IdMgrRepositoryConfig command group for the AdminTask object

addIdMgrLDAPAttr

Use the addIdMgrLDAPAttr command to add an LDAP attribute configuration to the LDAP repository configuration.

Target object

None

Required parameters

-id

Use this parameter to specify the unique ID of the repository. (String, required)

-name

Use this parameter to specify the name of the LDAP attribute used in the repository LDAP adapter. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-propertyName

Use this parameter to specify the name of the corresponding federated repository property. (String, optional)

Note: You cannot add an LDAP attribute configuration for the federated repository properties, principalName and realm.

Supported configurations: If you define multiple login properties, the first login property is programmatically mapped to the federated repositories principalName property. For example, if you set uid;mail as the login properties, the LDAP attribute uid value is mapped to the federated repositories principalName property. If you define multiple login properties, after login, the first login property is returned as the value of the principalName property. For example, if you pass joe@yourco.com as the principalName value and the login properties are configured as uid;mail, the principalName is returned as joe.

-entityTypes

Use this parameter to specify the entity type which applies the attribute mapping. (String, optional)

-syntax

Use this parameter to specify the syntax of the LDAP attribute. The default value is string. For example, the syntax of the unicodePwd LDAP attribute is octetString. (String, optional)

-defaultValue

Use this parameter to specify the default value of the LDAP attribute. If you do not specify this LDAP attribute when you create an entity which this LDAP attribute applies to, the system adds the attribute using this default value. (String, optional)

-defaultAttr

Use this parameter to specify the default attribute of the LDAP attribute. If you do not specify this LDAP attribute when you create an entity which this LDAP attribute applies to, the system uses this value of the default attribute.

For example, the following configuration defines a samAccountName LDAP attribute with the cn default attribute:

<config:attributes name="samAccountName" defaultAttribute="cn">
<config:entityTypes>Group</config:entityTypes>
</config:attributes>

In this example, when you create the Group entity, the samAccountName LDAP attribute with the same value as the cn attribute is added to the corresponding LDAP entry.

(String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPAttr {-id id_name -name unicode_password -syntax octetString}

• Using Jython string:

  AdminTask.addIdMgrLDAPAttr ('[-id id_name -name unicode_password -syntax octetString]')

• Using Jython list:

  AdminTask.addIdMgrLDAPAttr (['-id', 'id_name', '-name', 'unicode_password', '-syntax', 'octetString'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPAttr {-interactive}

• Using Jython:

  AdminTask.addIdMgrLDAPAttr('-interactive')

addIdMgrLDAPAttrNotSupported

Use the addIdMgrLDAPAttrNotSupported command to add a configuration for a federated repository property that the specified LDAP repository does not support.

Required parameters

-id

Use this parameter to specify the unique ID of the repository. (String, required)

-propertyName

Use this parameter to specify the name of the federated repository property. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-entityTypes

Use this parameter to specify one or more entity types. Use the semicolon (;) as the delimiter to specify multiple entity types. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPAttrNotSupported {-id id_name -propertyName property_name}

• Using Jython string:

  AdminTask.addIdMgrLDAPAttrNotSupported ('[-id id_name -propertyName property_name]')

• Using Jython list:

  AdminTask.addIdMgrLDAPAttrNotSupported (['-id', 'id_name', '-propertyName', 'property_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPAttrNotSupported {-interactive}

• Using Jython:

  AdminTask.addIdMgrLDAPAttrNotSupported('-interactive')

addIdMgrLDAPBackupServer

The addIdMgrLDAPBackupServer command sets a backup LDAP server in your configuration.

Required parameters

-id

Specifies the unique ID of the repository. (String, required)

-primary_host

Specifies the primary host of the LDAP server. (String, required)

-host

Specifies the host name for the LDAP server. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-port

Specifies the port number for the LDAP server. (Integer, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPBackupServer {-id id_name -primary_host host_name1 -host host_name2 -port port_number}

• Using Jython string:

  AdminTask.addIdMgrLDAPBackupServer ('[-id id_name -primary_host host_name1 -host host_name2 -port port_number]')

• Using Jython list:

  AdminTask.addIdMgrLDAPBackupServer (['-id', 'id_name', '-primary_host', 'host_name1', '-host', 'host_name2', '-port', 'port_number'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPBackupServer {-interactive}

• Using Jython:

  AdminTask.addIdMgrLDAPBackupServer('-interactive')

addIdMgrLDAPEntityType

The addIdMgrLDAPEntityType command adds an LDAP entity type definition.

Required parameters

-id

The ID of the repository. (String, required)

-name

The name of the entity type. (String, required)

-objectClasses

One or more object classes for the entity type. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-searchFilter

The search filter that you want to use to search the entity type. (String, optional)

-objectClassesForCreate

The object class to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. (String, optional)

-searchBases

The search base or bases to use while searching the entity type. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPEntityType {-id id_name -name name_value -objectClasses object_class}

• Using Jython string:

  AdminTask.addIdMgrLDAPEntityType ('[-id id_name -name name_value -objectClasses object_class]')

• Using Jython list:

  AdminTask.addIdMgrLDAPEntityType (['-id', 'id_name', '-name', 'name_value', '-objectClasses', 'object_class'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPEntityType {-interactive}

• Using Jython string:

  AdminTask.addIdMgrLDAPEntityType ('[-interactive]')

• Using Jython list:

  AdminTask.addIdMgrLDAPEntityType (['-interactive'])

addIdMgrLDAPEntityTypeRDNAttr

The addIdMgrLDAPEntityTypeRDNAttr command adds RDN attribute configuration to an LDAP entity type definition.

Required parameters

-id

The ID of the repository. (String, required)

-entityTypeName

The name of the entity type. (String, required)

-name

The attribute name that is used to build the relative distinguished name (RDN) for the entity type. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-objectClass

The object class to use for the entity type for the relative distinguished name (RDN) attribute name that you specify. Use this parameter to map one entity type to multiple structural object classes. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPEntityTypeRDNAttr {-id id_name -entityTypeName entity_type -name name_value}

• Using Jython string:

  AdminTask.addIdMgrLDAPEntityTypeRDNAttr ('[-id id_name -entityTypeName entity_type -name name_value]')

• Using Jython list:

  AdminTask.addIdMgrLDAPEntityTypeRDNAttr (['-id', 'id_name', '-entityTypeName', 'entity_type', '-name', 'name_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPEntityTypeRDNAttr {-interactive}

• Using Jython string:

  AdminTask.addIdMgrLDAPEntityTypeRDNAttr ('[-interactive]')

• Using Jython list:

  AdminTask.addIdMgrLDAPEntityTypeRDNAttr (['-interactive'])

addIdMgrLDAPExternalIdAttr

Use the addIdMgrLDAPExternalIdAttr command to add a configuration for an LDAP attribute that is used as an external ID in the specified LDAP repository.

Target object

None

Required parameters

-id

Use this parameter to specify the unique ID of the repository. (String, required)

-name

Use this parameter to specify the name of the external ID attribute of the LDAP repository. (String, required)

Important: Specify distinguishedName as the value of this parameter to indicate that the distinguished name (DN) of the entity is used as the external ID.

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-entityTypes

Use this parameter to specify one or more entity types. Use a semicolon (;) as the delimiter to specify multiple entity types. (String, optional)

-syntax

Use this parameter to specify the syntax of the LDAP attribute. The default value is string. For example, the syntax of the unicodePwd LDAP attribute is octetString. (String, optional)

-wimGenerate

Use this parameter to indicate whether the federated repository generates the value of the LDAP attribute. The default value is false. (Boolean, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPExternalIdAttr {-id id_name -name unicodePwd -syntax octetString}

• Using Jython string:

  AdminTask.addIdMgrLDAPExternalIdAttr ('[-id id_name -name unicode_password -syntax octetString]')

• Using Jython list:

  AdminTask.addIdMgrLDAPExternalIdAttr (['-id', 'id_name', '-name', 'unicode_password', '-syntax', 'octetString'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPExternalIdAttr {-interactive}

• Using Jython:

  AdminTask.addIdMgrLDAPExternalIdAttr('-interactive') 

addIdMgrLDAPGroupDynamicMemberAttr

The addIdMgrLDAPGroupDynamicMemberAttr command adds a dynamic member attribute configuration to an LDAP group configuration.

Required parameters

-id

The ID of the repository. (String, required)

-name

The name of the LDAP attribute that is used as the group member attribute. For example, member or uniqueMember. (String, required)

-objectClass

The group object class that contains the member attribute. For example, groupOfNames or groupOfUniqueNames. If you do not define this parameter, the member attribute applies to all group object classes. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPGroupDynamicMemberAttr {-id id_name -name name_value -objectClass object_class}

• Using Jython string:

  AdminTask.addIdMgrLDAPGroupDynamicMemberAttr ('[-id id_name -name name_value -objectClass object_class]')

• Using Jython list:

  AdminTask.addIdMgrLDAPGroupDynamicMemberAttr (['-id', 'id_name', '-name', 'name_value', '-objectClass', 'object_class'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPGroupDynamicMemberAttr {-interactive}

• Using Jython string:

  AdminTask.addIdMgrLDAPGroupDynamicMemberAttr ('[-interactive]')

• Using Jython list:

  AdminTask.addIdMgrLDAPGroupDynamicMemberAttr (['-interactive'])

addIdMgrLDAPGroupMemberAttr

The addIdMgrLDAPGroupMemberAttr command adds a member attribute configuration to an LDAP group configuration.

Required parameters

-id

The ID of the repository. (String, required)

-name

The name of the LDAP attribute that is used as the group member attribute. For example, member or uniqueMember. (String, required)

-scope

The scope of the member attribute. The valid values for this parameter include the following:

• direct - The member attribute only contains direct members, therefore, this value refers to the member directly contained by the group and not contained through the nested group. For example, if Group1 contains Group2 and Group2 contains User1, then Group2 is a direct member of Group1 but User1 is not a direct member of Group1. Both member and uniqueMember are direct member attributes.
• nested - The member attribute that contains the direct members and the nested members.

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-dummyMember

Indicates that if you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. (String, optional)

-objectClass

The group object class that contains the member attribute. For example, groupOfNames or groupOfUniqueNames. If you do not define this parameter, the member attribute applies to all group object classes. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPGroupMemberAttr {-id id_name -name name_value}

• Using Jython string:

  AdminTask.addIdMgrLDAPGroupMemberAttr ('[-id id_name -name name_value]')

• Using Jython list:

  AdminTask.addIdMgrLDAPGroupMemberAttr (['-id', 'id_name', '-name', 'name_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPGroupMemberAttr {-interactive}

• Using Jython string:

  AdminTask.addIdMgrLDAPGroupMemberAttr ('[-interactive]')

• Using Jython list:

  AdminTask.addIdMgrLDAPGroupMemberAttr (['-interactive'])

addIdMgrLDAPServer

The addIdMgrLDAPServer command adds an LDAP server to the LDAP repository ID that you specify.

If the value of the sslEnabled parameter is set to true, the addIdMgrLDAPServer command operation will fail while trying to validate the connection. To workaround this problem, perform the following steps:

1. Start WebSphere® Application Server.
2. Start the wsadmin tool without specifying the -conntype none option.

Required parameters

-id

The ID of the repository. (String, required)

-host

The host name for the primary LDAP server. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-port

The port number for the LDAP server. (Integer, optional)

-bindDN

The binding distinguished name for the LDAP server. (String, optional)

-bindPassword

The binding password. (String, optional)

-authentication

Indicates the authentication method to use. The default value is simple. Valid values include: none or strong. (String, optional)

-bindAuthMechanism

The bind authentication mechanism for binding to the LDAP server when you search for or modify an LDAP entry. The following values are valid:

• none - Anonymous bind to the LDAP server.
• simple - The default, which uses a simple bind distinguished name with a bind password to bind to the LDAP server.
• DIGEST-MD5 - The DIGEST-MD5 mechanism for DIGEST-MD5 authentication.
  To use DIGEST-MD5 authentication, add the useInputPrincipalNameForLogin custom property, as shown in the following example:

  AdminTask.setIdMgrCustomProperty(‘[-id LDAD1 -name useInputPrincipalNameForLogin -value true]’)

• GSSAPI - Kerberos authentication enablement, which requires the Kerberos principal name or the Kerberos service principal name to be set.

-krb5Principal

Kerberos principal name or Kerberos service principal name that is used to authenticate with the Key Distribution Center (KDC). The Kerberos principal name is required if the bindAuthMechanism parameter is set to the GSSAPI value.

-krb5TicketCache

The directory location and file name of the Kerberos ticket cache, which is also referred to as the Kerberos credential cache, or ccache file.

-krb5Config

The Kerberos configuration file that contains the client configuration information, including the location of each Key Distribution Centers (KDC) for the realm. This file is used for Kerberos authentication, SPNEGO web authentication, and LDAP user registry authentication with Kerberos. The following information gives the default file name and location for the Kerberos configuration file:

• /etc/krb5.conf
• C:\Windows\krb5.ini

-krb5Keytab

The Kerberos keytab file that contains one or more Kerberos service principal names and keys. This file is also used for Kerberos authentication, SPNEGO web authentication, and LDAP user registry authentication with Kerberos. If the Kerberos ticket cache and the Kerberos keytab file are both specified, only the ticket cache is used.

-referal

The LDAP referral. The default value is ignore. Valid values include: follow, throw, or false. (String, optional)

-derefAliases

Controls how aliases are dereferenced. The default value is always. Valid values include:

• never - never deference aliases
• finding - deferences aliases only during name resolution
• searching - deferences aliases only after name resolution

(String, optional)

-sslEnabled

Indicates to enable SSL or not. The default value is false. (Boolean, optional)

-connectionPool

The connection pool. The default value is false. (Boolean, optional)

-connectTimeout

The connection timeout in seconds. The default value is 20. (Integer, optional)

Restriction: Due to a current JNDI limitation, the maximum connection timeout is 20 seconds. Even if you specify a value greater than 20 seconds, the connection still times out at 20 seconds.

-ldapServerType

The type of LDAP server being used. The default value is IDS51. (String, optional)

Specify one of the following valid values:

• IDS
• ZOSDS
• DOMINO
• NDS
• SUNONE
• AD
• ADAM
• CUSTOM

-sslConfiguration

The SSL configuration. (String, optional)

-certificateMapMode

Specifies whether to map X.509 certificates into a LDAP directory by exact distinguished name or by certificate filter. The default value is EXACT_DN. To use the certificate filter for the mapping, specify FILTERDESCRIPTORMODE. (String, optional)

-certificateFilter

If certificateMapMode has the value FILTERDESCRIPTORMODE, then this property specifies the LDAP filter which maps attributes in the client certificate to entries in LDAP. For more information, see the section Certificate filter in the topic, Lightweight Directory Access Protocol repository configuration settings. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPServer {-id id_name -host myhost.ibm.com}

• Using Jython string:

  AdminTask.addIdMgrLDAPServer ('[-id id_name -host myhost.ibm.com]')

• Using Jython list:

  AdminTask.addIdMgrLDAPServer (['-id', 'id_name', '-host', 'myhost.ibm.com'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask addIdMgrLDAPServer {-interactive}

• Using Jython string:

  AdminTask.addIdMgrLDAPServer ('[-interactive]')

• Using Jython list:

  AdminTask.addIdMgrLDAPServer (['-interactive'])

addIdMgrRepositoryBaseEntry

The addIdMgrRepositoryBaseEntry command adds a base entry to the specified repository.

Required parameters

-id

The ID of the repository. (String, required)

-name

The distinguished name of a base entry. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-nameInRepository

The distinguished name in the repository that uniquely identifies the base entry name. (String, optional)

Avoid trouble: The values specified for both name and nameInRepository parameters must be the same for a database repository.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask addIdMgrRepositoryBaseEntry {-id id_name -name name_value}

• Using Jython string:

  AdminTask.addIdMgrRepositoryBaseEntry ('[-id id_name -name name_value]')

• Using Jython list:

  AdminTask.addIdMgrRepositoryBaseEntry (['-id', 'id_name', '-name', 'name_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask addIdMgrRepositoryBaseEntry {-interactive}

• Using Jython string:

  AdminTask.addIdMgrRepositoryBaseEntry ('[-interactive]')

• Using Jython list:

  AdminTask.addIdMgrRepositoryBaseEntry (['-interactive'])

createIdMgrCustomRepository

The createIdMgrCustomRepository command creates a custom repository configuration.

Required parameters

-id

The ID of the repository. (String, required)

-adapterClassName

The implementation class name for the repository adapter. (String, required)

Examples

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Batch mode example usage:

• Using Jacl:

  $AdminTask createIdMgrCustomRepository {-id id_name -adapterClassName adapter_class_name}

• Using Jython string:

  AdminTask.createIdMgrCustomRepository('-id id_name -adapterClassName adapter_class_name')

• Using Jython list:

  AdminTask.createIdMgrCustomRepository(['-id', 'id_name', '-adapterClassName', 'adapter_class_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask createIdMgrCustomRepository {-interactive}

• Using Jython:

  AdminTask.createIdMgrCustomRepository('-interactive')

createIdMgrDBRepository

The createIdMgrDBRepository command creates a database repository configuration.

Required parameters

-id

The ID of the repository. (String, required)

-dataSourceName

The name of the data source. The default value is jdbc/wimDS. (String, required)

-databaseType

The type of the database. The default value is DB2. (String, required)

-dbURL

The URL of the database. (String, required)

-dbAdminId

The database administrator ID. (String, required if database type is not Apache Derby.)

-dbAdminPassword

The database administrator password. (String, required if database type is not Apache Derby.)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-adapterClassName

The default value is com.ibm.ws.wim.adapter.db.DBAdapter. (String, optional)

-JDBCDriverClass

The JDBC driver class name. (String, optional)

-supportSorting

Indicates if sorting is supported or not. The default value is false. (Boolean, optional)

-supportTransactions

Indicates if transactions are supported or not. The default value is false. (Boolean, optional)

-isExtIdUnique

Specifies if the external ID is unique. The default value is true. (Boolean, optional)

-supportExternalName

Indicates if external names are supported or not. The default value is false. (Boolean, optional)

-supportAsyncMode

Indicates if the adapter supports async mode or not. The default value is false. (Boolean, optional)

-readOnly

Indicates if this is a read only repository. The default value is false. (Boolean, optional)

-entityRetrievalLimit

Indicates the value of the retrieval limit on database entries. The default value is 200. (Integer, optional)

-saltLength

The salt length in bits. The default value is 12. (Integer, optional)

-encryptionKey

The default value is rZ15ws0ely9yHk3zCs3sTMv/ho8fY17s. (String, optional)

-dbSchema

The database schema of the database repository that you want to configure. The schema should exist in the database. The default value is the default schema of the database according to the database type. Typically, the default schema is the namespace of the current database user. (String, optional).

-dbSchema

The database schema of the database repository that you want to configure. The default value is the default schema of the database according to the database type. Typically, the default schema is the namespace of the current database user. (String, optional).

-tablespacePrefix

The tablespace prefix. The maximum length allowed for this string is 3 characters. The value of tablespacePrefix parameter is required when you use the dbSchema parameter. It is specific to DB2 for z/OS and will be ignored for any other database type. (String, optional)

-hashAlgorithm

The hashing algorithm to use for hashing the password. Valid values: SHA-1, PBKDF2WithHmacSHA1. (String, optional)

-hashIterations

The number of iterations to perform for password hashing. Valid only when hashing algorithm is set to PBKDF2WithHmacSHA1. Default value is 100000. (Integer, optional)

-hashKeyLength

The to-be-derived key length for password hashing. Valid only when hashing algorithm is set to PBKDF2WithHmacSHA1. Default value is 32. (Integer, optional)

-hashSaltLength

The salt length of the randomly generated salt for password hashing. Valid only when hashing algorithm is set to PBKDF2WithHmacSHA1. Default value is 32. (Integer, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask createIdMgrDBRepository {-id id_name -dataSourceName datasource_name -databaseType database_type}

• Using Jython string:

  AdminTask.createIdMgrDBRepository ('[-id id_name -dataSourceName datasource_name -databaseType database_type]')

• Using Jython list:

  AdminTask.createIdMgrDBRepository (['-id', 'id_name', '-dataSourceName', 'datasource_name', '-databaseType', 'database_type'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask createIdMgrDBRepository {-interactive}

• Using Jython string:

  AdminTask.createIdMgrDBRepository ('[-interactive]')

• Using Jython list:

  AdminTask.createIdMgrDBRepository (['-interactive'])

createIdMgrFileRepository

The createIdMgrFileRepository command creates a file repository configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-messageDigest Algorithm

The message digest algorithm that will be used for hashing the password. The default value is PBKDF2WithHmacSHA1. Valid values include the following: SHA-1, SHA-384 SHA-512, or PBKDF2WithHmacSHA1. (String, optional)

-adapterClassName

The default value is com.ibm.ws.wim.adapter.file.was.FileAdapter. (String, optional)

-supportPaging

Indicates if paging is supported or not. The default value is false. (Boolean, optional)

-supportSorting

Indicates if sorting is supported or not. The default value is false. (Boolean, optional)

-supportTransactions

Indicates if transaction is supported or not. The default value is false. (Boolean, optional)

-isExtIdUnique

Specifies if the external ID is unique or not. The default value is true. (Boolean, optional)

-supportAsyncMode

Indicates if the adapter supports async mode or not. The default value is false. (Boolean, optional)

-supportExternalName

Indicates if external names are supported or not. The default value is false. (Boolean, optional)

-baseDirectory

The base directory where the fill will be created in order to store the data. The default is to be dynamically built during run time using user.install.root and cell name. (String, optional)

-fileName

The file name of the repository. The default value is fileRegistry.xml. (String, optional)

-saltLength

The salt length of the randomly generated salt for password hashing. The default value is 32. (Integer, optional)

-keyLength

The to-be-derived key length for password hashing. Valid only when hashing algorithm is set to PBKDF2WithHmacSHA1. Default value is 32. (Integer, optional)

-hashIterations

The number of iterations to perform for password hashing. Valid only when hashing algorithm is set to PBKDF2WithHmacSHA1. Default value is 100000. (Integer, optional)

-accountLockoutThreshold

Specifies the number of unsuccessful attempts that a user is allowed before the account is locked. The default threshold is five unsuccessful attempts. To disable account lockout, set the account lockout threshold to 0.

-accountLockoutDuration

Specifies the duration of time in minutes that the account is locked when the number of unsuccessful login attempts exceeds the accountLockoutThreshold value. The value for this attribute must be greater than zero if the accountLockoutThreshold attribute is set. The default value in minutes is 15.

-ignoreFailedLoginAfter

Specifies the duration of time in minutes that a single unsuccessful login attempt counts toward the account lockout threshold. All failed login attempts for the user account are also cleared after a successful login or after a password update. If the accountLockoutThreshold attribute is set, the value for this attribute must be greater than 0. The default value in minutes is 15.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask createIdMgrFileRepository {-id id_name -messageDigestAlgorithm algorithm_value}

• Using Jython string:

  AdminTask.createIdMgrFileRepository ('[-id id_name -messageDigestAlgorithm algorithm_value]')

• Using Jython list:

  AdminTask.createIdMgrFileRepository (['-id', 'id_name', '-messageDigestAlgorithm', 'algorithm_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask createIdMgrFileRepository {-interactive}

• Using Jython string:

  AdminTask.createIdMgrFileRepository ('[-interactive]')

• Using Jython list:

  AdminTask.createIdMgrFileRepository (['-interactive'])

createIdMgrLDAPRepository

The createIdMgrLDAPRepository command creates an LDAP repository configuration.

Required parameters

-id

The unique identifier for the repository. (String, required)

-ldapServerType

The type of LDAP server that is being used. The default value is IDS51. (String, required)

Specify one of the following valid values:

• IDS
• ZOSDS
• DOMINO
• NDS
• SUNONE
• AD
• ADAM
• CUSTOM

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-adapterClassName

The default value is com.ibm.ws.wim.adapter.ldap.LdapAdapter. (String, optional)

-supportSorting

Indicates if sorting is supported or not. The default value is false. (Boolean, optional)

-supportPaging

Indicates if paging is supported or not. The default value is false. (Boolean, optional)

-supportTransactions

Indicates if transactions are supported or not. The default value is false. (Boolean, optional)

-isExtIdUnique

Specifies if the external ID is unique. The default value is true. (Boolean, optional)

-supportAsyncMode

Indicates if the adapter supports async mode or not. The default value is false. (Boolean, optional)

-supportExternalName

Indicates if external names are supported or not. The default value is false. (Boolean, optional)

-certificateMapMode

Specifies whether to map X.509 certificates into a LDAP directory by exact distinguished name or by certificate filter. The default value is exactdn. To use the certificate filter for the mapping, specify the value as certificatefilter. (String, optional)

-certificateFilter

If the certificateMapMode parameter has the value certificatefilter, then this property specifies the LDAP filter that maps attributes in the client certificate to entries in LDAP. (String, optional)

-loginProperties

Indicates the property name used for login. (String , optional)

Supported configurations: If you define multiple login properties, the first login property is programmatically mapped to the federated repositories principalName property. For example, if you set uid;mail as the login properties, the LDAP attribute uid value is mapped to the federated repositories principalName property. If you define multiple login properties, after login, the first login property is returned as the value of the principalName property. For example, if you pass joe@yourco.com as the principalName value and the login properties are configured as uid;mail, the principalName is returned as joe.

-sslConfiguration

The SSL configuration. (String, optional)

-translateRDN

Indicates to translate RDN or not. The default value is false. (Boolean, optional)

-searchTimeLimit

The value of search time limit. (Integer, optional)

-searchCountLimit

The value of search count limit. (Integer, optional)

-searchPageSize

The value of search page size. (Integer, optional)

-returnToPrimaryServer

(Integer, optional)

-primaryServerQueryTimeInterval

(Integer, optional)

-default

If you set this parameter to true, the default values will be set for the remaining configuration properties of the LDAP repository. (Boolean, optional)

-supportChangeLog

This parameter indicates whether the repository supports change tracking. Valid values for this parameter are none or native. The default value is none. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask createIdMgrLDAPRepository {-id id_name -ldapServerType LDAP_server_type}

• Using Jython string:

  AdminTask.createIdMgrLDAPRepository ('[-id id_name -ldapServerType LDAP_server_type]')

• Using Jython list:

  AdminTask.createIdMgrLDAPRepository (['-id', 'id_name', '-ldapServerType', 'LDAP_server_type'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask createIdMgrLDAPRepository {-interactive}

• Using Jython string:

  AdminTask.createIdMgrLDAPRepository ('[-interactive]')

• Using Jython list:

  AdminTask.createIdMgrLDAPRepository (['-interactive'])

deleteIdMgrLDAPAttr

Use the deleteIdMgrLDAPAttr command to delete the LDAP attribute configuration data for a specific entity type from the LDAP repository of interest.

Target object

None

Required parameters

-id

Use this parameter to specify the unique ID of the repository. (String, required)

Supported configurations: The deleteIdMgrLDAPAttr command also requires the name of either the LDAP attribute or federated repository property. Specify a value for either the -name or -propertyName parameter that is described in the next section. However, do not specify both parameters. Although the -name or -propertyName parameters are designated as optional parameters, an error occurs if you do not specify one of the parameters or if you specify both parameters.

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-name

Use this parameter to specify the name of the LDAP attribute used in the repository LDAP adapter. (String, required)

-entityTypes

Use this parameter to specify the entity type which applies the attribute mapping. (String, optional)

-propertyName

Use this parameter to specify the name of the corresponding federated repository property. (String optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPAttr {-id id_name -name unicode_password}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPAttr ('[-id id_name -name unicode_password]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPAttr (['-id', 'id_name', '-name', 'unicode_password'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPAttr {-interactive}

• Using Jython:

  AdminTask.deleteIdMgrLDAPAttr('-interactive')

deleteIdMgrLDAPAttrNotSupported

Use the deleteIdMgrLDAPAttrNotSupported command to delete the configuration for a federated repository property that the specified LDAP repository does not support.

Target object

None

Required parameters

-id

Use this parameter to specify the unique ID of the repository. (String, required)

-propertyName

Use this parameter to specify the name of the federated repository property. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-entityTypes

Use this parameter to specify one or more entity types. Use the semicolon (;) as the delimiter to specify multiple entity types. If you do not specify this parameter, the deleteIdMgrLDAPAttrNotSupported command deletes all the configuration data of the specified attribute. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPAttrNotSupported {-id id_name -propertyName property_name}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPAttrNotSupported ('[-id id_name -propertyName property_name]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPAttrNotSupported (['-id', 'id_name', '-propertyName', 'property_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPAttrNotSupported {-interactive}

• Using Jython:

  AdminTask.deleteIdMgrLDAPAttrNotSupported('-interactive') 

deleteIdMgrLDAPEntityType

The deleteIdMgrLDAPEntityType command deletes the LDAP entity type configuration data for a specified entity type for a specific LDAP repository.

Parameters and return values

-id

The ID of the repository. (String, required)

-name

The name of the entity type. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPEntityType {-id id_name -name name_value}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPEntityType ('[-id id_name -name name_value]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPEntityType (['-id', 'id_name', '-name', 'name_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPEntityType {-interactive}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPEntityType ('[-interactive]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPEntityType (['-interactive'])

deleteIdMgrLDAPEntityTypeRDNAttr

The deleteIdMgrLDAPEntityTypeRDNAttr command deletes the relative distinguished name (RDN) attribute configuration from an LDAP entity type configuration.

Required parameters

-id

The ID of the repository. (String, required)

-entityTypeName

The name of the entity type. (String, required)

-name

The attribute name that is used to build the relative distinguished name (RDN) for the entity type. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPEntityTypeRDNAttr {-id id_name -name name_value -entityTypeName entity_type}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPEntityTypeRDNAttr ('[-id id_name -name name_value -entityTypeName entity_type]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPEntityTypeRDNAttr (['-id', 'id_name', '-name', 'name_value', '-entityTypeName', 'entity_type'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPEntityTypeRDNAttr {-interactive}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPEntityTypeRDNAttr ('[-interactive]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPEntityTypeRDNAttr (['-interactive'])

deleteIdMgrLDAPExternalIdAttr

Use the deleteIdMgrLDAPExternalIdAttr command to delete the configuration for an LDAP attribute that is used as an external ID in the specified LDAP repository.

Target object

None

Required parameters

-id

Use this parameter to specify the unique ID of the repository. (String, required)

-name

Use this parameter to specify the name of the external ID attribute of the LDAP repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-entityTypes

Use this parameter to specify one or more entity types. Use a semicolon (;) as the delimiter to specify multiple entity types. If you do not specify this parameter, the deleteIdMgrLDAPExternalIdAttr command deletes all the configuration data of the specified attribute. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPExternalIdAttr {-id id_name -name unicode_password}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPExternalIdAttr ('[-id id_name -name unicode_password]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPExternalIdAttr (['-id', 'id_name', '-name', 'unicode_password'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPExternalIdAttr {-interactive}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPExternalIdAttr ('-interactive') 

deleteIdMgrLDAPGroupConfig

The deleteIdMgrLDAPGroupConfig command deletes the LDAP group configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPGroupConfig {-id id_name}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPGroupConfig ('[-id id_name]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPGroupConfig (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPGroupConfig {-interactive}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPGroupConfig ('[-interactive]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPGroupConfig (['-interactive'])

deleteIdMgrLDAPGroupMemberAttr

The deleteIdMgrLDAPGroupMemberAttr command deletes a member attribute configuration from an LDAP group configuration.

Required parameters

-id

The ID of the repository. (String, required)

-name

The name of the LDAP attribute that is used as the group member attribute, for example, member or uniqueMember. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPGroupMemberAttr {-id id_name -name attr_name}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPGroupMemberAttr ('[-id id_name -name attr_name]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPGroupMemberAttr (['-id', 'id_name', '-name', 'attr_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPGroupMemberAttr {-interactive}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPGroupMemberAttr ('[-interactive]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPGroupMemberAttr (['-interactive'])

deleteIdMgrLDAPGroupDynamicMemberAttr

The deleteIdMgrLDAPGroupDynamicMemberAttr command deletes a dynamic member attribute configuration from an LDAP group configuration.

Required parameters

-id

The ID of the repository. (String, required)

-name

The name of the LDAP attribute that is used as the group member attribute. For example, memberURL. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPGroupDynamicMemberAttr {-id id_name -name name_value}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPGroupDynamicMemberAttr ('[-id id_name -name name_value]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPGroupDynamicMemberAttr (['-id', 'id_name', '-name', 'name_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPGroupDynamicMemberAttr {-interactive}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPGroupDynamicMemberAttr ('[-interactive]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPGroupDynamicMemberAttr (['-interactive'])

deleteIdMgrLDAPServer

The deleteIdMgrLDAPServer command deletes the configuration for the LDAP server that you specify from the LDAP repository ID that you specify.

Required parameters

-id

The ID of the repository. (String, required)

-host

The host name for the primary LDAP server. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPServer {-id id_name -host myhost.ibm.com}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPServer ('[-id id_name -host myhost.ibm.com]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPServer (['-id', 'id_name', '-host', 'myhost.ibm.com'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrLDAPServer {-interactive}

• Using Jython string:

  AdminTask.deleteIdMgrLDAPServer ('[-interactive]')

• Using Jython list:

  AdminTask.deleteIdMgrLDAPServer (['-interactive'])

deleteIdMgrRepository

The deleteIdMgrRepository command deletes a repository that you specify.

Required parameters

-id

The ID of the repository. Valid values include existing repository IDs. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrRepository {-id id_name}

• Using Jython string:

  AdminTask.deleteIdMgrRepository ('[-id id_name]')

• Using Jython list:

  AdminTask.deleteIdMgrRepository (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrRepository {-interactive}

• Using Jython string:

  AdminTask.deleteIdMgrRepository ('[-interactive]')

• Using Jython list:

  AdminTask.deleteIdMgrRepository (['-interactive'])

deleteIdMgrRepositoryBaseEntry

The deleteIdMgrRepositoryBaseEntry command deletes a base entry from the specified repository.

Required parameters

-id

The ID of the repository. (String, required)

-name

The distinguished name of a base entry. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrRepositoryBaseEntry {-id id_name -name name_value}

• Using Jython string:

  AdminTask.deleteIdMgrRepositoryBaseEntry ('[-id id_name -name name_value]')

• Using Jython list:

  AdminTask.deleteIdMgrRepositoryBaseEntry (['-id', 'id_name', '-name', 'name_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask deleteIdMgrRepositoryBaseEntry {-interactive}

• Using Jython string:

  AdminTask.deleteIdMgrRepositoryBaseEntry ('[-interactive]')

• Using Jython list:

  AdminTask.deleteIdMgrRepositoryBaseEntry (['-interactive'])

getIdMgrLDAPAttrCache

The getIdMgrLDAPAttrCache command returns the LDAP attribute cache configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPAttrCache {-id id_name}

• Using Jython string:

  AdminTask.getIdMgrLDAPAttrCache ('[-id id_name]')

• Using Jython list:

  AdminTask.getIdMgrLDAPAttrCache (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPAttrCache {-interactive}

• Using Jython string:

  AdminTask.getIdMgrLDAPAttrCache ('[-interactive]')

• Using Jython list:

  AdminTask.getIdMgrLDAPAttrCache (['-interactive'])

getIdMgrLDAPContextPool

The getIdMgrLDAPContextPool command returns the LDAP context pool configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPContextPool {-id id_name}

• Using Jython string:

  AdminTask.getIdMgrLDAPContextPool ('[-id id_name]')

• Using Jython list:

  AdminTask.getIdMgrLDAPContextPool (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPContextPool {-interactive}

• Using Jython string:

  AdminTask.getIdMgrLDAPContextPool ('[-interactive]')

• Using Jython list:

  AdminTask.getIdMgrLDAPContextPool (['-interactive'])

getIdMgrLDAPEntityType

The getIdMgrLDAPEntityType command returns the LDAP entity type configuration data.

Required parameters

-id

The ID of the repository. (String, required)

-name

The name of the entity type. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPEntityType {-id id_name -name name_value}

• Using Jython string:

  AdminTask.getIdMgrLDAPEntityType ('[-id id_name -name name_value]')

• Using Jython list:

  AdminTask.getIdMgrLDAPEntityType (['-id', 'id_name', '-name', 'name_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPEntityType {-interactive}

• Using Jython string:

  AdminTask.getIdMgrLDAPEntityType ('[-interactive]')

• Using Jython list:

  AdminTask.getIdMgrLDAPEntityType (['-interactive'])

getIdMgrLDAPEntityTypeRDNAttr

The getIdMgrLDAPEntityTypeRDNAttr command returns the relative distinguished name (RDN) attribute configuration for an LDAP entity type definition.

Required parameters

-id

The ID of the repository. (String, required)

-entityTypeName

The name of the entity name. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPEntityTypeRDNAttr {-id id_name -entityTypeName name_value}

• Using Jython string:

  AdminTask.getIdMgrLDAPEntityTypeRDNAttr ('[-id id_name -entityTypeName name_value]')

• Using Jython list:

  AdminTask.getIdMgrLDAPEntityTypeRDNAttr (['-id', 'id_name', '-entityTypeName', 'name_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPEntityTypeRDNAttr {-interactive}

• Using Jython string:

  AdminTask.getIdMgrLDAPEntityTypeRDNAttr ('[-interactive]')

• Using Jython list:

  AdminTask.getIdMgrLDAPEntityTypeRDNAttr (['-interactive'])

getIdMgrLDAPGroupConfig

The getIdMgrLDAPGroupConfig command returns the LDAP group configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPGroupConfig {-id id_name}

• Using Jython string:

  AdminTask.getIdMgrLDAPGroupConfig ('[-id id_name]')

• Using Jython list:

  AdminTask.getIdMgrLDAPGroupConfig (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPGroupConfig {-interactive}

• Using Jython string:

  AdminTask.getIdMgrLDAPGroupConfig ('[-interactive]')

• Using Jython list:

  AdminTask.getIdMgrLDAPGroupConfig (['-interactive'])

getIdMgrLDAPGroupDynamicMemberAttrs

The getIdMgrLDAPGroupDynamicMemberAttrs command returns the dynamic member attribute configuration from the LDAP group configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPGroupDynamicMemberAttrs {-id id_name}

• Using Jython string:

  AdminTask.getIdMgrLDAPGroupDynamicMemberAttrs ('[-id id_name]')

• Using Jython list:

  AdminTask.getIdMgrLDAPGroupDynamicMemberAttrs (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPGroupDynamicMemberAttrs {-interactive}

• Using Jython string:

  AdminTask.getIdMgrLDAPGroupDynamicMemberAttrs ('[-interactive]')

• Using Jython list:

  AdminTask.getIdMgrLDAPGroupDynamicMemberAttrs (['-interactive'])

getIdMgrLDAPGroupMemberAttrs

The getIdMgrLDAPGroupMemberAttrs command returns the member attribute configuration for the LDAP group configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPGroup MemberAttrs {-id id_name}

• Using Jython string:

  AdminTask.getIdMgrLDAPGroup MemberAttrs ('[-id id_name]')

• Using Jython list:

  AdminTask.getIdMgrLDAPGroup MemberAttrs (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPGroupMemberAttrs {-interactive}

• Using Jython string:

  AdminTask.getIdMgrLDAPGroupMemberAttrs ('[-interactive]')

• Using Jython list:

  AdminTask.getIdMgrLDAPGroupMemberAttrs (['-interactive'])

getIdMgrLDAPSearchResultCache

The getIdMgrLDAPSearchResultCache command returns the LDAP search result cache configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPSearchResultCache {-id id_name}

• Using Jython string:

  AdminTask.getIdMgrLDAPSearchResultCache ('[-id id_name]')

• Using Jython list:

  AdminTask.getIdMgrLDAPSearchResultCache (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPSearchResultCache {-interactive}

• Using Jython string:

  AdminTask.getIdMgrLDAPSearchResultCache ('[-interactive]')

• Using Jython list:

  AdminTask.getIdMgrLDAPSearchResultCache (['-interactive'])

getIdMgrLDAPServer

The getIdMgrLDAPServer command returns the configuration for the LDAP server that you specify for the LDAP repository ID that you specify.

Required parameters

-id

The ID of the repository. (String, required)

-host

The host name for the primary LDAP server. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPServer {-id id_name -host myhost.ibm.com}

• Using Jython string:

  AdminTask.getIdMgrLDAPServer ('[-id id_name -host myhost.ibm.com]')

• Using Jython list:

  AdminTask.getIdMgrLDAPServer (['-id', 'id_name', '-host', 'myhost.ibm.com'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask getIdMgrLDAPServer {-interactive}

• Using Jython string:

  AdminTask.getIdMgrLDAPServer ('[-interactive]')

• Using Jython list:

  AdminTask.getIdMgrLDAPServer (['-interactive'])

getIdMgrRepository

The getIdMgrRepository command returns the configuration of the specified repository.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask getIdMgrRepository {-id id_name}

• Using Jython string:

  AdminTask.getIdMgrRepository ('[-id id_name]')

• Using Jython list:

  AdminTask.getIdMgrRepository (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask getIdMgrRepository {-interactive}

• Using Jython string:

  AdminTask.getIdMgrRepository ('[-interactive]')

• Using Jython list:

  AdminTask.getIdMgrRepository (['-interactive'])

listIdMgrLDAPAttrs

Use the listIdMgrLDAPAttrs command to list the name of each configured attributes for the LDAP repository of interest.

Required parameters

-id

Use thois parameter to specify the unique ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Return value

The command returns a list of HashMaps that contains parameters of the addIdMgrLDAPAttr command as keys. For the entityTypes parameter, which is multivalued, the value of the key is a string that is delimited by a semicolon (;). The return value includes an additional key called entityTypesList. The value of the entityTypesList key is a List object.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listIdMgrLDAPAttrs {-id id_value}

• Using Jython string:

  AdminTask.listIdMgrLDAPAttrs ('[-id id_value]')

• Using Jython list:

  AdminTask.listIdMgrLDAPAttrs (['-id', 'id_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask listIdMgrLDAPAttrs {-interactive}

• Using Jython:

  AdminTask.listIdMgrLDAPAttrs('-interactive')

listIdMgrLDAPAttrsNotSupported

Use the listIdMgrLDAPAttrsNotSupported command to list the details of all configured federated repository properties that the specified LDAP repository does not support.

Target object

None

Required parameters

-id

Use this parameter to specify the unique ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Return value

The command returns a List of HashMaps that contains parameters of the addIdMgrLDAPAttrNotSupported command as keys. For multivalued parameters such as entityTypes, the value of the key is a List object.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listIdMgrLDAPAttrsNotSupported {-id id_name}

• Using Jython string:

  AdminTask.listIdMgrLDAPAttrsNotSupported ('[-id id_name]')

• Using Jython list:

  AdminTask.listIdMgrLDAPAttrsNotSupported (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask listIdMgrLDAPAttrsNotSupported ('[-interactive]')

• Using Jython:

  AdminTask.listIdMgrLDAPAttrsNotSupported ('-interactive') 

listIdMgrCustomProperties

The listIdMgrCustomProperties command returns a list of custom properties for the repository that you specify.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listIdMgrCustomProperties {-id id_value}

• Using Jython string:

  AdminTask.listIdMgrCustomProperties ('[-id id_value]')

• Using Jython list:

  AdminTask.listIdMgrCustomProperties (['-id', 'id_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask listIdMgrCustomProperties {-interactive}

• Using Jython string:

  AdminTask.listIdMgrCustomProperties ('[-interactive]')

• Using Jython list:

  AdminTask.listIdMgrCustomProperties (['-interactive'])

listIdMgrLDAPBackupServers

The listIdMgrLDAPBackupServers command returns a list of the backup LDAP server or servers.

Required parameters and return values

-id

The ID of the repository. (String, required)

-primary_host

The host name for the primary LDAP server. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listIdMgrLDAPBackupServer {-id id_value -primary_host host_name}

• Using Jython string:

  AdminTask.listIdMgrLDAPBackupServer ('[-id id_value -primary_host host_name]')

• Using Jython list:

  AdminTask.listIdMgrLDAPBackupServer (['-id', 'id_value', '-primary_host', 'host_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask listIdMgrLDAPBackupServer {-interactive}

• Using Jython string:

  AdminTask.listIdMgrLDAPBackupServer ('[-interactive]')

• Using Jython list:

  AdminTask.listIdMgrLDAPBackupServer (['-interactive'])

listIdMgrLDAPEntityTypes

The listIdMgrLDAPEntityTypes command lists the name of all of the configured LDAP entity type definitions.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listIdMgrLDAPEntityTypes {-id id_value}

• Using Jython string:

  AdminTask.listIdMgrLDAPEntityTypes ('[-id id_value]')

• Using Jython list:

  AdminTask.listIdMgrLDAPEntityTypes (['-id', 'id_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask listIdMgrLDAPEntityTypes {-interactive}

• Using Jython string:

  AdminTask.listIdMgrLDAPEntityTypes ('[-interactive]')

• Using Jython list:

  AdminTask.listIdMgrLDAPEntityTypes (['-interactive'])

listIdMgrLDAPExternalIdAttrs

Use the listIdMgrLDAPExternalIdAttrs command to list the details of all LDAP attributes used as an external ID in the specified LDAP repository.

Target object

None

Required parameters

-id

Use this parameter to specify the unique ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Return value

The command returns a List of HashMaps that contains parameters of the addIdMgrLDAPExternalIdAttr command as keys. For multivalued parameters such as entityTypes, the value of the key is a List object.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listIdMgrLDAPExternalIdAttrs {-id id_name}

• Using Jython string:

  AdminTask.listIdMgrLDAPExternalIdAttrs ('[-id id_name]')

• Using Jython list:

  AdminTask.listIdMgrLDAPExternalIdAttrs (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask listIdMgrLDAPExternalIdAttrs ('[-interactive]')

• Using Jython string:

  AdminTask.listIdMgrLDAPExternalIdAttrs('-interactive') 

listIdMgrLDAPServers

The listIdMgrLDAPServers command lists all of the configured primary LDAP servers.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listIdMgrLDAPServers {-id id_value}

• Using Jython string:

  AdminTask.listIdMgrLDAPServers ('[-id id_value]')

• Using Jython list:

  AdminTask.listIdMgrLDAPServers (['-id', 'id_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask listIdMgrLDAPServers {-interactive}

• Using Jython string:

  AdminTask.listIdMgrLDAPServers ('[-interactive]')

• Using Jython list:

  AdminTask.listIdMgrLDAPServers (['-interactive'])

listIdMgrRepositories

The listIdMgrRepositories command lists names and types of all configured repositories.

Required parameters and return values

None.

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

• Returns: A hash map with key as the name of the repository and value as another hash map that includes the following keys:
  • repositoryType - The type of repository. For example, File, LDAP, DB, and so on.
  • specificRepositoryType - The specific type of repository. For example, LDAP, IDS51, NDS, and so on.
  • host - The host name where the repository resides. For File, it is LocalHost and for DB it is dataSourceName.
  This command will not return the Property Extension and Entry Mapping repository data.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listIdMgrRepositories

• Using Jython string:

  AdminTask.listIdMgrRepositories()

• Using Jython list:

  AdminTask.listIdMgrRepositories()

Interactive mode example usage:

• Using Jacl:

  $AdminTask listIdMgrRepositories {-interactive}

• Using Jython string:

  AdminTask.listIdMgrRepositories ('[-interactive]')

• Using Jython list:

  AdminTask.listIdMgrRepositories (['-interactive'])

listIdMgrRepositoryBaseEntries

The listIdMgrRepositoryBaseEntries command lists the base entries for a specified repository.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listIdMgrRepositoryBaseEntries {-id id_value}

• Using Jython string:

  AdminTask.listIdMgrRepositoryBaseEntries ('[-id id_value]')

• Using Jython list:

  AdminTask.listIdMgrRepositoryBaseEntries (['-id', 'id_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask listIdMgrRepositoryBaseEntries {-interactive}

• Using Jython string:

  AdminTask.listIdMgrRepositoryBaseEntries ('[-interactive]')

• Using Jython list:

  AdminTask.listIdMgrRepositoryBaseEntries (['-interactive'])

listIdMgrSupportedDBTypes

The listIdMgrSupportedDBTypes command returns a list of supported database types.

Required parameters

None.

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listIdMgrSupportedDBTypes

• Using Jython string:

  AdminTask.listIdMgrSupportedDBTypes()

• Using Jython list:

  AdminTask.listIdMgrSupportedDBTypes()

Interactive mode example usage:

• Using Jacl:

  $AdminTask listIdMgrSupportedDBTypes {-interactive}

• Using Jython string:

  AdminTask.listIdMgrSupportedDBTypes ('[-interactive]')

• Using Jython list:

  AdminTask.listIdMgrSupportedDBTypes (['-interactive'])

listIdMgrSupportedMessageDigestAlgorithms

The listIdMgrSupportedMessageDigestAlgorithms command returns a list of supported message digest algorithms.

None.

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listIdMgrSupportedMessageDigestAlgorithms

• Using Jython string:

  AdminTask.listIdMgrSupportedMessageDigestAlgorithms()

• Using Jython list:

  AdminTask.listIdMgrSupportedMessageDigestAlgorithms()

Interactive mode example usage:

• Using Jacl:

  $AdminTask listIdMgrSupportedMessageDigestAlgorithms {-interactive}

• Using Jython string:

  AdminTask.listIdMgrSupportedMessageDigestAlgorithms ('[-interactive]')

• Using Jython list:

  AdminTask.listIdMgrSupportedMessageDigestAlgorithms (['-interactive'])

listIdMgrSupportedLDAPServerTypes

The listIdMgrSupportedLDAPServerTypes command returns a list of supported LDAP server types.

Required parameters

None.

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask listIdMgrSupportedLDAPServerTypes

• Using Jython string:

  AdminTask.listIdMgrSupportedLDAPServerTypes()

• Using Jython list:

  AdminTask.listIdMgrSupportedLDAPServerTypes()

Interactive mode example usage:

• Using Jacl:

  $AdminTask listIdMgrSupportedLDAPServerTypes {-interactive}

• Using Jython string:

  AdminTask.listIdMgrSupportedLDAPServerTypes ('[-interactive]')

• Using Jython list:

  AdminTask.listIdMgrSupportedLDAPServerTypes (['-interactive'])

removeIdMgrLDAPBackupServer

The removeIdMgrLDAPBackupServer command removes the backup LDAP server or servers.

Required parameters

-id

The ID of the repository. (String, required)

-primary_host

The host name for the primary LDAP server. (String, required)

-host

The name of the backup host name. Use a asterisk (*) if you want to remove all backup servers. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-port

The port number of the LDAP server. (Integer, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask removeIdMgrLDAPBackupServer {-id id_value -primary_host myprimaryhost.ibm.com -host myhost.ibm.com}

• Using Jython string:

  AdminTask.removeIdMgrLDAPBackupServer ('[-id id_value -primary_host myprimaryhost.ibm.com -host myhost.ibm.com]')

• Using Jython list:

  AdminTask.removeIdMgrLDAPBackupServer (['-id', 'id_value', '-primary_host', 'myprimaryhost.ibm.com', '-host', 'myhost.ibm.com'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask removeIdMgrLDAPBackupServer {-interactive}

• Using Jython string:

  AdminTask.removeIdMgrLDAPBackupServer ('[-interactive]')

• Using Jython list:

  AdminTask.removeIdMgrLDAPBackupServer (['-interactive'])

setIdMgrCustomProperty

The setIdMgrCustomProperty command : sets, adds or deletes a custom property to a repository configuration. If a value is not specified, or if there is an empty string, the property is deleted from the repository configuration. If a name does not exist it is added if a value is specified. If the name is "*" then all of the custom properties are deleted.

Required parameters

-id

The unique identifier of the repository. Valid values include the existing repository IDs. (String, required)

-name

The name of the additional property for the repository that are not defined OOTB.(String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-value

The value of a property for the repository. If this parameter is an empty string, the property is deleted from the repository configuration. If this parameter is not an empty string, and a name does not exist, it is added. If a name is an empty string, all of the custom properties are deleted. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask setIdMgrCustomProperty {-id id_value -name name_value -value value}

• Using Jython string:

  AdminTask.setIdMgrCustomProperty ('[-id id_value -name name_value -value value]')

• Using Jython list:

  AdminTask.setIdMgrCustomProperty (['-id', 'id_value', '-name', 'name_value', '-value', 'value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask setIdMgrCustomProperty {-interactive}

• Using Jython string:

  AdminTask.setIdMgrCustomProperty ('[-interactive]')

• Using Jython list:

  AdminTask.setIdMgrCustomProperty (['-interactive'])

setIdMgrLDAPAttrCache

The setIdMgrLDAPAttrCache command configures the LDAP attribute cache configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-cachesDiskOffLoad

(String, optional)

-enabled

Indicates if you want to enable attribute caching. The default value is true. (Boolean, optional)

-cacheSize

The maximum size of the attribute cache defined by the number of attribute objects that are permitted in the attribute cache. The minimum value of this parameter is 100. The default value is 4000. (Integer, optional)

-cacheTimeOut

The amount of time in seconds before the cached entries that are located in the attributes cache can be not valid. The minimum value of this parameter is 0. The attribute objects that are cached will remain in the attributes cache until the virtual member manager changes the attribute objects. The default value is 1200. (Integer, optional)

-attributeSizeLimit

An integer that represents the maximum number of attribute object values that can cache in the attributes cache.

Some attributes, for example, the member attribute, contain many values. The attributeSizeLimit parameter prevents the attributes cache to cache large attributes. The default value is 2000.

(Integer, optional)

-serverTTLAttribute

The name of the ttl attribute that is supported by the LDAP server. The attributes cache uses the value of this attribute to determine when the cached entries in the attributes cache will time out.

The ttl attribute contains the time, in seconds, that any information from the entry should be kept by a client before it is considered stale and a new copy is fetched. A value of 0 implies that the object will not be cached. For more information about this attribute, go to: https://www.ietf.org/proceedings/98aug/I-D/draft-ietf-asid-ldap-cache-01.txt.

The ttl attribute is not supported by all LDAP servers. If this attribute is supported by an LDAP server, you can set the value of the serverTTLAttribute parameter to the name of the ttl attribute in order to allow the value of the ttyl attribute to determine when cached entries will time out. The time out value for different entries in attributes cache can be different.

For example, if the value of the serverTTLAttribute parameter is ttl and the attributes cache retrieves attributes of a user from an LDAP server, it will also retrieve the value of the ttl attribute of this user. If the value is 200, the WMM uses this value to set the time out for the attributes of the user in the attributes cache instead of using the value of cacheTimeout. You can set different ttl attribute values for different users. (String, optional)

-cacheDistPolicy

The distribution policy for the dynamic cache in a cluster environment.

The valid values are none (for NOT_SHARED), push (for SHARED_PUSH), and push_pull (for SHARED_PUSH_PULL) and the default value is none. The value of this parameter is read during the adapter startup process and the cache policy is set accordingly.

(String, optional)

• Returns: None

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask setIdMgrLDAPAttrCache {-id id_name}

• Using Jython string:

  AdminTask.setIdMgrLDAPAttrCache ('[-id id_name]')

• Using Jython list:

  AdminTask.setIdMgrLDAPAttrCache (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask setIdMgrLDAPAttrCache {-interactive}

• Using Jython string:

  AdminTask.setIdMgrLDAPAttrCache ('[-interactive]')

• Using Jython list:

  AdminTask.setIdMgrLDAPAttrCache (['-interactive'])

setIdMgrLDAPContextPool

The setIdMgrLDAPContextPool command sets up the LDAP context pool configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-enabled

By default, the context pool is enabled. If you set this parameter to false, the context pool is disabled. When the context pool is disabled, new context instances will be created for each request. The default value is true. (Boolean, optional)

-initPoolSize

The number of context instances that the virtual member manager LDAP adapter creates when it creates the pool. The valid range for this parameter is 1 to 50. The default value is 1. (Integer, optional)

-maxPoolSize

The maximum number of context instances that the context pool will maintain. Context instances that are in use and those that are idle contribute to this number. When the pool size reaches this number, new context instances cannot be created for new requests. The new request is blocked until a context instance is released by another request or is removed. The request checks periodically if there are context instances available in the pool according to the amount of time that you specify using the poolWaitTime parameter.

The minimum value for this parameter is 0. There is no maximum value. Setting the value of this parameter to 0 means that there is no maximum size and a request for a pooled context instance will use an existing pooled idle context instance or a newly created pooled context instance. The default value is 0.

(Integer, optional)

-prefPoolSize

The preferred number of context instances that the context pool will maintain. Context instances that are in use and those that are idle contribute to this number. When there is a request for the use of a pooled context instance and the pool size is less than the preferred size, the context pool creates and uses a new pooled context instance regardless of whether an idle connection is available. When a request finishes with a pooled context instance and the pool size is greater than the preferred size, the context pool closes and removes the pooled context instance from the pool.

The valid range for this parameter is from 0 to 100. Setting the value of this parameter to 0 means that there is no preferred size and a request for a pooled context instance results in a newly created context instance only if no idle ones are available. The default value is 3.

(Integer, optional)

-poolTimeOut

An integer that represents the number of seconds that an idle context instance might remain in the pool without being closed and removed from the pool. When a context instance is requested from the pool, if this context already exists in the pool for more than the time defined by poolTimeout, this connection is closed no matter whether this context instance is stale or active. A new context instance is created and put back to the pool after it has been released from the request.

The minimum value for this parameter is 0. There is no maximum value. Setting the value of this parameter to 0 means that the context instances in the pool remain until they are staled. The context pool catches the communication exception and recreates a new context instance. The default value is 0.

(Integer, optional)

-poolWaitTime

The time interval in milliseconds that the request waits until the context pool rechecks if there are idle context instances available in the pool when the number of context instances reaches the maximum pool size. If no idle context instance, the request will continue waiting for the same period of time until next checking.

The minimum value for the poolWaitout parameter is 0. There is no maximum value. A value of 0 for this parameter means that the context pool will not check if idle context exists. The request will be notified when a context instance releases from other requests. The default value is 3000.

(Integer, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask setIdMgrLDAPContextPool {-id id_name}

• Using Jython string:

  AdminTask.setIdMgrLDAPContextPool ('[-id id_name]')

• Using Jython list:

  AdminTask.setIdMgrLDAPContextPool (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask setIdMgrLDAPContextPool {-interactive}

• Using Jython string:

  AdminTask.setIdMgrLDAPContextPool ('[-interactive]')

• Using Jython list:

  AdminTask.setIdMgrLDAPContextPool (['-interactive'])

setIdMgrLDAPGroupConfig

The setIdMgrLDAPGroupConfig command sets up the LDAP group configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-updateGroupMembership

Updates the group membership if the member is deleted or renamed. Some LDAP servers, for example, Domino server, do not clean up the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, the value of this parameter is set to true. Use this parameter to change the value. The default value is false. (Boolean, optional)

-name

The name of the membership attribute. For example, memberOf in an active directory server and ibm-allGroups in IDS. (String, optional)

-scope

The scope of the membership attribute. The following are the possible values for this parameter:

• direct - The membership attribute only contains direct groups. Direct groups contain the member and are not contained through a nested group. For example, if group1 contains group2, group2 contains user1, then group2 is a direct group of user1, but group1 is not a direct group of user1.
• nested - The membership attribute contains both direct groups and nested groups.
• all - The membership attribute contains direct groups, nested groups, and dynamic members.

The default value is direct. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask setIdMgrLDAPGroupConfig {-id id_name}

• Using Jython string:

  AdminTask.setIdMgrLDAPGroupConfig ('[-id id_name]')

• Using Jython list:

  AdminTask.setIdMgrLDAPGroupConfig (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask setIdMgrLDAPGroupConfig {-interactive}

• Using Jython string:

  AdminTask.setIdMgrLDAPGroupConfig ('[-interactive]')

• Using Jython list:

  AdminTask.setIdMgrLDAPGroupConfig (['-interactive'])

setIdMgrLDAPSearchResultCache

The setIdMgrLDAPSearchResultCache command sets up the LDAP search result cache configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-cachesDiskOffLoad

Loads the attributes caches and the search results onto hard disk. By default, when the number of cache entries reaches the maximum size of the cache, cache entries are evicted to allow new entries to enter the caches. If you enable this parameter, the evicted cache entries will be copied to disk for future access. The default value is false. (Boolean, optional)

-enabled

Enables the search results cache. The default value is true. (Boolean, optional)

-cacheSize

The maximum size of the search results cache. The number of naming enumeration objects that can be put into the search results cache. The minimum value of this parameter is 100. The default value is 2000. (Integer, optional)

-cacheTimeOut

The amount of time in seconds before the cached entries in the search results cache can be not valid. The minimum value for this parameter is 0. A value of 0 means that the cached naming enumeration objects will stay in the search results cache until there are configuration changes. The default value is 600. (Integer, optional)

-searchResultSizeLimit

The maximum number of entries contained in the naming enumeration object that can be cached in the search results cache.For example, if the results from a search contains 2000 users, the search results will not cache in the search results cache if the value of the of this property is set to 1000. The default value is 1000. (Integer, optional)

-cacheDistPolicy

The distribution policy for the dynamic cache in a cluster environment.

The valid values are none (for NOT_SHARED), push (for SHARED_PUSH), and push_pull (for SHARED_PUSH_PULL) and the default value is none. The value of this parameter is read during the adapter startup process and the cache policy is set accordingly.

(String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask setIdMgrLDAPSearchResultCache {-id id_name}

• Using Jython string:

  AdminTask.setIdMgrLDAPSearchResultCache ('[-id id_name]')

• Using Jython list:

  AdminTask.setIdMgrLDAPSearchResultCache (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask setIdMgrLDAPSearchResultCache {-interactive}

• Using Jython string:

  AdminTask.setIdMgrLDAPSearchResultCache ('[-interactive]')

• Using Jython list:

  AdminTask.setIdMgrLDAPSearchResultCache (['-interactive'])

setIdMgrEntryMappingRepository

The setIdMgrEntryMappingRepository command sets or updates an entry mapping repository configuration.

Required parameters

-dataSourceName

The name of the data source. The default value is jdbc/wimDS. The parameter is required if the property extension is not set. The parameter is not required if the command is used to update the existing configuration. (String)

-databaseType

The type of the database. The default value is DB2. The parameter is required if the property extension is not set. The parameter is not required if the command is used to update the existing configuration. (String)

-dbURL

The URL of the database. The parameter is required if the property extension is not set. The parameter is not required if the command is used to update the existing configuration. (String)

-dbAdminId

The database administrator ID. (String, required if database type is not Apache Derby.)

-dbAdminPassword

The database administrator password. (String, required if database type is not Apache Derby.)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-JDBCDriverClass

The JDBC driver class name. (String, optional)

-dbSchema

The database schema of the database repository that you want to configure. The schema should exist in the database. The default value is the default schema of the database according to the database type. Typically, the default schema is the namespace of the current database user. (String, optional).

-dbSchema

The database schema of the database repository that you want to configure. The default value is the default schema of the database according to the database type. Typically, the default schema is the namespace of the current database user. (String, optional).

-tablespacePrefix

The tablespace prefix. The maximum length allowed for this string is 3 characters. The value of tablespacePrefix parameter is required when you use the dbSchema parameter. It is specific to DB2 for z/OS and will be ignored for any other database type. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask setIdMgrEntryMappingRepository {-dbAdminId database_administrator_ID -dbAdminPassword database_administrator_password}

• Using Jython string:

  AdminTask.setIdMgrEntryMappingRepository ('[-dbAdminId database_administrator_ID -dbAdminPassword database_administrator_password]')

• Using Jython list:

  AdminTask.setIdMgrEntryMappingRepository (['-dbAdminId', 'database_administrator_ID', '-dbAdminPassword', 'database_administrator_password'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask setIdMgrEntryMappingRepository {-interactive}

• Using Jython string:

  AdminTask.setIdMgrEntryMappingRepository ('[-interactive]')

• Using Jython list:

  AdminTask.setIdMgrEntryMappingRepository (['-interactive'])

setIdMgrPropertyExtensionRepository

The setIdMgrPropertyExtensionRepository command sets or updates the property extension repository configuration.

Required parameters

-dataSourceName

The name of the data source. The default value is jdbc/wimDS. The parameter is required if the property extension is not set. The parameter is not required if the command is used to update the existing configuration. (String)

-databaseType

The type of the database. The default value is DB2. The parameter is required if the property extension is not set. The parameter is not required if the command is used to update the existing configuration. (String)

-dbURL

The URL of the database. The parameter is required if the property extension is not set. The parameter is not required if the command is used to update the existing configuration. (String)

-dbAdminId

The database administrator ID. (String, required if database type is not Apache Derby.)

-dbAdminPassword

The database administrator password. (String, required if database type is not Apache Derby.)

-entityRetrievalLimit

The limit for the retrieval of entities. (Integer, required)

-JDBCDriverClass

The JDBC driver class name. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-dbSchema

The database schema of the database repository that you want to configure. The schema should exist in the database. The default value is the default schema of the database according to the database type. Typically, the default schema is the namespace of the current database user. (String, optional).

-dbSchema

The database schema of the database repository that you want to configure. The default value is the default schema of the database according to the database type. Typically, the default schema is the namespace of the current database user. (String, optional).

-tablespacePrefix

The tablespace prefix. The maximum length allowed for this string is 3 characters. The value of tablespacePrefix parameter is required when you use the dbSchema parameter. It is specific to DB2 for z/OS and will be ignored for any other database type. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask setIdMgrPropertyExtensionRepository {-entityRetrievalLimit limit_value -JDBCDriverClass class_name}

• Using Jython string:

  AdminTask.setIdMgrPropertyExtensionRepository ('[-entityRetrievalLimit limit_value -JDBCDriverClass class_name]')

• Using Jython list:

  AdminTask.setIdMgrPropertyExtensionRepository (['-entityRetrievalLimit', 'limit_value', '-JDBCDriverClass', 'class_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask setIdMgrPropertyExtensionRepository {-interactive}

• Using Jython string:

  AdminTask.setIdMgrPropertyExtensionRepository ('[-interactive]')

• Using Jython list:

  AdminTask.setIdMgrPropertyExtensionRepository (['-interactive'])

updateIdMgrDBRepository

The updateIdMgrDBRepository command updates the configuration for the database repository that you specify.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-dataSourceName

The name of the data source. The default value is jdbc/wimDS. (String, optional)

-databaseType

The type of the database. The default value is DB2. (String, optional)

-dbURL

The URL of the database. (String, optional)

-dbAdminId

The database administrator ID. (String, optional)

-dbAdminPassword

The database administrator password. (String, optional)

-entityRetrievalLimit

Indicates the value of the retrieval limit on database entries. The default value is 200. (Integer, optional)

-JDBCDriverClass

The JDBC driver class name. (String, optional)

-saltLength

The salt length in bits. The default value is 12. (Integer, optional)

-encryptionKey

The default value is rZ15ws0ely9yHk3zCs3sTMv/ho8fY17s. (String, optional)

-dbSchema

The database schema of the database repository that you want to configure. The schema should exist in the database. The default value is the default schema of the database according to the database type. Typically, the default schema is the namespace of the current database user. (String, optional).

-dbSchema

The database schema of the database repository that you want to configure. The default value is the default schema of the database according to the database type. Typically, the default schema is the namespace of the current database user. (String, optional).

-tablespacePrefix

The tablespace prefix. The maximum length allowed for this string is 3 characters. The value of tablespacePrefix parameter is required when you use the dbSchema parameter. It is specific to DB2 for z/OS and will be ignored for any other database type. (String, optional)

-hashAlgorithm

The hashing algorithm to use for hashing the password. Valid values: SHA-1, PBKDF2WithHmacSHA1. (String, optional)

-hashIterations

The number of iterations to perform for password hashing. Valid only when hashing algorithm is set to PBKDF2WithHmacSHA1. Default value is 100000. (Integer, optional)

-hashKeyLength

The to-be-derived key length for password hashing. Valid only when hashing algorithm is set to PBKDF2WithHmacSHA1. Default value is 32. (Integer, optional)

-hashSaltLength

The salt length of the randomly generated salt for password hashing. Valid only when hashing algorithm is set to PBKDF2WithHmacSHA1. Default value is 32. (Integer, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrDBRepository {-id id_name}

• Using Jython string:

  AdminTask.updateIdMgrDBRepository ('[-id id_name]')

• Using Jython list:

  AdminTask.updateIdMgrDBRepository (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrDBRepository {-interactive}

• Using Jython string:

  AdminTask.updateIdMgrDBRepository ('[-interactive]')

• Using Jython list:

  AdminTask.updateIdMgrDBRepository (['-interactive'])

updateIdMgrFileRepository

The updateIdMgrFileRepository command updates the configuration for the file repository that you specify. To update other properties of the file repository use the updateIdMgrRepository command.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-messageDigest Algorithm

The message digest algorithm that will be used for hashing the password. The default value is PBKDF2WithHmacSHA1. Valid values include the following: SHA-1, SHA-384, SHA-512 or PBKDF2WithHmacSHA1. (String, optional)

-baseDirectory

The base directory where the fill will be created in order to store the data. The default is to be dynamically built during run time using user.install.root and cell name. (String, optional)

-fileName

The file name of the repository. The default value is fileRegistry.xml. (String, optional)

-saltLength

The salt length of the randomly generated salt for password hashing. The default value is 32. (Integer, optional)

-keyLength

The to-be-derived key length for password hashing. Valid only when hashing algorithm is set to PBKDF2WithHmacSHA1. Default value is 32. (Integer, optional)

-hashIterations

The number of iterations to perform for password hashing. Valid only when hashing algorithm is set to PBKDF2WithHmacSHA1. Default value is 100000. (Integer, optional)

-accountLockoutThreshold

Specifies the number of unsuccessful attempts that a user is allowed before the account is locked. The default threshold is five unsuccessful attempts. To disable account lockout, set the account lockout threshold to 0.

-accountLockoutDuration

Specifies the duration of time in minutes that the account is locked when the number of unsuccessful login attempts exceeds the accountLockoutThreshold value. The value for this attribute must be greater than zero if the accountLockoutThreshold attribute is set. The default value in minutes is 15.

-ignoreFailedLoginAfter

Specifies the duration of time in minutes that a single unsuccessful login attempt counts toward the account lockout threshold. All failed login attempts for the user account are also cleared after a successful login or after a password update. If the accountLockoutThreshold attribute is set, the value for this attribute must be greater than 0. The default value in minutes is 15.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrFileRepository {-id id_name}

• Using Jython string:

  AdminTask.updateIdMgrFileRepository ('[-id id_name]')

• Using Jython list:

  AdminTask.updateIdMgrFileRepository (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrFileRepository {-interactive}

• Using Jython string:

  AdminTask.updateIdMgrFileRepository ('[-interactive]')

• Using Jython list:

  AdminTask.updateIdMgrFileRepository (['-interactive'])

updateIdMgrLDAPAttrCache

The updateIdMgrLDAPAttrCache command updates the LDAP attribute cache configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-cachesDiskOffLoad

(String, optional)

-enabled

Indicates if you want to enable attribute caching. The default value is true. (Boolean, optional)

-cacheSize

The maximum size of the attribute cache defined by the number of attribute objects that are permitted in the attribute cache. The minimum value of this parameter is 100. The default value is 4000. (Integer, optional)

-cacheTimeOut

The amount of time in seconds before the cached entries that are located in the attributes cache can be not valid. The minimum value of this parameter is 0. The attribute objects that are cached will remain in the attributes cache until the virtual member manager changes the attribute objects. The default value is 1200. (Integer, optional)

-attributeSizeLimit

An integer that represents the maximum number of attribute object values that can cache in the attributes cache.

Some attributes, for example, the member attribute, contain many values. The attributeSizeLimit parameter prevents the attributes cache to cache large attributes. The default value is 2000.

(Integer, optional)

-serverTTLAttribute

The name of the ttl attribute that is supported by the LDAP server. The attributes cache uses the value of this attribute to determine when the cached entries in the attributes cache will time out.

The ttl attribute contains the time, in seconds, that any information from the entry should be kept by a client before it is considered stale and a new copy is fetched. A value of 0 implies that the object will not be cached. For more information about this attribute, go to: https://www.ietf.org/proceedings/98aug/I-D/draft-ietf-asid-ldap-cache-01.txt.

The ttl attribute is not supported by all LDAP servers. If this attribute is supported by an LDAP server, you can set the value of the serverTTLAttribute parameter to the name of the ttl attribute in order to allow the value of the ttyl attribute to determine when cached entries will time out. The time out value for different entries in attributes cache can be different.

-cacheDistPolicy

The distribution policy for the dynamic cache in a cluster environment.

The valid values are none (for NOT_SHARED), push (for SHARED_PUSH), and push_pull (for SHARED_PUSH_PULL) and the default value is none. The value of this parameter is read during the adapter startup process and the cache policy is set accordingly.

(String, optional)

For example, if the value of the serverTTLAttribute parameter is ttl and the attributes cache retrieves attributes of a user from an LDAP server, it will also retrieve the value of the ttl attribute of this user. If the value is 200, the WMM uses this value to set the time out for the attributes of the user in the attributes cache instead of using the value of cacheTimeout. You can set different ttl attribute values for different users. (String, optional)

• Returns: None

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPAttrCache {-id id_name}

• Using Jython string:

  AdminTask.updateIdMgrLDAPAttrCache ('[-id id_name]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPAttrCache (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPAttrCache {-interactive}

• Using Jython string:

  AdminTask.updateIdMgrLDAPAttrCache ('[-interactive]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPAttrCache (['-interactive'])

updateIdMgrLDAPContextPool

The updateIdMgrLDAPContextPool command updates the LDAP context pool configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-enabled

By default, the context pool is enabled. If you set the value of this parameter to false, the context pool is disabled which means that a new context instance will be created for each request. The default value is true. (Boolean, optional)

-initPoolSize

The number of context instances that the virtual member manager LDAP adapter creates when it creates the pool. The valid range for this parameter is 1 to 50. The default value is 1. (Integer, optional)

-maxPoolSize

The maximum number of context instances that can be maintained concurrently by the context pool. Both in-use and idle context instances contribute to this number. When the pool size reaches this number, new context instances cannot created for new request. The new request is blocked until a context instance is released by another request or is removed. The request checks periodically if there are context instances available in the pool according to the value defined for the poolWaitTime parameter. The minimum value of the maxPoolSize parameter is 0. There is no maximum value. A maximum pool size of 0 means that there is no maximum size and that a request for a pooled context instance will use an existing pooled idle context instance or a newly created pooled context instance. The default value is 0. (Integer, optional)

-prefPoolSize

The preferred number of context instances that the Context Pool should maintain. Both in-use and idle context instances contribute to this number. When there is a request for the use of a pooled context instance and the pool size is less than the preferred size, Context Pool will create and use a new pooled context instance regardless of whether an idle connection is available. When a request is finished with a pooled context instance and the pool size is greater than the preferred size, the Context Pool will close and remove the pooled context instance from the pool. The valid range of the prefPoolSize parameter is 0 to 100. A preferred pool size of 0 means that there is no preferred size: A request for a pooled context instance will result in a newly created context instance only if no idle ones are available. The default value is 3. (Integer, optional)

-poolTimeOut

An integer that represents the number of seconds that an idle context instance may remain in the pool without being closed and removed from the pool. When a context instance is requested from the pool, if this context already exists in the pool for more than the time defined by poolTimeout, this connection will be closed no matter this context instance is stale or active. A new context instance will be created and put back to the pool after it has been released from the request.The minimum value of poolTimeout is 0. There is no maximum value.A poolTimeout of 0 means that the context instances in the pool will remain in the pool until they are staled. In this case, Context Pool will catch the communication exception and recreate a new context instance. The default value is 0. (Integer, optional)

-poolWaitTime

The time interval (in milliseconds) that the request will wait until the Context Pool checks again if there are idle context instance available in the pool when the number of context instances reaches the maximum pool size. If there is still no idle context instance, the request will continue waiting for the same period of time until next checking. The minimum value of poolWaitout is 0. There is no maximum value. A poolWaitTime of 0 means the Context Pool will not check if there are idle context. Instead, the request will be notified when there is a context instance is released from other requests. The default value is 3000. (Integer, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPContextPool {-id id_name}

• Using Jython string:

  AdminTask.updateIdMgrLDAPContextPool ('[-id id_name]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPContextPool (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPContextPool {-interactive}

• Using Jython string:

  AdminTask.updateIdMgrLDAPContextPool ('[-interactive]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPContextPool (['-interactive'])

updateIdMgrLDAPEntityType

The updateIdMgrLDAPEntityType command updates an existing LDAP entity type definition to LDAP repository configuration. You can use this command to add more values to multi-valued parameters. If the property already exists, the value of the property will be replaced. If the property does not exist, it will be added.

Required parameters

-id

The ID of the repository. (String, required)

-name

The name of the entity type. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-searchFilter

The search filter that you want to use to search the entity type. (String, optional)

-objectClasses

One or more object classes for the entity type. (String, optional)

-objectClassesForCreate

The object class that will be when you create an entity type object. You do not have to specify the value of this parameter if it is the same as the value of the objectClasses parameter. (String, optional)

-searchBases

The search base or bases to use while searching the entity type. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPEntityType {-id id_name -name name_value}

• Using Jython string:

  AdminTask.updateIdMgrLDAPEntityType ('[-id id_name -name name_value]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPEntityType (['-id', 'id_name', '-name', 'name_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPEntityType {-interactive}

• Using Jython string:

  AdminTask.updateIdMgrLDAPEntityType ('[-interactive]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPEntityType (['-interactive'])

updateIdMgrLDAPGroupDynamicMemberAttr

The updateIdMgrLDAPGroupDynamicMemberAttr command updates a dynamic member attribute configuration to an LDAP group configuration.

Required parameters

-id

The ID of the repository. (String, required)

-name

The name of the LDAP attribute that is used as the group member attribute. For example, memberURL. (String, required)

-objectClass

The group object class that contains the dynamic member attribute. For example groupOfURLs. If you do not define this parameter, the dynamic member attribute will apply to all group object classes. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPGroupDynamicMemberAttr {-id id_name -name name_value -objectClass groupOfURLs}

• Using Jython string:

  AdminTask.updateIdMgrLDAPGroupDynamicMemberAttr ('[-id id_name -name name_value -objectClass groupOfURLs]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPGroupDynamicMemberAttr (['-id', 'id_name', '-name', 'name_value', '-objectClass', 'groupOfURLs'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPGroupDynamicMemberAttr {-interactive}

• Using Jython string:

  AdminTask.updateIdMgrLDAPGroupDynamicMemberAttr ('[-interactive]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPGroupDynamicMemberAttr (['-interactive'])

updateIdMgrLDAPGroupMemberAttr

The updateIdMgrLDAPGroupMemberAttr command updates a member attribute configuration of an LDAP group configuration.

Required parameters

-id

The ID of the repository. (String, required)

-name

The name of the LDAP attribute that is used as the group member attribute. For example, member or uniqueMember. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-objectClass

The group object class that contains the member attribute. For example, groupOfNames or groupOfUniqueNames. If you do not define this parameter, the member attribute applies to all group object classes. (String, optional)

-scope

The scope of the member attribute. The following are the valid values:

• direct - The member attribute only contains direct members whereby the member is directly contained by the group and not contained in a nested group. For example, if group1 contains group2, group2 contains user1, then group2 is a direct member of group1 but user1 is not a direct member of group1. Both member and uniqueMember are direct member attributes.
• nested - The member attribute contains both direct members and nested members.

-dummyMember

When you create a group without specifying a member, a dummy member will be filled in automatically to avoid receiving an exception that indicates that there is a mandatory attribute missing. (String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPGroupMemberAttr {-id id_name -name name_value}

• Using Jython string:

  AdminTask.updateIdMgrLDAPGroupMemberAttr ('[-id id_name -name name_value]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPGroupMemberAttr (['-id', 'id_name', '-name', 'name_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPGroupMemberAttr {-interactive}

• Using Jython string:

  AdminTask.updateIdMgrLDAPGroupMemberAttr ('[-interactive]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPGroupMemberAttr (['-interactive'])

updateIdMgrLDAPRepository

The updateIdMgrLDAPRepository command updates an LDAP repository configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-ldapServerType

The type of LDAP server that is being used. The default value is IDS51. (String, optional)

Specify one of the following valid values:

• IDS
• ZOSDS
• DOMINO
• NDS
• SUNONE
• AD
• ADAM
• CUSTOM

-adapterClassName

The default value is com.ibm.ws.wim.adapter.ldap.LdapAdapter. (String, optional)

-certificateMapMode

Specifies whether to map X.509 certificates into a LDAP directory by exact distinguished name or by certificate filter. The default value is exactdn. To use the certificate filter for the mapping, specify certificatefilter. (String, optional)

-certificateFilter

If certificateMapMode has the value certificatefilter, then this property specifies the LDAP filter which maps attributes in the client certificate to entries in LDAP. (String, optional)

-isExtIdUnique

Specifies if the external ID is unique. The default value is true. (Boolean, optional)

-loginProperties

Indicates the property name used for login. (String , optional)

Supported configurations: If you define multiple login properties, the first login property is programmatically mapped to the federated repositories principalName property. For example, if you set uid;mail as the login properties, the LDAP attribute uid value is mapped to the federated repositories principalName property. If you define multiple login properties, after login, the first login property is returned as the value of the principalName property. For example, if you pass joe@yourco.com as the principalName value and the login properties are configured as uid;mail, the principalName is returned as joe.

-primaryServerQueryTimeInterval

Indicates the polling interval for testing the primary server availability. The value of this parameter is specified in minutes. The default value is 15. (Integer, optional)

-returnToPrimaryServer

Indicates to return to the primary LDAP server when it is available. The default value is true. (Boolean, optional)

-searchCountLimit

The value of search count limit. (Integer, optional)

-searchPageSize

The value of search page size. (Integer, optional)

-searchTimeLimit

The value of search time limit. (Integer, optional)

-sslConfiguration

The SSL configuration. (String, optional)

-supportAsyncMode

Indicates if the async mode is supported or not. The default value is false. (Boolean, optional)

-supportChangeLog

This parameter indicates whether the repository supports change tracking. Valid values for this parameter are none or native. The default value is none. (String, optional)

-supportSorting

Indicates if sorting is supported or not. The default value is false. (Boolean, optional)

-supportPaging

Indicates if paging is supported or not. The default value is false. (Boolean, optional)

-supportTransactions

Indicates if transactions are supported or not. The default value is false. (Boolean, optional)

-supportExternalName

Indicates if external names are supported or not. The default value is false. (Boolean, optional)

-translateRDN

Indicates to translate RDN or not. The default value is false. (Boolean, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPRepository {-id id_name}

• Using Jython string:

  AdminTask.updateIdMgrLDAPRepository ('[-id id_name]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPRepository (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPRepository {-interactive}

• Using Jython string:

  AdminTask.updateIdMgrLDAPRepository ('[-interactive]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPRepository (['-interactive'])

updateIdMgrLDAPSearchResultCache

The updateIdMgrLDAPSearchResultCache command updates the LDAP search result cache configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-cachesDiskOffLoad

Loads the attributes caches and the search results onto hard disk. By default, when the number of cache entries reaches the maximum size of the cache, cache entries are evicted to allow new entries to enter the caches. If you enable this parameter, the evicted cache entries will be copied to disk for future access. The default value is false. (Boolean, optional)

-enabled

Enables the search results cache. The default value is true. (Boolean, optional)

-cacheSize

The maximum size of the search results cache. The number of naming enumeration objects that can be put into the search results cache. The minimum value of this parameter is 100. The default value is 2000. (Integer, optional)

-cacheTimeOut

The amount of time in seconds before the cached entries in the search results cache can be not valid. The minimum value for this parameter is 0. A value of 0 means that the cached naming enumeration objects will stay in the search results cache until there are configuration changes. The default value is 600. (Integer, optional)

-searchResultSizeLimit

The maximum number of entries contained in the naming enumeration object that can be cached in the search results cache.For example, if the results from a search contains 2000 users, the search results will not cache in the search results cache if the value of the of this property is set to 1000. The default value is 1000. (Integer, optional)

-cacheDistPolicy

The distribution policy for the dynamic cache in a cluster environment.

The valid values are none (for NOT_SHARED), push (for SHARED_PUSH), and push_pull (for SHARED_PUSH_PULL) and the default value is none. The value of this parameter is read during the adapter startup process and the cache policy is set accordingly.

(String, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPSearchResultCache {-id id_name}

• Using Jython string:

  AdminTask.updateIdMgrLDAPSearchResultCache ('[-id id_name]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPSearchResultCache (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPSearchResultCache {-interactive}

• Using Jython string:

  AdminTask.updateIdMgrLDAPSearchResultCache ('[-interactive]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPSearchResultCache (['-interactive'])

updateIdMgrLDAPServer

The updateIdMgrLDAPServer command updates an LDAP server configuration for the LDAP repository ID that you specify.

Required parameters and return values

-id

The ID of the repository. (String, required)

-host

The host name for the LDAP server that contains the properties that you want to modify. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-port

The port number for the LDAP server. (Integer, optional)

-authentication

Indicates the authentication method to use. The default value is simple. Valid values include: none or strong. (String, optional)

-bindDN

The binding domain name for the LDAP server. (String, optional)

-bindPassword

The binding password. The password is encrypted before it is stored.(String, optional)

-certificateMapMode

Specifies whether to map X.509 certificates into a LDAP directory by exact distinguished name or by certificate filter. The default value is exactdn. To use the certificate filter for the mapping, specify certificatefilter. (String, optional)

-certificateFilter

If certificateMapMode has the value certificatefilter, then this property specifies the LDAP filter which maps attributes in the client certificate to entries in LDAP. (String, optional)

-bindAuthMechanism

The bind authentication mechanism for binding to the LDAP server when you search for or modify an LDAP entry. The following values are valid:

• none - Anonymous bind to the LDAP server.
• simple - The default, which uses a simple bind distinguished name with a bind password to bind to the LDAP server.
• DIGEST-MD5 - The DIGEST-MD5 mechanism for DIGEST-MD5 authentication.
  To use DIGEST-MD5 authentication, add the useInputPrincipalNameForLogin custom property, as shown in the following example:

  AdminTask.setIdMgrCustomProperty(‘[-id LDAD1 -name useInputPrincipalNameForLogin -value true]’)

• GSSAPI - Kerberos authentication enablement, which requires the Kerberos principal name or the Kerberos service principal name to be set.

-krb5Principal

Kerberos principal name or Kerberos service principal name that is used to authenticate with the Key Distribution Center (KDC). The Kerberos principal name is required if the bindAuthMechanism parameter is set to the GSSAPI value.

-krb5TicketCache

The directory location and file name of the Kerberos ticket cache, which is also referred to as the ccache file.

-krb5Config

The Kerberos configuration file that contains the client configuration information, including the location of each Key Distribution Centers (KDC) for the realm. This file is used for Kerberos authentication, SPNEGO web authentication, and LDAP user registry authentication with Kerberos. The following information gives the default file name and location for the Kerberos configuration file:

• /etc/krb5.conf
• C:\Windows\krb5.ini

-krb5Keytab

The Kerberos keytab file that contains one or more Kerberos service principal names and keys. This file is also used for Kerberos authentication, SPNEGO web authentication, and LDAP user registry authentication with Kerberos. If the Kerberos ticket cache and the Kerberos keytab file are both specified, only the ticket cache is used.

-connectTimeout

The connection timeout measured in seconds. (Integer, optional)

Restriction: Due to a current JNDI limitation, the maximum connection timeout is 20 seconds. Even if you specify a value greater than 20 seconds, the connection still times out at 20 seconds.

-connectionPool

The connection pool. The default value is false. (Boolean, optional)

-derefAliases

Controls how aliases are dereferenced. The default value is always. Valid values include:

• never - never deference aliases
• finding - deferences aliases only during name resolution
• searching - deferences aliases only after name resolution

(String, optional)

-ldapServerType

The type of LDAP server being used. The default value is IDS51. (String, optional)

Specify one of the following valid values:

• IDS
• ZOSDS
• DOMINO
• NDS
• SUNONE
• AD
• ADAM
• CUSTOM

-primary_host

The host name for the primary LDAP server. (String, optional)

-referal

The LDAP referral. The default value is ignore. Valid values include: follow, throw, or false. (String, optional)

-sslConfiguration

The SSL configuration. (String, optional)

-sslEnabled

Indicates to enable SSL or not. The default value is false. (Boolean, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPServer {-id id_name -host myhost.ibm.com}

• Using Jython string:

  AdminTask.updateIdMgrLDAPServer ('[-id id_name -host myhost.ibm.com]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPServer (['-id', 'id_name', '-host', 'myhost.ibm.com'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrLDAPServer {-interactive}

• Using Jython string:

  AdminTask.updateIdMgrLDAPServer ('[-interactive]')

• Using Jython list:

  AdminTask.updateIdMgrLDAPServer (['-interactive'])

updateIdMgrRepository

The updateIdMgrRepository command updates the common repository configuration.

Required parameters

-id

The ID of the repository. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-adapterClassName

The implementation class name for the repository adapter. (String, optional)

-EntityTypesNot AllowCreate

The name of the entity type that should not be created in this repository. (String, optional)

-EntityTypesNotAllowUpdate

The name of the entity type that should not be updated in this repository. (String, optional)

-EntityTypesNotAllowRead

The name of the entity type that should not be read from this repository. (String, optional)

-EntityTypesNotAllowDelete

The name of the entity type that should not be deleted from this repository. (String, optional)

-isExtIdUnique

Specifies if the external ID is unique or not. (Boolean, optional)

-loginProperties

Indicates the property name used for login. (String, optional)

-readOnly

Indicates if this is a read only repository. The default value is false. (Boolean, optional)

-repositoriesForGroups

The repository ID where group data is stored. (String, optional)

-supportAsyncMode

Indicates if the adapter supports async mode or not. The default value is false. (Boolean, optional)

-supportChangeLog

This parameter indicates whether the repository supports change tracking. Valid values for this parameter are none or native. The default value is none. (String, optional)

-supportPaging

Indicates if the repository supports paging or not. (Boolean, optional)

-supportSorting

Indicates if the repository supports sorting or not. (Boolean, optional)

-supportTransactions

Indicates if the repository supports transaction or not. (Boolean, optional)

-supportedExternalName

Indicates if the repository supports external names or not. (Boolean, optional)

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrRepository {-id id_name}

• Using Jython string:

  AdminTask.updateIdMgrRepository ('[-id id_name]')

• Using Jython list:

  AdminTask.updateIdMgrRepository (['-id', 'id_name'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrRepository {-interactive}

• Using Jython string:

  AdminTask.updateIdMgrRepository ('[-interactive]')

• Using Jython list:

  AdminTask.updateIdMgrRepository (['-interactive'])

updateIdMgrRepositoryBaseEntry

The updateIdMgrRepositoryBaseEntry command updates a base entry to the specified repository.

Required parameters

-id

The ID of the repository. (String, required)

-name

The distinguished name of a base entry. (String, required)

Optional parameters

-securityDomainName

Use this parameter to specify the name that uniquely identifies the security domain. If you do not specify this parameter, the command uses the global federated repository. (String, optional)

-nameInRepository

The distinguished name in the repository that uniquely identifies the base entry name. (String, optional)

Avoid trouble: The values specified for both name and nameInRepository parameters must be the same for a database repository.

Examples

Batch mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrRepositoryBaseEntry {-id id_name name name_value}

• Using Jython string:

  AdminTask.updateIdMgrRepositoryBaseEntry ('[-id id_name name name_value]')

• Using Jython list:

  AdminTask.updateIdMgrRepositoryBaseEntry (['-id', 'id_name', 'name', 'name_value'])

Interactive mode example usage:

• Using Jacl:

  $AdminTask updateIdMgrRepositoryBaseEntry {-interactive}

• Using Jython string:

  AdminTask.updateIdMgrRepositoryBaseEntry ('[-interactive]')

• Using Jython list:

  AdminTask.updateIdMgrRepositoryBaseEntry (['-interactive'])