WizardCommands command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the WizardCommands group can be used to configure security using similar actions to the security wizard panels in the administrative console.
addToAdminAuthz
The addToAdminAuthz command adds a new administrative user to your configuration.
Required parameters
- adminUser
- Specifies the name of the administrative user that you want to add to your configuration.
Examples
Batch mode example usage:
-
Using Jacl:
$AdminTask addToAdminAuthz {-adminUser user_name}
-
Using Jython string:
AdminTask.addToAdminAuthz ('[-adminUser user_name]')
-
Using Jython list:
AdminTask.addToAdminAuthz (['-adminUser', 'user_name'])
Interactive mode example usage:
-
Using Jacl:
$AdminTask addToAdminAuthz {-interactive}
-
Using Jython string:
AdminTask.addToAdminAuthz ('[-interactive]')
-
Using Jython list:
AdminTask.addToAdminAuthz (['-interactive'])
applyWizardSettings
The applyWizardSettings command applies the current security wizard settings from the workspace.
Required parameters
- adminName
- Specifies the name of the user with administrative privileges that is defined in the registry.
- secureApps
- Specifies whether to set application-level security. This type of security provides application
isolation and requirements for authenticating application users.
You can specify a true or false value.
Avoid trouble: The value that you set for this parameter might be overridden by a value at the server level. - secureLocalResources
- Specifies whether to set Java™ 2 security. If you enable
Java 2 security and an application requires more Java 2 security permissions than are granted in the default
policy, then the application might fail to run properly. By default, access to local resources is
not restricted. You can choose to disable Java 2 security,
even when application security is enabled.
You can specify a true or false value.
- userRegistryType
- Specifies a valid user registry type. The following type values are valid:
- LDAPUserRegistry
This registry type uses the Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups exist in an external LDAP directory.
- CustomUserRegistry
This type specifies a custom registry that implements the UserRegistry interface in the com.ibm.websphere.security package. If you specify this user registry type, use the customRegistryClass parameter to specify the class name for the user registry.
- WIMUserRegistry
This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the administrative console. A registry type manages identities in a single, virtual realm that is stored in multiple repositories.
- LocalOSUserRegistry
This value specifies the registry for the local operating system of the application server.
- LDAPUserRegistry
Optional parameters
- adminPassword
- Specifies a password for the user with administrative privileges that is defined in the
registry.Note: adminPassword is supported only when WIMUserRegistry is selected and adminUser belongs to default FileRegistry of Federated Repository.
- customProps
- Specifies a custom property.
- customRegistryClass
- Specifies a dot-separated class name that implements the UserRegistry interface in the com.ibm.websphere.security package. Include this parameter if you specify CustomUserRegistry for the userRegistryType parameter.
- ignoreCase
- Indicates that when an authorization check is performed, the check is not case-sensitive.
You can specify a true or false value.
- ldapServerType
- Specifies a valid Lightweight Directory Access Protocol (LDAP) server type. The following type
values are valid:
- IBM_DIRECTORY_SERVER
This value refers to a supported IBM® Tivoli® Directory Server version.
- IPLANET
This value refers to a supported Sun Java System Directory Server version.
- NDS
This value refers to a supported Novell eDirectory version.
- DOMINO502
This value refers to a supported IBM Lotus® Domino® server version.
- SECUREWAY
This value refers to an IBM SecureWay Directory Server version.
- ACTIVE_DIRECTORY
This value refers to a supported Microsoft Active Directory version.
- CUSTOM
This value refers to a custom registry implementation.
For more information about the supported LDAP server versions, see the WebSphere® Application Server detailed system requirements documentation.
- IBM_DIRECTORY_SERVER
- ldapBaseDN
- Specifies the base distinguished name of the directory service, which indicates the starting point for Lightweight Directory Access Protocol (LDAP) searches in the directory service. For example, ou=Rochester, o=IBM, c=us.
- ldapBindDN
- Specifies the distinguished name for the application server, which is used to bind to the directory service.
- ldapBindPassword
- Specifies the password for the application server, which is used to bind to the directory service.
- ldapHostName
- Specifies the (LDAP server host name. This host name is either an IP address or a domain name service (DNS) name.
- ldapPort
- Specifies a valid LDAP server port number.
Examples
Batch mode example usage:
-
Using Jacl:
$AdminTask applyWizardSettings {-secureLocalResources true_or_false -secureApps true_or_false -ignoreCase true_or_false -ldapServerType server_type -ldapBaseDN base_DN_value -ldapBindDN bind_DN_value -ldapBindPassword bind_DN_password -ldapHostName host_name -ldapPort port_number -userRegistryType user_registry_type -adminName administrator_user_name -adminPassword administrator_password}
-
Using Jython string:
AdminTask.applyWizardSettings ('[-secureLocalResources true_or_false -secureApps true_or_false -ignoreCase true_or_false -ldapServerType server_type -ldapBaseDN base_DN_value -ldapBindDN bind_DN_value -ldapBindPassword bind_DN_password -ldapHostName host_name -ldapPort port_number -userRegistryType user_registry_type -adminName administrator_user_name -adminPassword administrator_password]')
-
Using Jython list:
AdminTask.applyWizardSettings (['-secureLocalResources', 'true_or_false', '-secureApps', 'true_or_false', '-ignoreCase', 'true_or_false', '-ldapServerType', 'server_type', '-ldapBaseDN', 'base_DN_value', '-ldapBindDN', 'bind_DN_value', '-ldapBindPassword', 'bind_DN_password', '-ldapHostName', 'host_name', '-ldapPort', 'port_number', '-userRegistryType', 'user_registry_type', '-adminName', 'administrator_user_name', '-adminPassword', 'administrator_password'])
Interactive mode example usage:
-
Using Jacl:
$AdminTask applyWizardSettings {-interactive}
-
Using Jython string:
AdminTask.applyWizardSettings ('[-interactive]')
-
Using Jython list:
AdminTask.applyWizardSettings (['-interactive'])
getCurrentWizardSettings
The getCurrentWizardSettings command retrieves the current security wizard settings from the workspace.
Parameters
None
Examples
Batch mode example usage:
-
Using Jacl:
$AdminTask getCurrentWizardSettings
-
Using Jython string:
AdminTask.getCurrentWizardSettings
Interactive mode example usage:
-
Using Jacl:
$AdminTask getCurrentWizardSettings {-interactive}
-
Using Jython string:
AdminTask.getCurrentWizardSettings ('[-interactive]')
isAdminLockedOut
The isAdminLockedOut command verifies that at least one administrative user exists in the input user registry.
Required parameters
- registryType
- Specifies a valid user registry type. The following type values are valid:
- LDAPUserRegistry
This registry type uses the Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups exist in an external LDAP directory.
- CustomUserRegistry
This type specifies a custom registry.
- WIMUserRegistry
This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the administrative console. This registry type manages identities in a single, virtual realm that is stored in multiple repositories.
- LocalOSUserRegistry
This value specifies the registry for the local operating system of the application server.
- LDAPUserRegistry
Examples
Batch mode example usage:
-
Using Jacl:
$AdminTask isAdminLockedOut {-registryType user_registry_type}
-
Using Jython string:
AdminTask.isAdminLockedOut ('[-registryType user_registry_type]')
-
Using Jython list:
AdminTask.isAdminLockedOut (['-registryType', 'user_registry_type'])
Interactive mode example usage:
-
Using Jacl:
$AdminTask isAdminLockedOut {-interactive}
-
Using Jython string:
AdminTask.isAdminLockedOut ('[-interactive]')
-
Using Jython list:
AdminTask.isAdminLockedOut (['-interactive']
isAppSecurityEnabled
The isAppSecurityEnabled command returns a true or false value that indicates whether application security is enabled.
Parameters
None
Examples
Batch mode example usage:
-
Using Jacl:
$AdminTask isAppSecurityEnabled
-
Using Jython string:
AdminTask.isAppSecurityEnabled
Interactive mode example usage:
-
Using Jacl:
$AdminTask isAppSecurityEnabled {-interactive}
-
Using Jython string:
AdminTask.isAppSecurityEnabled ('[-interactive]')
isGlobalSecurityEnabled
The isGlobalSecurityEnabled command returns a true or false value that indicates whether administrative security is enabled.
Parameters
None
Examples
Batch mode example usage:
-
Using Jacl:
$AdminTask isGlobalSecurityEnabled
-
Using Jython string:
AdminTask.isGlobalSecurityEnabled
Interactive mode example usage:
-
Using Jacl:
$AdminTask isGlobalSecurityEnabled {-interactive}
-
Using Jython string:
AdminTask.isGlobalSecurityEnabled ('[-interactive]')
setGlobalSecurity
The setGlobalSecurity command changes whether administrative security is enabled.
Required parameters
- enabled
- Specifies whether to enable administrative security. This enabled parameter
is equivalent to the Enable application security option on the administrative
console.
You must specify either a true or false value.
Examples
Batch mode example usage:
-
Using Jacl:
$AdminTask setGlobalSecurity {-enabled true_or_false}
-
Using Jython string:
AdminTask.setGlobalSecurity ('[-enabled true_or_false]')
-
Using Jython list:
AdminTask.setGlobalSecurity (['-enabled', 'true_or_false'])
Interactive mode example usage:
-
Using Jacl:
$AdminTask setGlobalSecurity {-interactive}
-
Using Jython string:
AdminTask.setGlobalSecurity ('[-interactive]')
-
Using Jython list:
AdminTask.setGlobalSecurity (['-interactive'])
setUseRegistryServerId
The setUseRegistryServerId command updates the useRegistryServerId field in the user registry object within the security.xml file with a true or flase value. If you set the field value to true, the application server uses a user-specified server ID for interprocess communications.
Required parameters
- useRegistryServerId
- Specifies a true or false value for the useRegistryServerId setting.
- useRegistryType
- Specifies a valid user registry type. The following type values are valid:
- LDAPUserRegistry
This registry type uses the Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups exist in an external LDAP directory.
- CustomUserRegistry
This type specifies a custom registry.
- WIMUserRegistry
This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the administrative console. A registry type manages identities in a single, virtual realm that is stored in multiple repositories.
- LocalOSUserRegistry
This value specifies the registry for the local operating system of the application server.
- LDAPUserRegistry
Examples
Batch mode example usage:
-
Using Jacl:
$AdminTask setUseRegistryServerId {-userRegistryType user_registry_type -useRegistryServerId true_or_false}
-
Using Jython string:
AdminTask.setUseRegistryServerId ('[-userRegistryType user_registry_type -useRegistryServerId true_or_false]')
-
Using Jython list:
AdminTask.setUseRegistryServerId (['-userRegistryType', 'user_registry_type', '-useRegistryServerId', 'true_or_false'])
Interactive mode example usage:
-
Using Jacl:
$AdminTask setUseRegistryServerId {-interactive}
-
Using Jython string:
AdminTask.setUseRegistryServerId ('[-interactive]')
-
Using Jython list:
AdminTask.setUseRegistryServerId (['-interactive'])
validateAdminName
The validateAdminName command verifies whether an administrator name exists in the input user registry.
Required parameters
- adminUser
- Specifies an administrative user name.
- registryType
- Specifies a valid user registry type. The following type values are valid:
- LDAPUserRegistry
This registry type uses the Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups exist in an external LDAP directory.
- CustomUserRegistry
This type specifies a custom registry.
- WIMUserRegistry
This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the administrative console. A registry type manages identities in a single, virtual realm that is stored in multiple repositories.
- LocalOSUserRegistry
This value specifies the registry for the local operating system of the application server.
- LDAPUserRegistry
Optional parameters
- ldapServerType
- Specifies a valid LDAP server type. The following type values are valid:
- IBM_DIRECTORY_SERVER
This value refers to a supported IBM Tivoli Directory Server version.
- IPLANET
This value refers to a supported Sun Java System Directory Server version.
- NDS
This value refers to a supported Novell eDirectory version.
- DOMINO502
This value refers to a supported IBM Lotus Domino server version.
- SECUREWAY
This value refers to an IBM SecureWay Directory Server version.
- ACTIVE_DIRECTORY
This value refers to a supported Microsoft Active Directory version.
- CUSTOM
This value refers to a custom registry implementation.
For more information about the supported LDAP server versions, see the WebSphere Application Server detailed system requirements documentation.
- IBM_DIRECTORY_SERVER
Examples
Batch mode example usage:
-
Using Jacl:
$AdminTask validateAdminName {-ldapServerType server_type -registryType user_registry_type -adminUser administrator}
-
Using Jython string:
AdminTask.validateAdminName ('[-ldapServerType server_type -registryType user_registry_type -adminUser administrator]')
-
Using Jython list:
AdminTask.validateAdminName (['-ldapServerType', 'server_type', '-registryType', 'user_registry_type', '-adminUser', 'administrator'])
Interactive mode example usage:
-
Using Jacl:
$AdminTask validateAdminName {-interactive}
-
Using Jython string:
AdminTask.validateAdminName ('[-interactive]')
-
Using Jython list:
AdminTask.validateAdminName (['-interactive'])
validateLDAPConnection
The validateLDAPConnection command validates the connection to a specified LDAP server.
Required parameters
- hostname
- Specifies the LDAP server host name. This host name is either an IP address or a domain name service (DNS) name.
- sslEnabled
- Specifies whether secure socket communications is enabled with the Lightweight Directory Access Protocol (LDAP) server. When this option is selected, LDAP Secure Sockets Layer (SSL) settings are used, if specified.
- type
- Specifies a valid LDAP registry type. The following type values are valid:
- IBM_DIRECTORY_SERVER
This value refers to a supported IBM Tivoli Directory Server version.
- IPLANET
This value refers to a supported Sun Java System Directory Server version.
- NDS
This value refers to a supported Novell eDirectory version.
- DOMINO502
This value refers to a supported IBM Lotus Domino server version.
- SECUREWAY
This value refers to an IBM SecureWay Directory Server version.
- ACTIVE_DIRECTORY
This value refers to a supported Microsoft Active Directory version.
- CUSTOM
This value refers to a custom registry implementation.
For more information about the supported LDAP server versions, see the WebSphere Application Server detailed system requirements documentation.
- IBM_DIRECTORY_SERVER
Optional parameters
- baseDN
- Specifies the base distinguished name of the directory service, which indicates the starting point for LDAP searches in the directory service. For example, ou=Rochester, o=IBM, c=us
- bindDN
- Specifies the distinguished name for the application server, which is used to bind to the directory service.
- bindPassword
- Specifies the password for the application server, which is used to bind to the directory service.
- port
- Specifies the LDAP server port number.
- securityDomainName
- Specifies the name that is used to uniquely identify the security domain.
- sslAlias
- Specifies which SSL configuration to use for LDAP.
Examples
Batch mode example usage:
-
Using Jacl:
$AdminTask validateLDAPConnection {-baseDN base_ND_value -bindDN bind_DN_value -bindPassword bind_password -hostname host_name -securityDomainName security_domain_name -port port_number -sslAlias alias -sslEnabled true_or_false -type LDAP_registry_type}
-
Using Jython string:
AdminTask.validateLDAPConnection ('[-baseDN base_ND_value -bindDN bind_DN_value -bindPassword bind_password -hostname host_name -securityDomainName security_domain_name -port port_number -sslAlias alias -sslEnabled true_or_false -type LDAP_registry_type]')
-
Using Jython list:
AdminTask.validateLDAPConnection (['-baseDN', 'base_ND_value', '-bindDN', 'bind_DN_value', '-bindPassword', 'bind_password', '-hostname', 'host_name', '-securityDomainName', 'security_domain_name', '-port', 'port_number', '-sslAlias', 'alias', '-sslEnabled', 'true_or_false', '-type', 'LDAP_registry_type'])
Interactive mode example usage:
-
Using Jacl:
$AdminTask validateLDAPConnection {-interactive}
-
Using Jython string:
AdminTask.validateLDAPConnection ('[-interactive]')
-
Using Jython list:
AdminTask.validateLDAPConnection (['-interactive'])
WIMCheckPassword
The WIMCheckPassword command validates the user name and password in the federated repository.
Required parameters
- username
- Specifies the name of the user.
- password
- Specifies the password for the user.
Examples
Batch mode example usage:
-
Using Jacl:
$AdminTask.WIMCheckPassword {-username user_name -password password}
-
Using Jython string:
AdminTask.WIMCheckPassword ('[-username user_name -password password]')
-
Using Jython list:
AdminTask.WIMCheckPassword (['-username', 'user_name', '-password', 'password'])
Interactive mode example usage:
-
Using Jacl:
$AdminTask WIMCheckPassword {-interactive}
-
Using Jython string:
AdminTask.WIMCheckPassword ('[-interactive]')
-
Using Jython list:
AdminTask.WIMCheckPassword (['-interactive'])