user create
This pdadmin creates an ISAM user. A user is a registered participant of the secure domain. This command requires authentication (administrator ID and password) to use.
user create [-gsouser] [-no-password-policy] user_name dn cn sn password [groups]
A GSO user is an ISAM user that additionally has the authority to use single sign-on to work with web resources. The -gsouser option enables global sign-on capabilities. Users that are created in an Active Directory are automatically given the capability to own single sign-on credentials. This capability cannot be removed. We must create such users in the same AD LDS partition where the ISAM Management Domain information is stored.
When we use an LDAP user registry, this capability must be explicitly granted. After this capability is granted, it can be removed.
The -no-password-policy option allows the administrator to create the user with an initial password that is not checked by the existing global password policies. If this option is not present in the command, the password provided is checked against the global password policies. In this case, the user create command fails if the password is invalid, and the error message includes information about what conditions were not met. However, if the administrator applies the password option on the user modify command, the -no-password-policy option is not available. Therefore, the modified password is always checked against the global password policy settings.
Options
-gsouser Enables the global sign-on (GSO) capabilities for the user. Applies only to users created in an LDAP user registry. -no-password-policy Password policy is not enforced during the creation of the user account. The non-enforcement does not affect password policy enforcement after user creation. (Optional) cn Common name assigned to the user being created. For example: "Mary" dn Registry identifier assigned to the user being created. The registry identifier must be known before a new user account can be created. The registry identifier must be unique within the user registry. For an AD registry, certain characters are not allowed. The format for a distinguished name: "cn=Mary Jones,ou=Austin,o=Tivoli,c=us" groups List of groups to which the new user is assigned. The format of the group list is a parenthesized list of group names, which are separated by spaces. The groups must exist, or an error is displayed. Examples of groups: deptD4D and printerusers. (Optional) password Password set for the new user. Passwords must adhere to the password policies set by the administrator. sn Short name of the user being created. For example: "Jones" user_name Name for the user to create. This name must be unique. A valid user name is an alphanumeric string that is not case-sensitive. For an AD registry, certain characters are not allowed. For a GSO user, certain characters are not allowed. Consider that you did not change the 7 - bit checking default value during configuration of the Sun web server. In this case, turn off checking so that non-ASCII characters can be stored in attributes. Examples of user names are dlucas, sec_master, "Mary Jones".
Return codes
0 The command completed successfully. 1 The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the ISAM error messages by decimal or hexadecimal codes.
Examples
- The following example creates user dlucas:
pdadmin sec_master> user create -gsouser dlucas "cn=Diana Lucas,ou=Austin,o=Tivoli,c=US" "Diana Lucas" Lucas lucaspwd
- The following example creates user maryj:
pdadmin sec_master> user create -gsouser maryj "cn=Mary Jones,o=tivoli,c=us" Mary Jones maryjpwd
To make the user accounts valid, use the user modify command to set the account-valid option to yes.
See also
user delete
user import
user modifyParent topic: pdadmin commands