domain create
Creates a domain, including an administrator ID and password to log in to the specified domain. We must log in to the management domain as an administrator to perform this command.
Requires authentication (administrator ID and password) to use.
This command applies to LDAP registries only.
domain create domain domain_admin_id domain_admin_password [-desc description]
An initial domain is created when the policy server is configured. This domain, called the management domain, is the default domain in which ISAM enforces security policies for authentication, authorization, and access control. We must log in to the management domain to create more policy domains. When we create a domain, specify an administrative ID and password for the domain. The administrator of the management domain later assigns the new ID and password. The new credentials are assigned to the administrator responsible for handling policy management tasks for the specific domain. The administrator of the domain is responsible for updating the security policy for that particular domain if:
- Users change.
- Groups change.
- Resources change.
This domain administrator can also delegate administration tasks to others within that specific domain. For information about managing domains, see the Administering topics in the IBM Knowledge Center.
Options
- -desc description
- Specifies an optional description for the domain. A valid description is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. If the description contains a space, enclose the description in double quotation marks. We can specify an empty string ("") to clear an existing description. Examples of description: "accounting area". (Optional)
- domain
- Name of the domain to be created. Characteristics of the name are:
- Limited to 64 characters in length.
- Case sensitive.
- Can contain a-z, A-Z, 0-9, hyphen (-), underscore (_), period (.), at sign (@), or ampersand(&).
- Can contain any character from a double-byte character set.
The underlying user registry might also restrict certain characters. Some registries are not case-sensitive.
- domain_admin_id
- Specifies an administrator ID, created in the specified domain.
- domain_admin_password
- Password for the domain_admin_id user.
Return codes
- 0
- The command completed successfully.
- 1
- The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the ISAM error messages by decimal or hexadecimal codes.
Examples
- Create a domain named Marketing, a domain administrator ID Admin1, and an initial password to log in to the domain:
pdadmin sec_master> domain create Marketing Admin1 password
Create a domain named Finance, a domain administrator ID Admin2, a password, and a domain description: pdadmin sec_master> domain create Finance Admin2 password -desc "accounting area"
See also
domain delete
domain list
domain modify
domain showParent topic: pdadmin commands