', 'cn=operators,cn=groups,dc=yourco,dc=com'])

Interactive mode example usage:

• Jacl:
  $AdminTask getGroup {-interactive}

• Jython string:
  AdminTask.getGroup ('[-interactive]')

• Jython list:
  AdminTask.getGroup (['-interactive'])

getIdMgrSupportedDataTypes

Return a list of all data types supported by a specified repository or all default data types supported by federated repositories. This command is available in both connected and local modes.

(ZOS) Note: If we run this command in local mode for a user registry that uses Resource Access Control Facility (RACF), nothing is returned.

Parameters and return values

-id

Specify the ID of the repository. If not specified, the default data types supported by federated repositories are returned. (String, optional)

Specify LA as the value of the -id parameter to retrieve the data types supported by property extension repository.

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

The getIdMgrSupportedDataTypes command returns a list with the names of supported data types:

String Int Boolean Long Double Base64binary AnySimpleType AnyURI Byte DateTime Date Short Token IdentifierType

Examples

Batch mode example usage:

• Jacl:
  $AdminTask getIdMgrSupportedDataTypes

• Jython string:
  AdminTask.getIdMgrSupportedDataTypes ()

• Jython list:
  AdminTask.getIdMgrSupportedDataTypes ()

Interactive mode example usage:

• Jacl:
  $AdminTask getIdMgrSupportedDataTypes {-interactive}

• Jython string:
  AdminTask.getIdMgrSupportedDataTypes ('[-interactive]')

• Jython list:
  AdminTask.getIdMgrSupportedDataTypes (['-interactive'])

getMembershipOfGroup

Retrieve the groups of which a group is a member.

Parameters and return values

-uniqueName

Unique name value for the group whose group memberships we want to view. This parameter maps to the uniqueName property in virtual member manager. (String, required)

-clearCache

Specifies whether the repository adapter cache should be cleared before retrieving the specified group information. (String, optional)

Valid values are:

• clearEntity: Clears the cache for the specified group, if the group exists in the cache.
• clearAll: Clears cached information for all of the entities in the adapter of the repository where the specified group exists.

The values are not case-sensitive. There is no default value for this parameter. If we do not specify a value, or specify a value other than clearEntity or clearAll, an error message appears.

Frequent use of this parameter to clear the cache may result in performance degradation. When the cache is cleared, the subsequent operation has to get the details from the repository and update the cache with this newly retrieved data. The impact on performance is more pronounced if we use the clearAll mode, as this invalidates the entire cache, and the subsequent operation takes longer to complete.

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask getMembershipOfGroup {-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com}

• Jython string:
  AdminTask.getMembershipOfGroup ('[-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com]')

• Jython list:
  AdminTask.getMembershipOfGroup (['-uniqueName', 'uid=dmeyers,cn=users,dc=yourco,dc=com'])

Interactive mode example usage:

• Jacl:
  $AdminTask getMembershipOfGroup {-interactive}

• Jython string:
  AdminTask.getMembershipOfGroup ('[-interactive]')

• Jython list:
  AdminTask.getMembershipOfGroup (['-interactive'])

getMembershipOfUser

Retrieve the groups of which a user is a member.

Parameters and return values

-uniqueName

Unique name value for the user whose group memberships we want to view. This parameter maps to the uniqueName property in virtual member manager. (String, required)

-clearCache

Specifies whether the repository adapter cache should be cleared before retrieving the specified user information. (String, optional)

Valid values are:

• clearEntity: Clears the cache for the specified user, if the user exists in the cache.
• clearAll: Clears cached information for all of the entities in the adapter of the repository where the specified user exists.

The values are not case-sensitive. There is no default value for this parameter. If we do not specify a value, or specify a value other than clearEntity or clearAll, an error message appears.

Frequent use of this parameter to clear the cache may result in performance degradation. When the cache is cleared, the subsequent operation has to get the details from the repository and update the cache with this newly retrieved data. The impact on performance is more pronounced if we use the clearAll mode, as this invalidates the entire cache, and the subsequent operation takes longer to complete.

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask getMembershipOfUser {-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com}

• Jython string:
  AdminTask.getMembershipOfUser ('[-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com]')

• Jython list:
  AdminTask.getMembershipOfUser (['-uniqueName', 'uid=dmeyers,cn=users,dc=yourco,dc=com'])

Interactive mode example usage:

• Jacl:
  $AdminTask getMembershipOfUser {-interactive}

• Jython string:
  AdminTask.getMembershipOfUser ('[-interactive]')

• Jython list:
  AdminTask.getMembershipOfUser (['-interactive'])

getMembersOfGroup

Retrieves the members of a group.

Parameters and return values

-uniqueName

Unique name value for the group whose members we want to view. This parameter maps to the uniqueName property in virtual member manager. (String, required)

-clearCache

Specifies whether the repository adapter cache should be cleared before retrieving the specified group information. (String, optional)

Valid values are:

• clearEntity: Clears the cache for the specified group, if the group exists in the cache.
• clearAll: Clears cached information for all of the entities in the adapter of the repository where the specified group exists.

The values are not case-sensitive. There is no default value for this parameter. If we do not specify a value, or specify a value other than clearEntity or clearAll, an error message appears.

Frequent use of this parameter to clear the cache may result in performance degradation. When the cache is cleared, the subsequent operation has to get the details from the repository and update the cache with this newly retrieved data. The impact on performance is more pronounced if we use the clearAll mode, as this invalidates the entire cache, and the subsequent operation takes longer to complete.

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask getMembersOfGroup {-uniqueName cn=operators,cn=groups,dc=yourco,dc=com}

• Jython string:
  AdminTask.getMembersOfGroup ('[-uniqueName cn=operators,cn=groups,dc=yourco,dc=com]')

• Jython list:
  AdminTask.getMembersOfGroup [('-uniqueName', 'cn=operators,cn=groups,dc=yourco,dc=com'])

Interactive mode example usage:

• Jacl:
  $AdminTask getMembersOfGroup {-interactive}

• Jython string:
  AdminTask.getMembersOfGroup ('[-interactive]')

• Jython list:
  AdminTask.getMembersOfGroup (['-interactive'])

getUser

Retrieve information about a user in the virtual member manager.

Parameters and return values

-uniqueName

Unique name value for the user to view. This parameter maps to the uniqueName property in the virtual member manager. (String, required)

-clearCache

Specifies whether the repository adapter cache should be cleared before retrieving the specified user information. (String, optional)

Valid values are:

• clearEntity: Clears the cache for the specified user, if the user exists in the cache.
• clearAll: Clears cached information for all of the entities in the adapter of the repository where the specified user exists.

The values are not case-sensitive. There is no default value for this parameter. If we do not specify a value, or specify a value other than clearEntity or clearAll, an error message appears.

Frequent use of this parameter to clear the cache may result in performance degradation. When the cache is cleared, the subsequent operation has to get the details from the repository and update the cache with this newly retrieved data. The impact on performance is more pronounced if we use the clearAll mode, as this invalidates the entire cache, and the subsequent operation takes longer to complete.

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask getUser {-userName uid=dmeyers,cn=users,dc=yourco,dc=com}

• Jython string:
  AdminTask.getUser ('[-userName uid=dmeyers,cn=users,dc=yourco,dc=com]')

• Jython list:
  AdminTask.getUser (['-userName', 'uid=dmeyers,cn=users,dc=yourco,dc=com'])

Interactive mode example usage:

• Jacl:
  $AdminTask getUser {-interactive}

• Jython string:
  AdminTask.getUser ('[-interactive]')

• Jython list:
  AdminTask.getUser (['-interactive'])

removeMemberFromGroup

Remove a user or a group from a group.

Parameters and return values

-memberUniqueName

Unique name value for the user or group to remove from the specified group. This parameter maps to the uniqueName property in virtual member manager. (String, required)

-groupUniqueName

Unique name value for the group from which we want to remove the user or group specified with the memberUniqueName paramter. This parameter maps to the uniqueName property in virtual member manager. (String, required)

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask removeMemberFromGroup {-memberUniqueName uid=meyersd,cn=users,dc=yourco,dc=com -groupUniqueName cn=admins,cn-groups,dc=yourco,dc=com}

• Jython string:
  AdminTask.removeMemberFromGroup ('[-memberUniqueName uid=meyersd,cn=users,dc=yourco,dc=com -groupUniqueName cn=admins,cn-groups,dc=yourco,dc=com]')

• Jython list:
  AdminTask.removeMemberFromGroup (['-memberUniqueName', 'uid=meyersd,cn=users,dc=yourco,dc=com', '-groupUniqueName', 'cn=admins,cn-groups,dc=yourco,dc=com'])

Interactive mode example usage:

• Jacl:
  $AdminTask removeMemberFromGroup {-interactive}

• Jython string:
  AdminTask.removeMemberFromGroup ('[-interactive]')

• Jython list:
  AdminTask.removeMemberFromGroup (['-interactive'])

searchGroups

Find groups in the virtual member manager that match criteria that we provide. For example, we can use the searchGroups command to find all of the groups with a common name that begins with IBM. We can search for any virtual member manager property because the command is generic.

Parameters and return values

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-cn

The first name or given name of the user. This parameter maps to the cn property in the virtual member manager. We must set this parameter or the description parameter, but not both. (String, optional)

-description

Specifies information about the group. This parameter maps to the description entity in a virtual member manager object. We must set this parameter or the cn parameter, but not both. (String, optional)

-timeLimit

Maximum amount of time in milliseconds that the search can run. The default is no time limit. (String, optional)

-countLimit

Maximum number of results that we want returned from the search. By default, all groups found in the search are returned. (String, optional)

-clearCache

Specifies whether the repository adapter cache should be cleared before performing the search operation for groups. (String, optional)

The valid value is clearAll, which clears all of the cached information in the repository adapter. The value is not case-sensitive. There is no default value for this parameter. If we do not specify a value, or specify a value other than clearAll, an error message appears.

Frequent use of this parameter to clear the cache may result in performance degradation. When the cache is cleared, the subsequent operation has to get the details from the repository and update the cache with this newly retrieved data; so the subsequent operation takes longer to complete.

Examples

Batch mode example usage:

• Jacl:
  $AdminTask searchGroups {cn *IBM*}

• Jython string:
  AdminTask.searchGroups('[-cn *IBM*]')

• Jython list:
  AdminTask.searchGroups(['-cn', '*IBM*'])

Interactive mode example usage:

• Jacl:
  $AdminTask searchGroups {-interactive}

• Jython string:
  AdminTask.searchGroups ('[-interactive]')

• Jython list:
  AdminTask.searchGroups (['-interactive'])

searchUsers

Find users in the virtual member manager that match criteria that we provide. For example, we can use the searchUsers command to find all of the telephone numbers that contain 919. We can search for any virtual member manager property because the command is generic.

Parameters and return values

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-principalName

Principal name oft he user used as the logon ID for the user in the system. This parameter maps to the principalName property in virtual member manager. Specify only one of the following parameters: principalName, uid, cn, sn, or ibm-primaryEmail. (String, optional)

-uid

Unique ID value for the user for whom we want to search. This parameter maps to the uid property in virtual member manage. Specify only one of the following parameters: principalName, uid, cn, sn, or ibm-primaryEmail. (String, optional)

-cn

First name or given name of the user. This parameter maps to the cn property in virtual member manager. Specify only one of the following parameters: principalName, uid, cn, sn, or ibm-primaryEmail. (String, optional)

-sn

Last name or family name of the user. This parameter maps to the sn property in virtual member manager. Specify only one of the following parameters: principalName, uid, cn, sn, or ibm-primaryEmail. (String, optional)

-ibm-primaryEmail

Email address of the user. This parameter maps to the ibm-PrimaryEmail property in the virtual member manager. Specify only one of the following parameters: principalName, uid, cn, sn, or ibm-primaryEmail. (String, optional)

-timeLimit

Maximum amount of time in milliseconds that the search can run. The default is not time limit. (String, optional)

-countLimit

Maximum number of results that we want returned from the search. By default, all users found int he search are returned. (String, optional)

-clearCache

Specifies whether the repository adapter cache should be cleared before performing the search operation for users. (String, optional)

The valid value is clearAll, which clears all of the cached information in the repository adapter. The value is not case-sensitive. There is no default value for this parameter. If we do not specify a value, or specify a value other than clearAll, an error message appears.

Frequent use of this parameter to clear the cache may result in performance degradation. When the cache is cleared, the subsequent operation has to get the details from the repository and update the cache with this newly retrieved data; so the subsequent operation takes longer to complete.

Examples

Batch mode example usage:

• Jacl:
  $AdminTask searchUsers {-principalName */IBM/US*}

• Jython string:
  AdminTask.searchUsers ('[-principalName */IBM/US*]')

• Jython list:
  AdminTask.searchUsers (['-principalName', '*/IBM/US*'])

Interactive mode example usage:

• Jacl:
  $AdminTask searchUsers {-interactive}

• Jython string:
  AdminTask.searchUsers ('[-interactive]')

• Jython list:
  AdminTask.searchUsers (['-interactive'])

updateGroup

Update the common name or the description of a group.

Parameters and return values

-uniqueName

Unique name value for the group for which we want to modify the properties. This parameter maps to the uniqueName property in virtual member manager. (String, required)

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-cn

New common name used for the group. This parameter maps to the cn property in virtual member manager. (String, optional)

-description

New information about the group. This parameter maps to the description entity in a virtual member manager object. (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask updateGroup {-uniqueName cn=operators,cn=groups,dc=yourco,dc=com -cn groupA}

• Jython string:
  AdminTask.updateGroup ('[-uniqueName cn=operators,cn=groups,dc=yourco,dc=com -cn groupA]')

• Jython list:
  AdminTask.updateGroup (['-uniqueName', 'cn=operators,cn=groups,dc=yourco,dc=com', '-cn', 'groupA'])

Interactive mode example usage:

• Jacl:
  $AdminTask updateGroup {-interactive}

• Jython string:
  AdminTask.updateGroup ('[-interactive]')

• Jython list:
  AdminTask.updateGroup (['-interactive'])

updateUser

Update the following properties: uniqueName, uid, password, cn, sn, or ibm-primaryEmail.

Parameters and return values

-uniqueName

Unique name value for the user for which we want to modify the properties. This parameter maps to the uniqueName property in virtual member manager. (String, required)

-securityDomainName

Name that uniquely identifies the security domain. If not specified, the command uses the global federated repository. (String, optional)

-uid

New unique ID value for the user. This parameter maps to the uid property in virtual member manager. (String, optional)

-password

New password for the user. This parameter maps to the password property in virtual member manager. (String, optional)

-confirmPassword

Password again to validate how it was entered on the password parameter. This parameter maps to the password property in virtual member manager. (String, optional)

-cn

New first name or given name of the user. This parameter maps to the cn property in virtual member manager. (String, optional)

-surname

New last name or family name of the user. This parameter maps to the sn property in virtual member manager. (String, optional)

-ibm-primaryEmail

New email address of the user. This parameter maps to the mail property in virtual member manager.  (String, optional)

Examples

Batch mode example usage:

• Jacl:
  $AdminTask updateUser {-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com -uid 123}

• Jython string:
  AdminTask.updateUser ('[-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com -uid 123]')

• Jython list:
  AdminTask.updateUser (['-uniqueName', 'uid=dmeyers,cn=users,dc=yourco,dc=com', '-uid', '123'])

Interactive mode example usage:

• Jacl:
  $AdminTask updateUser {-interactive}

• Jython string:
  AdminTask.updateUser ('[-interactive]')

• Jython list:
  AdminTask.updateUser (['-interactive'])

wsadmin AdminTask

Commands for the AdminTask object

Authentication cache settings