WIMManagementCommands command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the WIMManagementCommands group can be used to create and manage groups, members, and users in the virtual member manager.
- addMemberToGroup
- changeMyPassword
- clearIdMgrRepositoryCache
- clearIdMgrUserFromCache
- createGroup
- createUser
- deleteGroup
- deleteUser
- duplicateMembershipOfGroup
- duplicateMembershipOfUser
- getGroup
- getIdMgrSupportedDataTypes
- getMembershipOfGroup
- getMembershipOfUser
- getMembersOfGroup
- getUser
- removeMemberFromGroup
- searchGroups
- searchUsers
- updateGroup
- updateUser
addMemberToGroup
The addMemberToGroup command adds a member to a group in the virtual member manager. If successful, the addMemberToGroup command returns the unique name of the added member.
Parameters and return values
- -memberUniqueName
- Specifies the unique name value for the user or group that you want to add to the specified group. This parameter maps to the uniqueName property in virtual member manager.
- -groupUniqueName
- Specifies the unique name value for the group to which you want to add the user or group that you specified in the memberUniqueName parameter. This parameter maps to the uniqueName property in virtual member manager.
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask addMemberToGroup {-memberUniqueName uid=meyersd,cn=users,dc=yourco,dc=com -groupUniqueName cn=admins,cn=groups,dc=yourco,dc=com}
- Using Jython string:
AdminTask.addMemberToGroup ('[-memberUniqueName uid=meyersd,cn=users,dc=yourco,dc=com -groupUniqueName cn=admins,cn=groups,dc=yourco,dc=com]')
- Using Jython list:
AdminTask.addMemberToGroup (['-memberUniqueName', 'uid=meyersd', 'cn=users', 'dc=yourco', 'dc=yourco', 'groupUniqueName', 'cn=admins', 'cn=groups', 'dc=yourco', 'dc=com'])
Interactive mode example usage:
- Using Jacl:
$AdminTask addMemberToGroup {-interactive}
- Using Jython string:
AdminTask.addMemberToGroup ('[-interactive]')
- Using Jython list:
AdminTask.addMemberToGroup (['-interactive'])
changeMyPassword
The changeMyPassword command allows you to change your password when you are logged into WebSphere® Application Server. It requires you to specify your old password and the new password, and then confirm your new password. If your old password is validated successfully, and the new password that you specify exactly matches your confirmation of the new password, then the password is changed.
Parameters and return values
- -oldPassword
- The old password of the user. The value of the oldPassword parameter is validated against the password of the user in the repository. (String, required)
- -newPassword
- The new password that must be set for the user. (String, required)
- -confirmNewPassword
- The new password that must be set for the user. The value of the
newPassword and confirmNewPassword parameters must match. (String,
required)Note: After you change your password, your old password might continue to remain in effect, allowing you to login using your old password. This happens if both the authentication cache and basic authentication cache keys are enabled, causing the old password to remain valid according to the value specified for cache timeout or cache size.
You can clear the WebSphere Application Server security cache so that you do not have to wait for the cacheTimeout to expire. To clean entries from the AuthCache, you must use the SecurityAdmin MBeanclearAuthCache methods, clearAuthCache or purgeUserFromCache.
Call one of the following MBean methods on each WebSphere Application Server process that requires the subject of the user to be cleared from the cache. The AuthCache is a cache for each process, so every process (not just the dmgr) that has the user authenticated must have this method called:/** * clearAuthCache */ public void clearAuthCache()
/** * purgeUserFromCache */ public void purgeUserFromAuthCache(String realm, String userid)
The following example shows how you can use wsadmin to call the clearAuthCache method on the dmgr process:set sa [$AdminControl queryNames type=SecurityAdmin,process=dmgr,*] $AdminControl invoke $sa clearAuthCache
For more information, read Authentication cache settings.
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask changeMyPassword {-oldPassword pwd1 -newPassword pwd2 -confirmNewPassword pwd2}
- Using Jython string:
AdminTask.changeMyPassword ('[oldPassword pwd1 -newPassword pwd2 -confirmNewPassword pwd2]')
- Using Jython list:
AdminTask.changeMyPassword (['oldPassword', 'pwd1', '-newPassword', 'pwd2', '-confirmNewPassword', 'pwd2'])
Interactive mode example usage:
- Using Jacl:
$AdminTask changeMyPassword {-interactive}
- Using Jython string:
AdminTask.changeMyPassword ('[-interactive]'
- Using Jython list:
AdminTask.changeMyPassword (['-interactive']))
clearIdMgrRepositoryCache
Use the clearIdMgrRepositoryCache command to clear all the entities from all of the caches of a specified repository adapter or all repository adapters.
Parameters and return values
- -id
- Use this parameter to specify the repository ID of the repository adapter whose cache must be cleared. If you do not specify this parameter all the caches of all of the repository adapters are cleared. (String, optional)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask clearIdMgrRepositoryCache {-id repository_ID}
- Using Jython string:
AdminTask.clearIdMgrRepositoryCache ('[-id repository_ID]')
- Using Jython list:
AdminTask.clearIdMgrRepositoryCache (['-id', 'repository_ID'])
Interactive mode example usage:
- Using Jacl:
$AdminTask clearIdMgrRepositoryCache {-interactive}
- Using Jython string:
AdminTask.clearIdMgrRepositoryCache ('[-interactive]')
- Using Jython list:
AdminTask.clearIdMgrRepositoryCache (['-interactive'])
clearIdMgrUserFromCache
Use the clearIdMgrUserFromCache command to clear the specified user from the cache of the repository adapter, if the user exists in the cache.
Parameters and return values
- -principalName
- Use this parameter to specify the login ID of the user to be cleared from the cache. If the user is in an LDAP repository, then the principalName must be the distinguished name (DN) of the entry. The user is removed from the cache of the adapter of the repository where the user exists. If more than one user is found for the same principal name, then all of them are cleared from the cache. If the user is not found in the cache, then cache is not cleared and no error message appears. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask clearIdMgrUserFromCache {-principalName login_ID}
- Using Jython string:
AdminTask.clearIdMgrUserFromCache ('[-principalName login_ID]')
- Using Jython list:
AdminTask.clearIdMgrUserFromCache (['-principalName', 'login_ID'])
Interactive mode example usage:
- Using Jacl:
$AdminTask clearIdMgrUserFromCache {-interactive}
- Using Jython string:
AdminTask.clearIdMgrUserFromCache ('[-interactive]')
- Using Jython list:
AdminTask.clearIdMgrUserFromCache (['-interactive'])
createGroup
The createGroup command creates a new group in the virtual member manager. After the command completes, the new group will appear in the repository. For LDAP, a group must contain a member. The memberUniqueName parameter is optional in this case. If you set the memberUniqueName parameter to the unique name of a group or a user, the group or user will be added as a member of the group.
Parameters and return values
- -cn
- Specifies the common name for the group that you want to create. This parameter maps to the cn property in virtual member manager. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
- -description
- Specifies additional information about the group that you want to create. This parameter maps to the description property in a virtual member manager object. (String, optional)
- -parent
- Specifies the repository in which you want to create the group. This parameter maps to the parent property in the virtual member manager. (String, optional)
- -memberUniqueName
- Specifies the unique name value for the user or group that you want to add to the new group. This parameter maps to the uniqueName property in the virtual member manager. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask createGroup {-cn groupA -description a group of admins}
- Using Jython string:
AdminTask.createGroup ('[-cn groupA -description a group of admins]')
- Using Jython list:
AdminTask.createGroup (['-cn', 'groupA', '-description', 'a group of admins'])
Interactive mode example usage:
- Using Jacl:
$AdminTask createGroup {-interactive}
- Using Jython string:
AdminTask.createGroup ('[-interactive]')
- Using Jython list:
AdminTask.createGroup (['-interactive'])
createUser
The createUser command creates a new user in the default repository or a repository that the parent command parameter specifies. This command creates a person entity and a login account entity in the virtual member manager.
Parameters and return values
- -uid
- Specifies the unique ID for the user that you want to create. Virtual member manager then creates a uniqueId value and a uniqueName value for the user. This parameter maps to the uid property in the virutal member manager. (String, required)
- -password
- Specifies the password for the user. This parameter maps to the password property in the virtual member manager. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
- -confirmPassword
- Specifies the password again to validate how it was entered for the password parameter. This parameter maps to the password property in virtual member manager. (String, optional)
- -cn
- Specifes the first name or given name of the user. This parameter maps to the cn property in virutal member manager. (String, required)
- -sn
- Specifies the last name or family name of the user. This parameter maps to the sn property in virtual member manager. (String, required)
- Specifies the email address of the user. This parameter maps to the ibm-PrimaryEmail property in the virtual member manager. (String, optional)
- -parent
- Specifies the repository in which you want to create the user. This parameter maps to the parent property in the virtual member manager. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask createUser {-uid 123 -password tempPass -confirmPassword tempPass -cn Jane -sn Doe -mail janedoe@acme.com}
- Using Jython string:
AdminTask.createUser ('[-uid 123 -password tempPass -confirmPassword tempPass -cn Jane -sn Doe -mail janedoe@acme.com]')
- Using Jython list:
AdminTask.createUser (['-uid', '123', '-password', 'tempPass', '-confirmPassword', 'tempPass', '-cn', 'Jane', '-sn', 'Doe', '-mail', 'janedoe@acme.com'])
Interactive mode example usage:
- Using Jacl:
$AdminTask createUser {-interactive}
- Using Jython string:
AdminTask.createUser ('[-interactive]')
- Using Jython list:
AdminTask.createUser (['-interactive'])
deleteGroup
The deleteGroup command deletes a group in the virtual member manager. You cannot use this command to delete descendants. When this command completes, the group will be deleted from the repository.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the group that you want to delete. This parameter maps to the uniqueName property in virtual member manager. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask deleteGroup {-uniqueName cn=operators,cn=users,dc=yourco,dc=com}
- Using Jython string:
AdminTask.deleteGroup ('[-uniqueName cn=operators,cn=users,dc=yourco,dc=com]')
- Using Jython list:
AdminTask.deleteGroup (['-uniqueName', 'cn=operators,cn=users,dc=yourco,dc=com'])
Interactive mode example usage:
- Using Jacl:
$AdminTask deleteGroup {-interactive}
- Using Jython string:
AdminTask.deleteGroup ('[-interactive]')
- Using Jython list:
AdminTask.deleteGroup (['-interactive'])
deleteUser
The deleteUser command deletes a user from the virtual member manager. This includes a person object and an account object in the non-merged repositories.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the user that you want to delete. This parameter maps to the uniqueName property in virtual member manager. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask deleteUser {-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com}
- Using Jython string:
AdminTask.deleteUser ('[-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com]')
- Using Jython list:
AdminTask.deleteUser (['-uniqueName', 'uid=dmeyers,cn=users,dc=yourco,dc=com'])
Interactive mode example usage:
- Using Jacl:
$AdminTask deleteUser {-interactive}
- Using Jython string:
AdminTask.deleteUser ('[-interactive]')
- Using Jython list:
AdminTask.deleteUser (['-interactive'])
duplicateMembershipOfGroup
Use the duplicateMembershipOfGroup command to make a one group a member of all of the same groups as another group. For example, group A is in group B and group C. To add group D to the same groups as group A, use the duplicateMembershipOfGroup command.
Parameters and return values
- -copyToUniqueName
- Specifies the name of the group to which you want to add the memberships of the group specified in the copyFromUniqueName parameter. (String, required)
- -copyFromUniqueName
- Specifies the name of the group from which you want to copy the group memberships for another group to use. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask duplicateMembershipOfGroup {-copyToUniqueName cn=operators,cn=groups,dc=yourco,dc=com -copyFromUniqueName cn=admins,cn=groups,dc=yourco,dc=com}
- Using Jython string:
AdminTask.duplicateMembershipOfGroup ('[-copyToUniqueName cn=operators,cn=groups,dc=yourco,dc=com -copyFromUniqueName cn=admins,cn=groups,dc=yourco,dc=com]')
- Using Jython list:
AdminTask.duplicateMembershipOfGroup (['-copyToUniqueName', 'cn=operators,cn=groups,dc=yourco,dc=com', '-copyFromUniqueName', 'cn=admins,cn=groups,dc=yourco,dc=com'])
Interactive mode example usage:
- Using Jacl:
$AdminTask duplicateMembershipOfGroup {-interactive}
- Using Jython string:
AdminTask.duplicateMembershipOfGroup ('[-interactive]')
- Using Jython list:
AdminTask.duplicateMembershipOfGroup (['-interactive'])
duplicateMembershipOfUser
Use the duplicateMembershipOfUser command to make a one user a member of all of the same groups as another user. For example, user 1 is in group B and group C. To add user 2 to the same groups as user 1, use the duplicateMembershipOfUser command.
Parameters and return values
- -copyToUniqueName
- Specifies the name of the user to which you want to add the memberships of the user specified in the copyFromUniqueName parameter. (String, required)
- -copyFromUniqueName
- Specifies the name of the user from which you want to copy the group memberships for another user to use. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask duplicateMembershipOfUser {-copyToUniqueName uid=meyersd,cn=users,dc=yourco,dc=com -copyFromUniqueName uid=jhart,cn=users,dc=yourco,dc=com}
- Using Jython string:
AdminTask.duplicateMembershipOfUser ('[-copyToUniqueName uid=meyersd,cn=users,dc=yourco,dc=com -copyFromUniqueName uid=jhart,cn=users,dc=yourco,dc=com]')
- Using Jython list:
AdminTask.duplicateMembershipOfUser (['-copyToUniqueName', 'uid=meyersd,cn=users,dc=yourco,dc=com', '-copyFromUniqueName', 'uid=jhart,cn=users,dc=yourco,dc=com'])
Interactive mode example usage:
- Using Jacl:
$AdminTask duplicateMembershipOfUser {-interactive}
- Using Jython string:
AdminTask.duplicateMembershipOfUser ('[-interactive]')
- Using Jython list:
AdminTask.duplicateMembershipOfUser (['-interactive'])
getGroup
The getGroup command retrieves the common name and description of a group.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the group that you want to view. This parameter maps to the uniqueName property in virtual member manager. (String, required)
- -clearCache
- Specifies whether the repository adapter cache should be cleared before retrieving the specified group information. (String, optional)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask getGroup {-uniqueName cn=operators,cn=groups,dc=yourco,dc=com}
- Using Jython string:
AdminTask.getGroup ('[-uniqueName cn=operators,cn=groups,dc=yourco,dc=com]')
- Using Jython list:
AdminTask.getGroup (['-uniqueName', 'cn=operators,cn=groups,dc=yourco,dc=com'])
Interactive mode example usage:
- Using Jacl:
$AdminTask getGroup {-interactive}
- Using Jython string:
AdminTask.getGroup ('[-interactive]')
- Using Jython list:
AdminTask.getGroup (['-interactive'])
getIdMgrSupportedDataTypes
The getIdMgrSupportedDataTypes command returns a list of all data types that are supported by a specified repository or all default data types that are supported by federated repositories. This command is available in both connected and local modes.
Parameters and return values
- -id
- Use this parameter to specify the ID of the repository. If you do not specify this parameter, the default data types that are supported by federated repositories are returned. (String, optional)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
The getIdMgrSupportedDataTypes command returns a list with the names of supported data types:
String
Int
Boolean
Long
Double
Base64binary
AnySimpleType
AnyURI
Byte
DateTime
Date
Short
Token
IdentifierType
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask getIdMgrSupportedDataTypes
- Using Jython string:
AdminTask.getIdMgrSupportedDataTypes ()
- Using Jython list:
AdminTask.getIdMgrSupportedDataTypes ()
Interactive mode example usage:
- Using Jacl:
$AdminTask getIdMgrSupportedDataTypes {-interactive}
- Using Jython string:
AdminTask.getIdMgrSupportedDataTypes ('[-interactive]')
- Using Jython list:
AdminTask.getIdMgrSupportedDataTypes (['-interactive'])
getMembershipOfGroup
The getMembershipOfGroup command retrieves the groups of which a group is a member.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the group whose group memberships you want to view. This parameter maps to the uniqueName property in virtual member manager. (String, required)
- -clearCache
- Specifies whether the repository adapter cache should be cleared before retrieving the specified group information. (String, optional)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask getMembershipOfGroup {-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com}
- Using Jython string:
AdminTask.getMembershipOfGroup ('[-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com]')
- Using Jython list:
AdminTask.getMembershipOfGroup (['-uniqueName', 'uid=dmeyers,cn=users,dc=yourco,dc=com'])
Interactive mode example usage:
- Using Jacl:
$AdminTask getMembershipOfGroup {-interactive}
- Using Jython string:
AdminTask.getMembershipOfGroup ('[-interactive]')
- Using Jython list:
AdminTask.getMembershipOfGroup (['-interactive'])
getMembershipOfUser
The getMembershipOfUser command retrieves the groups of which a user is a member.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the user whose group memberships you want to view. This parameter maps to the uniqueName property in virtual member manager. (String, required)
- -clearCache
- Specifies whether the repository adapter cache should be cleared before retrieving the specified user information. (String, optional)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask getMembershipOfUser {-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com}
- Using Jython string:
AdminTask.getMembershipOfUser ('[-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com]')
- Using Jython list:
AdminTask.getMembershipOfUser (['-uniqueName', 'uid=dmeyers,cn=users,dc=yourco,dc=com'])
Interactive mode example usage:
- Using Jacl:
$AdminTask getMembershipOfUser {-interactive}
- Using Jython string:
AdminTask.getMembershipOfUser ('[-interactive]')
- Using Jython list:
AdminTask.getMembershipOfUser (['-interactive'])
getMembersOfGroup
The getMembersOfGroup command retrieves the members of a group.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the group whose members you want to view. This parameter maps to the uniqueName property in virtual member manager. (String, required)
- -clearCache
- Specifies whether the repository adapter cache should be cleared before retrieving the specified group information. (String, optional)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask getMembersOfGroup {-uniqueName cn=operators,cn=groups,dc=yourco,dc=com}
- Using Jython string:
AdminTask.getMembersOfGroup ('[-uniqueName cn=operators,cn=groups,dc=yourco,dc=com]')
- Using Jython list:
AdminTask.getMembersOfGroup [('-uniqueName', 'cn=operators,cn=groups,dc=yourco,dc=com'])
Interactive mode example usage:
- Using Jacl:
$AdminTask getMembersOfGroup {-interactive}
- Using Jython string:
AdminTask.getMembersOfGroup ('[-interactive]')
- Using Jython list:
AdminTask.getMembersOfGroup (['-interactive'])
getUser
The getUser command retrieves information about a user in the virtual member manager.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the user that you want to view. This parameter maps to the uniqueName property in the virtual member manager. (String, required)
- -clearCache
- Specifies whether the repository adapter cache should be cleared before retrieving the specified user information. (String, optional)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask getUser {-userName uid=dmeyers,cn=users,dc=yourco,dc=com}
- Using Jython string:
AdminTask.getUser ('[-userName uid=dmeyers,cn=users,dc=yourco,dc=com]')
- Using Jython list:
AdminTask.getUser (['-userName', 'uid=dmeyers,cn=users,dc=yourco,dc=com'])
Interactive mode example usage:
- Using Jacl:
$AdminTask getUser {-interactive}
- Using Jython string:
AdminTask.getUser ('[-interactive]')
- Using Jython list:
AdminTask.getUser (['-interactive'])
removeMemberFromGroup
The removeMemberFromGroup command removes a user or a group from a group.
Parameters and return values
- -memberUniqueName
- Specifies the unique name value for the user or group that you want to remove from the specified group. This parameter maps to the uniqueName property in virtual member manager. (String, required)
- -groupUniqueName
- Specifies the unique name value for the group from which you want to remove the user or group that you specified with the memberUniqueName paramter. This parameter maps to the uniqueName property in virtual member manager. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask removeMemberFromGroup {-memberUniqueName uid=meyersd,cn=users,dc=yourco,dc=com -groupUniqueName cn=admins,cn-groups,dc=yourco,dc=com}
- Using Jython string:
AdminTask.removeMemberFromGroup ('[-memberUniqueName uid=meyersd,cn=users,dc=yourco,dc=com -groupUniqueName cn=admins,cn-groups,dc=yourco,dc=com]')
- Using Jython list:
AdminTask.removeMemberFromGroup (['-memberUniqueName', 'uid=meyersd,cn=users,dc=yourco,dc=com', '-groupUniqueName', 'cn=admins,cn-groups,dc=yourco,dc=com'])
Interactive mode example usage:
- Using Jacl:
$AdminTask removeMemberFromGroup {-interactive}
- Using Jython string:
AdminTask.removeMemberFromGroup ('[-interactive]')
- Using Jython list:
AdminTask.removeMemberFromGroup (['-interactive'])
searchGroups
Use the searchGroups command to find groups in the virtual member manager that match criteria that you provide. For example, you can use the searchGroups command to find all of the groups with a common name that begins with IBM. You can search for any virtual member manager property because the command is generic.
Parameters and return values
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
- -cn
- The first name or given name of the user. This parameter maps to the cn property in the virtual member manager. You must set this parameter or the description parameter, but not both. (String, optional)
- -description
- Specifies information about the group. This parameter maps to the description entity in a virtual member manager object. You must set this parameter or the cn parameter, but not both. (String, optional)
- -timeLimit
- Specifies the maximum amount of time in milliseconds that the search can run. The default value is no time limit. (String, optional)
- -countLimit
- Specifies the maximum number of results that you want returned from the search. By default, all groups found in the search are returned. (String, optional)
- -clearCache
- Specifies whether the repository adapter cache should be cleared before performing the search operation for groups. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask searchGroups {cn *IBM*}
- Using Jython string:
AdminTask.searchGroups('[-cn *IBM*]')
- Using Jython list:
AdminTask.searchGroups(['-cn', '*IBM*'])
Interactive mode example usage:
- Using Jacl:
$AdminTask searchGroups {-interactive}
- Using Jython string:
AdminTask.searchGroups ('[-interactive]')
- Using Jython list:
AdminTask.searchGroups (['-interactive'])
searchUsers
Use the searchUsers command to find users in the virtual member manager that match criteria that you provide. For example, you can use the searchUsers command to find all of the telephone numbers that contain 919. You can search for any virtual member manager property because the command is generic.
Parameters and return values
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
- -principalName
- Specifies the principal name oft he user that is used as the logon ID for the user in the system. This parameter maps to the principalName property in virtual member manager. You must specify only one of the following parameters: principalName, uid, cn, sn, or ibm-primaryEmail. (String, optional)
- -uid
- Specifies the unique ID value for the user for whom you want to search. This parameter maps to the uid property in virtual member manage. You must specify only one of the following parameters: principalName, uid, cn, sn, or ibm-primaryEmail. (String, optional)
- -cn
- Specifies the first name or given name of the user. This parameter maps to the cn property in virtual member manager. You must specify only one of the following parameters: principalName, uid, cn, sn, or ibm-primaryEmail. (String, optional)
- -sn
- Specifies the last name or family name of the user. This parameter maps to the sn property in virtual member manager. You must specify only one of the following parameters: principalName, uid, cn, sn, or ibm-primaryEmail. (String, optional)
- -ibm-primaryEmail
- Specifies the email address of the user. This parameter maps to the ibm-PrimaryEmail property in the virtual member manager. You must specify only one of the following parameters: principalName, uid, cn, sn, or ibm-primaryEmail. (String, optional)
- -timeLimit
- Specifies the maximum amount of time in milliseconds that the search can run. The default is not time limit. (String, optional)
- -countLimit
- Specifies the maximum number of results that you want returned from the search. By default, all users found int he search are returned. (String, optional)
- -clearCache
- Specifies whether the repository adapter cache should be cleared before performing the search operation for users. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask searchUsers {-principalName */IBM/US*}
- Using Jython string:
AdminTask.searchUsers ('[-principalName */IBM/US*]')
- Using Jython list:
AdminTask.searchUsers (['-principalName', '*/IBM/US*'])
Interactive mode example usage:
- Using Jacl:
$AdminTask searchUsers {-interactive}
- Using Jython string:
AdminTask.searchUsers ('[-interactive]')
- Using Jython list:
AdminTask.searchUsers (['-interactive'])
updateGroup
The updateGroup command updates the common name or the description of a group.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the group for which you want to modify the properties. This parameter maps to the uniqueName property in virtual member manager. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
- -cn
- Specifies the new common name used for the group. This parameter maps to the cn property in virtual member manager. (String, optional)
- -description
- Specifies the new information about the group. This parameter maps to the description entity in a virtual member manager object. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask updateGroup {-uniqueName cn=operators,cn=groups,dc=yourco,dc=com -cn groupA}
- Using Jython string:
AdminTask.updateGroup ('[-uniqueName cn=operators,cn=groups,dc=yourco,dc=com -cn groupA]')
- Using Jython list:
AdminTask.updateGroup (['-uniqueName', 'cn=operators,cn=groups,dc=yourco,dc=com', '-cn', 'groupA'])
Interactive mode example usage:
- Using Jacl:
$AdminTask updateGroup {-interactive}
- Using Jython string:
AdminTask.updateGroup ('[-interactive]')
- Using Jython list:
AdminTask.updateGroup (['-interactive'])
updateUser
The updateUser command updates the following properties: uniqueName, uid, password, cn, sn, or ibm-primaryEmail.
Parameters and return values
- -uniqueName
- Specifies the unique name value for the user for which you want to modify the properties. This parameter maps to the uniqueName property in virtual member manager. (String, required)
- -securityDomainName
- Specifies the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
- -uid
- Specifies the new unique ID value for the user. This parameter maps to the uid property in virtual member manager. (String, optional)
- -password
- Specifies the new password for the user. This parameter maps to the password property in virtual member manager. (String, optional)
- -confirmPassword
- Specifies the password again to validate how it was entered on the password parameter. This parameter maps to the password property in virtual member manager. (String, optional)
- -cn
- Specifies the new first name or given name of the user. This parameter maps to the cn property in virtual member manager. (String, optional)
- -surname
- Specifies the new last name or family name of the user. This parameter maps to the sn property in virtual member manager. (String, optional)
- -ibm-primaryEmail
- Specifies the new email address of the user. This parameter maps to the mail property in virtual member manager. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask updateUser {-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com -uid 123}
- Using Jython string:
AdminTask.updateUser ('[-uniqueName uid=dmeyers,cn=users,dc=yourco,dc=com -uid 123]')
- Using Jython list:
AdminTask.updateUser (['-uniqueName', 'uid=dmeyers,cn=users,dc=yourco,dc=com', '-uid', '123'])
Interactive mode example usage:
- Using Jacl:
$AdminTask updateUser {-interactive}
- Using Jython string:
AdminTask.updateUser ('[-interactive]')
- Using Jython list:
AdminTask.updateUser (['-interactive'])