IdMgrConfig command group for the AdminTask object
You can use the Jython or Jacl scripting languages to configure the virtual member manager with the wsadmin tool. The commands and parameters in the IdMgrConfig group can be used to create and manage your entity type configuration.
- createIdMgrSupportedEntityType
- deleteIdMgrSupportedEntityType
- getIdMgrSupportedEntityType
- isIdMgrUseGlobalSchemaForModel
- listIdMgrSupportedEntityTypes
- listIdMgrGroupsForRoles
- listIdMgrUsersForRoles
- mapIdMgrUserToRole
- mapIdMgrGroupToRole
- removeIdMgrGroupsFromRole
- removeIdMgrUsersFromRole
- resetIdMgrConfig
- setIdMgrUseGlobalSchemaForModel
- showIdMgrConfig
- updateIdMgrLDAPBindInfo
- updateIdMgrSupportedEntityType
createIdMgrSupportedEntityType
The createIdMgrSupportedEntityType command creates a supported entity type configuration.
Parameters
- -name
- The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)
- -defaultParent
- The default parent node for the supported entity type. (String, required)
- -rdnProperties
- The RDN attribute name for the supported entity type in the entity domain name. To reset all values of the rdnProperties parameter, specify a blank string ("") (String, required)
- -securityDomainName
- The name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask createIdMgrSupportedEntityType {-name entity1 -defaultParent node1 -rdnProperties rdn1}
- Using Jython string:
AdminTask.createIdMgrSupportedEntityType ('[-name entity1 -defaultParent node1 -rdnProperties rdn1]')
- Using Jython list:
AdminTask.createIdMgrSupportedEntityType (['-name', 'entity1', '-defaultParent', 'node1', '-rdnProperties', 'rdn1'])
Interactive mode example usage:
- Using Jacl:
$AdminTask createIdMgrSupportedEntityType {-interactive}
- Using Jython string:
AdminTask.createIdMgrSupportedEntityType ('[-interactive]')
- Using Jython list:
AdminTask.createIdMgrSupportedEntityType (['-interactive'])
deleteIdMgrSupportedEntityType
The deleteIdMgrSupportedEntityType command deletes the supported entity type configuration that you specify.
Parameters
- -name
- The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)
- -securityDomainName
- The name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask deleteIdMgrSupportedEntityType {-name entity1}
- Using Jython string:
AdminTask.deleteIdMgrSupportedEntityType ('[-name entity1]')
- Using Jython list:
AdminTask.deleteIdMgrSupportedEntityType (['-name', 'entity1'])
Interactive mode example usage:
- Using Jacl:
$AdminTask deleteIdMgrSupportedEntityType {-interactive}
- Using Jython string:
AdminTask.deleteIdMgrSupportedEntityType ('[-interactive]')
- Using Jython list:
AdminTask.deleteIdMgrSupportedEntityType (['-interactive'])
getIdMgrSupportedEntityType
The getIdMgrSupportedEntityType command returns the configuration of the supported entity type that you specify.
Parameters
- -name
- The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)
- -securityDomainName
- The name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask getIdMgrSupportedEntityType {-name entity1}
- Using Jython string:
AdminTask.getIdMgrSupportedEntityType ('[-name entity1]')
- Using Jython list:
AdminTask.getIdMgrSupportedEntityType (['-name', 'entity1'])
Interactive mode example usage:
- Using Jacl:
$AdminTask getIdMgrSupportedEntityType {-interactive}
- Using Jython string:
AdminTask.getIdMgrSupportedEntityType ('[-interactive]')
- Using Jython list:
AdminTask.getIdMgrSupportedEntityType (['-interactive'])
isIdMgrUseGlobalSchemaForModel
The isIdMgrUseGlobalSchemaForModel command returns a boolean that indicates whether the global schema option is enabled for the data model for the specified domain in a multiple security domain environment.
Parameters
- -securityDomainName
- The name that uniquely identifies the security domain. (String, required)
Returns
A Boolean value that indicates whether global schema option is enabled for the data model for the specified domain.
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask isIdMgrUseGlobalSchemaForModel {-securityDomainName mysecDomain}
- Using Jython string:
AdminTask.isIdMgrUseGlobalSchemaForModel ('[-securityDomainName mysecDomain]')
- Using Jython list:
AdminTask.isIdMgrUseGlobalSchemaForModel (['-securityDomainName', 'mysecDomain'])
Interactive mode example usage:
- Using Jacl:
$AdminTask isIdMgrUseGlobalSchemaForModel {-interactive}
- Using Jython string:
AdminTask.isIdMgrUseGlobalSchemaForModel ('[-interactive]')
- Using Jython list:
AdminTask.isIdMgrUseGlobalSchemaForModel (['-interactive'])
listIdMgrSupportedEntityTypes
The listIdMgrSupportedEntityTypes command lists all of the supported entity types that are configured.
Parameters
- -securityDomainName
- The name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Returns
A list that contains the names of the supported entity types
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask listIdMgrSupportedEntityTypes
- Using Jython string:
AdminTask.listIdMgrSupportedEntityTypes()
- Using Jython list:
AdminTask.listIdMgrSupportedEntityTypes()
Interactive mode example usage:
- Using Jacl:
$AdminTask listIdMgrSupportedEntityTypes {-interactive}
- Using Jython string:
AdminTask.listIdMgrSupportedEntityTypes ('[-interactive]')
- Using Jython list:
AdminTask.listIdMgrSupportedEntityTypes (['-interactive'])
listIdMgrGroupsForRoles
The listIdMgrGroupsForRoles command lists the mapping of groups to roles in federated repositories.
Parameters
- -securityDomainName
- The name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Returns
A Map object that contains roleName as the key, and the value of each key is a list of uniqueNames.
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask listIdMgrGroupsForRoles
- Using Jython string:
AdminTask.listIdMgrGroupsForRoles ()
- Using Jython list:
AdminTask.listIdMgrGroupsForRoles ()
Interactive mode example usage:
- Using Jacl:
$AdminTask listIdMgrGroupsForRoles {-interactive}
- Using Jython string:
AdminTask.listIdMgrGroupsForRoles ('[interactive]')
- Using Jython list:
AdminTask.listIdMgrGroupsForRoles (['interactive'])
listIdMgrUsersForRoles
The listIdMgrUsersForRoles command lists the mapping of users to roles in federated repositories.
Parameters
- -securityDomainName
- The name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Returns
A Map object that contains roleName as the key, and the value of each key is a list of uniqueNames.
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask listIdMgrUsersForRoles
- Using Jython string:
AdminTask.listIdMgrUsersForRoles ()
- Using Jython list:
AdminTask.listIdMgrUsersForRoles ()
Interactive mode example usage:
- Using Jacl:
$AdminTask listIdMgrUsersForRoles {-interactive}
- Using Jython string:
AdminTask.listIdMgrUsersForRoles ('[-interactive]')
- Using Jython list:
AdminTask.listIdMgrUsersForRoles (['-interactive'])
mapIdMgrUserToRole
The mapIdMgrUserToRole command maps a user to a specified role in federated repositories. You can map a user to only one role.
Parameters
- -roleName
- The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)
- -userId
- The user ID or unique name of the user to whom you want to map the specified role. If you specify the user ID, it should correspond to a unique user in the repository. (String, required)
- -securityDomainName
- The name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask mapIdMgrUserToRole {-roleName IdMgrWriter -userId uid=user1,o=customrealm}
- Using Jython string:
AdminTask.mapIdMgrUserToRole ('[-roleName IdMgrWriter -userId user1,o=customrealm]')
- Using Jython list:
AdminTask.mapIdMgrUserToRole (['-roleName', 'IdMgrWriter', '-userId', 'uid=user1,o=customrealm'])
Interactive mode example usage:
- Using Jacl:
$AdminTask mapIdMgrUserToRole {-interactive}}
- Using Jython string:
AdminTask.mapIdMgrUserToRole ('[-interactive]')
- Using Jython list:
AdminTask.mapIdMgrUserToRole (['-interactive'])
mapIdMgrGroupToRole
The mapIdMgrGroupToRole command maps a group to a specified role in federated repositories. You can map a group to only one role.
Parameters
- -roleName
- The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)
- -groupId
- The common name or unique name of the group to which you want to map the specified role. If you specify the common name, it should correspond to a unique group in the repository. Alternately, to map all logged-in users to the specified role, you can specify a special subject with the value ALLAUTHENTICATED. (String, required)
- -securityDomainName
- The name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl (example 1):
$AdminTask mapIdMgrGroupToRole {-roleName IdMgrReader -groupId cn=group1,o=customrealm}
Using Jacl (example 2):$AdminTask mapIdMgrGroupToRole {-roleName IdMgrWriter -groupId ALLAUTHENTICATED}
- Using Jython string (example 1):
AdminTask.mapIdMgrGroupToRole ('[-roleName IdMgrReader -groupId cn=group1,o=customrealm]')
Using Jython string (example 2):AdminTask.mapIdMgrGroupToRole ('[-roleName IdMgrWriter -groupId ALLAUTHENTICATED]')
- Using Jython list (example 1):
AdminTask.mapIdMgrGroupToRole (['-roleName', 'IdMgrReader', '-groupId', 'cn=group1,o=customrealm'])
Using Jython list (example 2):AdminTask.mapIdMgrGroupToRole (['-roleName', 'IdMgrReader', '-groupId', 'ALLAUTHENTICATED'])
Interactive mode example usage:
- Using Jacl:
$AdminTask mapIdMgrGroupToRole {-interactive}
- Using Jython string:
AdminTask.mapIdMgrGroupToRole ('[-interactive]')
- Using Jython list:
AdminTask.mapIdMgrGroupToRole (['-interactive'])
removeIdMgrGroupsFromRole
The removeIdMgrGroupsFromRole command removes a group from a specified role in federated repositories.
Parameters
- -roleName
- The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)
- -groupId
- The common name or unique name of the group to which you want
to map the specified role. If you specify the common name, it should
correspond to a unique group in the repository. Alternately, to remove
the mapping of all logged-in users to the specified role, you can
specify a special subject with the value ALLAUTHENTICATED. (String,
required)Note: You can specify an asterisk (*) to remove all users mapped to the specified role.
- -securityDomainName
- The name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl (example 1):
$AdminTask removeIdMgrGroupsFromRole {-roleName IdMgrReader -groupId cn=group1,o=customrealm}
Using Jacl (example 2):$AdminTask removeIdMgrGroupsFromRole {-roleName IdMgrReader -groupId ALLAUTHENTICATED}
- Using Jython string (example 1):
AdminTask.removeIdMgrGroupsFromRole ('[-roleName IdMgrReader -groupId cn=group1,o=customrealm]')
Using Jython string (example 2):AdminTask.removeIdMgrGroupsFromRole ('[-roleName IdMgrReader -groupId ALLAUTHENTICATED]')
- Using Jython list (example 1):
AdminTask.removeIdMgrGroupsFromRole (['-roleName', 'IdMgrReader', '-groupId', 'cn=group1,o=customrealm'])
Using Jython list (example 2):AdminTask.removeIdMgrGroupsFromRole (['-roleName', 'IdMgrReader', '-groupId', 'ALLAUTHENTICATED'])
Interactive mode example usage:
- Using Jacl:
$AdminTask removeIdMgrGroupsFromRole {-interactive}
- Using Jython string:
AdminTask.removeIdMgrGroupsFromRole ('[-interactive]')
- Using Jython list:
AdminTask.removeIdMgrGroupsFromRole (['-interactive'])'])
removeIdMgrUsersFromRole
The removeIdMgrUsersFromRole command removes a user from a specified role in federated repositories.
Parameters
- -roleName
- The name of the role. Valid values are IdMgrAdmin, IdMgrReader, or IdMgrWriter, which are the federated repositories pre-defined roles. (String, required)
- -userId
- The user ID or unique name of the user whose mapping to the specified
role you want to remove. If you specify the user ID, it should correspond
to a unique user in the repository. (String, required)Note: You can specify an asterisk (*) to remove all users mapped to the specified role.
- -securityDomainName
- The name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask removeIdMgrUsersFromRole {-roleName IdMgrWriter -userId uid=user1,o=customrealm}
- Using Jython string:
AdminTask.removeIdMgrUsersFromRole ('[-roleName IdMgrWriter -userId uid=user1,o=customrealm]')
- Using Jython list:
AdminTask.removeIdMgrUsersFromRole (['-roleName', 'IdMgrWriter', '-userId', 'uid=user1,o=customrealm'])
Interactive mode example usage:
- Using Jacl:
$AdminTask removeIdMgrUsersFromRole {-interactive}
- Using Jython string:
AdminTask.removeIdMgrUsersFromRole ('[-interactive]')
- Using Jython list:
AdminTask.removeIdMgrUsersFromRole (['-interactive'])
resetIdMgrConfig
The resetIdMgrConfig command resets the current configuration to the last configuration that was saved.
Parameters
- -securityDomainName
- The name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Returns
None.Examples
Batch mode example usage:
- Using Jacl:
$AdminTask resetIdMgrConfig
- Using Jython string:
AdminTask.resetIdMgrConfig()
- Using Jython list:
AdminTask.resetIdMgrConfig()
Interactive mode example usage:
- Using Jacl:
$AdminTask resetIdMgrConfig {-interactive}
- Using Jython string:
AdminTask.resetIdMgrConfig ('[-interactive]')
- Using Jython list:
AdminTask.resetIdMgrConfig (['-interactive'])
setIdMgrUseGlobalSchemaForModel
The setIdMgrUseGlobalSchemaForModel command sets the global schema option for the data model in a multiple security domain environment. Global schema refers to the schema of the admin domain.
Parameters
- -useGlobalSchema
- Specifies whether the data model should use the global schema. Global schema refers to the schema of the admin domain. The default value of this parameter is false. (Boolean, required)
- -securityDomainName
- The name that uniquely identifies the security domain. (String, required)
Examples
Batch mode example usage:
- Using Jacl:
$AdminTask setIdMgrUseGlobalSchemaForModel {-useGlobalSchema true -securityDomainName mysecDomain}
- Using Jython string:
AdminTask.setIdMgrUseGlobalSchemaForModel ('[-useGlobalSchema true -securityDomainName mysecDomain]')
- Using Jython list:
AdminTask.setIdMgrUseGlobalSchemaForModel (['-useGlobalSchema', 'true', '-securityDomainName', 'mysecDomain'])
Interactive mode example usage:
- Using Jacl:
$AdminTask setIdMgrUseGlobalSchemaForModel {-interactive}
- Using Jython string:
AdminTask.setIdMgrUseGlobalSchemaForModel ('[-interactive]')
- Using Jython list:
AdminTask.setIdMgrUseGlobalSchemaForModel (['-interactive'])
showIdMgrConfig
The showIdMgrConfig command returns the current configuration XML in string format.
Parameters
- -file
- The name of the file where you want to save the configuration XML string. (String, optional)
- -securityDomainName
- The name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Returns
None.Examples
Batch mode example usage:
-
Using Jacl:
$AdminTask showIdMgrConfig
-
Using Jython string:
AdminTask.showIdMgrConfig()
-
Using Jython list:
AdminTask.showIdMgrConfig()
Interactive mode example usage:
-
Using Jacl:
$AdminTask showIdMgrConfig {-interactive}
-
Using Jython string:
AdminTask.showIdMgrConfig ('[-interactive]')
-
Using Jython list:
AdminTask.showIdMgrConfig (['-interactive'])
updateIdMgrLDAPBindInfo
The updateIdMgrLDAPBindInfo command dynamically updates the LDAP server bind information. If you specify a value for the bindDN parameter, then you must specify a value for the bindPassword parameter. If you specify the id parameter only, then the LDAP server information is refreshed.
Parameters
- -id
- The ID of the repository. (String, required)
- -bindDN
- The binding distinguished name for the LDAP server. (String, optional)
- -bindPassword
- The binding password for the LDAP server. (String, optional)
- -securityDomainName
- The name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
Examples
Batch mode example usage:
- Using Jython:
AdminTask.updateIdMgrLDAPBindInfo('[-id id1 -bindDN cn=root -bindPassword myPassword22]')
- Using Jython list:
AdminTask.updateIdMgrLDAPBindInfo(['-id id1 -bindDN cn=root -bindPassword myPassword22'])
- Using Jacl:
$AdminTask updateIdMgrLDAPBindInfo {-id id1 -bindDN cn=root -bindPassword myPassword22}
Interactive mode example usage:
- Using Jython:
AdminTask.updateIdMgrLDAPBindInfo(['-interactive'])
- Using Jacl:
$AdminTask updateIdMgrLDAPBindInfo {-interactive}
updateIdMgrSupportedEntityType
The updateIdMgrSupportedEntityType command updates the configuration that you specify for a supported entity type.
Parameters
- -name
- The name of the supported entity type. The value of this parameter must be one of the supported entity types. (String, required)
- -securityDomainName
- The name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)
- -defaultParent
- The default parent node for the supported entity type. (String, optional)
- -rdnProperties
- The RDN attribute name for the supported entity type in the entity domain name. To reset all the values of the rdnProperties parameter, specify a blank string (""). (String, optional)
Examples
Batch mode example usage:
-
Using Jacl:
$AdminTask updateIdMgrSupportedEntityType {-name entity1}
-
Using Jython string:
AdminTask.updateIdMgrSupportedEntityType ('[-name entity1]')
-
Using Jython list:
AdminTask.updateIdMgrSupportedEntityType (['-name', 'entity1'])
Interactive mode example usage:
-
Using Jacl:
$AdminTask updateIdMgrSupportedEntityType {-interactive}
-
Using Jython string:
AdminTask.updateIdMgrSupportedEntityType ('[-interactive]')
-
Using Jython list:
AdminTask.updateIdMgrSupportedEntityType (['-interactive'])