domain create
Creates a domain, including an administrator ID and password to log in to the specified domain. You must log in to the management domain as an administrator to perform this command.
Requires authentication (administrator ID and password) to use this command.
This command applies to LDAP registries only.
Syntax
domain create domain domain_admin_id domain_admin_password [–desc description]
Description
An initial domain is created when the policy server is configured. This domain, called the management domain, is the default domain in which Security Access Manager enforces security policies for authentication, authorization, and access control. You must log in to the management domain to create more policy domains.
When
you create a domain, you must specify an administrative ID and password
for the domain. The administrator of the management domain later assigns
the new ID and password. The new credentials are assigned to the administrator
responsible for handling policy management tasks for the specific
domain. The administrator of the domain is responsible for updating
the security policy for that particular domain if:
- Users change.
- Groups change.
- Resources change.
Options
- –desc description
- Specifies an optional description for the domain. A valid description is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. If the description contains a space, ensure that you enclose the description in double quotation marks. You can specify an empty string ("") to clear an existing description. Examples of description: "accounting area". (Optional)
- domain
- Specifies the name of the domain to be created. Characteristics
of the name are:
- Limited to 64 characters in length.
- Case sensitive.
- Can contain a-z, A–Z, 0–9, hyphen (-), underscore (_), period (.), at sign (@), or ampersand(&).
- Can contain any character from a double-byte character set.
- domain_admin_id
- Specifies an administrator ID, which is created in the specified domain.
- domain_admin_password
- Specifies the password for the domain_admin_id user.
Return codes
- 0
- The command completed successfully.
- 1
- The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the Security Access Manager error messages by decimal or hexadecimal codes.
Examples
- The following example creates a domain named Marketing,
a domain administrator ID Admin1, and an initial
password to log in to the domain:
pdadmin sec_master> domain create Marketing Admin1 password
- The following example creates a domain named Finance,
a domain administrator ID Admin2, a password, and
a domain description:
pdadmin sec_master> domain create Finance Admin2 password -desc "accounting area"