PDRTE_config

Syntax

PDRTE_config [–c certificate] [–d ad_domain] [–E use_ssl {yes|no}] [–f key_file] [–F key_file_password] [–g key_file_label] [–G ad_multiple_domain {yes | no}] [–h policy_server_host_name] –H LDAP_server_host_name [–i response_file] [–l local_domain] [–P port] [–r port] [–R dnforaccess] [–s silent {yes | no}] [–S local_policy_server {yes | no}] –t registry_type {ldap | active_directory_ldap} [–T tivoli_common_directory] [–u ad_alt_upn {yes | no}] [–v ad_gc_server]

Description

The PDRTE_config utility configures the Security Access Manager Runtime on AIX, Linux, and Solaris platforms. You can run this utility directly from the command line.

Parameters

–c certificate

Specifies the name of the policy server base-64 encoded, self-signed certificate. For example, /var/PolicyDirector/keytab/pdcacert.b64

If the certificate file is not specified, the certificate is downloaded from the Security Access Manager policy server. (Optional)

–d ad_domain

Specifies the Active Directory domain name. For example, dc=ibm,dc=com.

This parameter is required when Active Directory is the user registry. (Optional)

–E use_ssl {yes | no}

Specifies whether to enable SSL communication between the runtime and the registry server. The valid responses are yes and no. The default value is no. (Optional)

–f key_file

Specifies the fully qualified file name of the client-side key file. The key file holds the server-side certificates that are used in secure communication. This parameter is required when use_ssl is set to yes, which means that SSL communication is enabled. (Optional)

–F key_file_password

Specifies the existing password that is associated with the specified key_file. This password was set when the key file was created. This parameter is required if use_ssl is set to yes. (Optional)

–g key_file_label

Specifies the server certificate label name that is in the key_file. The label was set when server certificate was imported in client-side key file. This parameter is required when use_ssl is set to yes, which means that SSL communication is enabled. (Optional)

–G ad_multiple_domain {yes|no}

Configures Security Access Manager in Active Directory multiple domain environment. The valid responses are yes and no. The default value is no. (Optional)

–h policy_server_host_name

Specifies the host name of the Security Access Manager policy server. This parameter is required if local_policy_server is no. You can specify any valid IP host name. For example: libra.example.ibm.com. (Optional)

–H LDAP_server_host_name

Specifies the IP address or host name of the LDAP server. You can specify any valid IP host name. For example:

host = libra
host = libra.dallas.ibm.com

–i response_file

Specifies the fully qualified path and file name of the response file to use during silent configuration. A response file can be used for configuration. There is no default response file name. The response file contains stanzas and key=value pairs. For information about using response files, see the "Using response files" appendix in the IBM Security Access Manager for Web Command Reference. (Optional)

–l local_domain

Specifies the local domain name for the Runtime that is being configured. (Optional)

A local domain is a Security Access Manager secure domain that is used by programs when no explicit domain is specified. If the parameter is not specified, the local domain defaults to the management domain.

A valid local domain name is an alphanumeric, case-sensitive string. Valid characters are a-z, 0-9, -, and _.

–P port

Specifies the port number of the LDAP server. Use the LDAP server-configured port number. The default port number is 636 if Secure Sockets Layer (SSL) is used and 389 if SSL is not used. (Optional)

–r port

Specifies the port number for the Security Access Manager Policy server. This parameter is required if local_policy_server is no. The default value is 7135. (Optional)

–R dnforaccess

Specifies the distinguished name (DN) for the data location on the Active Directory server that stores Security Access Manager data.

The parameter is required if ad_multiple_domain is no. If ad_multiple_domain is yes, then the default value is the value of ad_domain.

–s silent {yes | no}

Specifies silent configuration. The valid responses are yes or no. If the value is yes, the utility runs in silent mode. If the value is no, the utility runs in interactive mode. (Optional)

–S local_policy_server {yes | no}

Indicates whether the policy server is installed on the same computer. The valid responses are yes or no. The default value is no. (Optional)

–t registry_type {ldap | active_directory_ldap}

Specifies the type of registry server to be set up for Security Access Manager. The valid responses are ldap and active_directory_ldap.

–T tivoli_common_directory

Enables Tivoli Common Directory logging and specifies the fully qualified path location for common logging. When Tivoli Common Directory is enabled, all of the Security Access Manager message log files are placed in this common location. (Optional)

–u ad_alt_upn {yes | no}

Security Access Manager supports an email address (alternative format) of the userPrincipalName attribute of the Active Directory user object as its user ID. The valid responses are yes and no. If set to no, only the default format of the userPrincipalName can be used as the Security Access Manager user ID. The default value is no. (Optional)

–v ad_gc_server

Security Access Manager supports an email address (alternative format) of the userPrincipalName attribute of the Active Directory user object as its user ID. Specify the Global Catalog server host name, such as gcserver.us.ibm.com, to enable the support.

If not specified, only the default format of the userPrincipalName can be used as the Security Access Manager user ID. (Optional)

Availability

This utility is in /opt/PolicyDirector/sbin, the default installation directory on AIX, Linux, and Solaris operating systems.

When an installation directory other than the default is selected, this utility is in the /sbin directory under the installation directory (for example, installation_directory/sbin).

Return codes

0

The utility ran successfully.

1

The utility failed. When a utility fails, the software a description of the error. See the IBM Security Access Manager for Web Error Message Reference. This reference provides a list of the Security Access Manager error messages by decimal or hexadecimal codes.