Sun logo      Previous      Contents      Index      Next     

Sun ONE Messaging and Collaboration User Management Utility 1.0 Installation and Reference Guide

Chapter 3
Command Line Utilities

The User Management Utility command-line utilities enable the administrators to manage different communication services for users, groups, domains, and organizations. The command line tool set used to perform bulk operations such as create, modify, delete, and search on users, groups, domains, and organizations are discussed in this chapter.

The commands are listed in Table 3-1. This table consists of three columns; the first column lists the command, the second the description of the command, and the third lists the type of administrators permitted to execute the command.

The commadmin utility is located in the /opt/SUNWcomm/bin directory.

Table 3-1  User Management Utility Command Line Interfaces 

Command

Description

Permission to Execute

commadmin admin add

Grants domain administrator privileges to a user

Top-level Administrator

commadmin admin remove

Revokes domain administrator privileges from a user

Top-level Administrator

commadmin admin search

Searches and displays users who have domain administrator privileges

Top-level Administrator, Domain Administrator

commadmin domain create

Creates a domain

Top-level Administrator

commadmin domain delete

Deletes a domain

Top-level Administrator

commadmin domain modify

Modifies a domain

Top-level Administrator

commadmin domain purge

Purges a domain

Top-level Administrator

commadmin domain search

Searches for a domain

Top-level Administrator

commadmin group create

Creates a group

Top-level Administrator, Domain Administrator and Mail list owner

commadmin group delete

Deletes a group

Top-level Administrator, Domain Administrator and Mail list owner

commadmin group modify

Modifies a group

Top-level Administrator, Domain Administrator and Mail list owner

commadmin group search

Searches for a group

Anyone

commadmin resource create

Creates a resource

Top-level Administrator, Domain Administrator

commadmin resource modify

Modifies a resource

Top-level Administrator, Domain Administrator

commadmin resource delete

Deletes a resource

Top-level Administrator, Domain Administrator

commadmin resource search

Searches for a resource

Anyone

commadmin user create

Creates a user

Top-level Administrator, Domain Administrator

commadmin user delete

Deletes a user

Top-level Administrator, Domain Administrator

commadmin user search

Searches for a user

Anyone

commadmin user modify

Modifies a user

Top-level Administrator, Domain Administrator


Execution Modes

The command line execution has three possible modes:


Command File Format

The options can be specified within a file, using the -i option.

Within the file, option names are separated from option values by white space. The option value begins with the first non-white space character and extends to the end-of-line character. Option sets are separated by blank lines.

The general syntax is:

<option name><white space>[option value, if any]
<option name><white space>[option value, if any]
...
<option name><white space>[option value, if any]
<blank line>
<option name><white space>[option value, if any]
<option name><white space>[option value, if any]
...
<option name><white space>[option value, if any]

The option value given in the command line becomes the default for each option set. Alternatively, these options can be specified for each option set. The value then overrides any default specified on the command line.

Following is an example of the format and syntax for the file specified by the -i option for the commadmin user add command.

l newuser1
F new
L user1
W secret

l newuser2
F new
L user2
W secret

l newuser3
F new
L user3
W secret

<and so forth...>


Command Descriptions

This section provides descriptions, syntax, and examples of the command line tools.

Mandatory commadmin Options

The following are the mandatory options used for authenticating the administrator or the user.

Options

Description

-D userid

User ID used to bind to the directory.

-w password

Password used to authenticate the userID to the directory.

-n domain

The domain the administrator belongs to.

The Identity Server Host (-X), Identity Server Port (-p), and the default domain (-n) values are specified during installation and stored in the cli-userprefs.properties file.


Note

If the -X, -p and -n options are not specified at the time when an commadmin command is executed, their values are taken from the cli-userprefs.properties file.


commadmin admin add

The commadmin admin add command grants the domain administrators privileges to a user for a particular domain. Only a top-level administrator or an ISP administrator can execute this command.

Syntax

commadmin admin add -D login -l login -n domain -w password -d domain [-h]
  [-i inputfile] [-p IS Port] [-X IS Host] [-?] [-s] [-v] [-V]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the top-level administrator.

-l login

The user ID of the user to whom you want to grant domain administrative privileges. The user should be present in the directory and be a part of the domain specified by the -d option.

-n domain

The domain of the top-level administrator. If not specified, default domain stored in the cli-userprefs.properties file is used.

-w password

The password of the top-level administrator.

-d domain

The domain to which you want to grant administrative privileges. If not specified, the domain specified by the -n option is used.

The following options are non-mandatory:

Options

Description

-i inputfile

Reads the command information from a file instead of the command line.

-p IS Port

Use this option to specify an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-X IS Host

Specify the host on which the identity server is running. If not specified, the default IS Host is used

-h, -?

Prints command usage syntax.

-V

Prints information about the utility and its version.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-v

Enable debugging output.

Examples

The following grants domain administrator privileges to the user with the user ID admin1.

commadmin admin add -D chris -n sesta.com -w bolton -l admin1 \
-d florizel.com

The following grants domain administrator privileges to the user with the user ID admin2 for the domain florizel.com.

imadmin add admin -D chris -w bolton -l admin2 -n varrius.com \
-d florizel.com

commadmin admin remove

The commadmin admin remove command removes the domain administrator privileges from an existing domain administrator. Only a top-level administrator can execute this command.

To remove domain administrator privileges from multiple users, use the -i option.

Syntax

commadmin admin remove -D login -l login -n domain -w password -d domain name
  [-h] [-?] [-i inputfile] [-p IS port] [-X IS host] [-s] [-v] [-V]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the top-level administrator.

-l login

The user ID of the user whose administrator privileges need to be revoked.

-n domain

The domain of the top-level administrator.

-w password

The password of the top-level administrator.

-d domain name

The domain to which administrator privileges are revoked. If -d is not specified, the domain specified by -n is used.

The following options are non-mandatory:

Option

Description

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-p IS Port

Use this option to specify an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-X IS Host

Specify the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

Example

The following command removes domain administrator privileges from the administrator with user ID admin5:

commadmin admin remove -D chris -n sesta.com -w bolton -l admin5 -d test.com

commadmin admin search

The commadmin admin search command searches and displays a specific or all domain administrators of a domain.

Syntax

imadmin admin search -D login -n domain -w password [-l login] [-d domain]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the user with permission to execute this command.

-n domain

The domain of the user specified with the -D option.

-w password

The password of the user specified with the -D option.

The following options are non-mandatory:

Option

Description

-l login

The user ID of the domain administrator searched for. If -l is not specified or -l is specified with the wildcard operator (-l\\* or -l ’*’) all domain administrators of the domain are displayed.

-d domain

Searches for users who have domain administrator privileges for the specified domain. If -d is not specified, the domain specified by -n is used.

Example

To search for all domain administrators of the test.com domain:

commadmin admin search -D chris -n sesta.com -w bolton -d test.com

commadmin domain create

The commadmin domain create command creates a single domain on the Identity Server. To create multiple domains, use the -i option.

Syntax

commadmin domain create -D login -d domain name -n domain -w password
  [-A [+]attributename:value] [-h] [-?] [-i inputfile] [-o organization RDN]
  [-p IS Port] [-s] [-v] [-V] [-X IS Host]
  [-S mail -H preferred mailhost]
  [-S cal [-B backend calendar data server] [-C searchable domains] [-g access control string]
  [-P propertyname[:value]] [-R right[:value]] [-T calendar time zone string]]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the top-level administrator.

-d domain name

DNS domain name of the domain that is being created.

-n domain

The domain of the top-level administrator.

-w password

The password of the top-level administrator.

The following options are non-mandatory:

Option

Description

-A [+ ]attributename:value

An attribute to modify. The attributename is defined in the LDAP schema and the value specified replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.

A “+” before the attributename indicates adding the value to the current list of attributes.

If the action value (+), is not specified, the default action is to add the existing value.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-o organization RDN

Specifies the organization RDN for the domain. For example, o=varrius.florizel.com.

If this option is not specified then the organization is created under the osi suffix, with o=the name of the domain, o=osiSuffix.

-p IS Port

Specifies an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

-S service

Specifies the service or services to be added to the domain.

service can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive.

If the -S mail option is specified, then the -H option must be specified.

Can be listed as a comma-separated list.

For Example:

-S mail,cal

A domain is created with the services mentioned depending on the value of the particular service definition present in the configuration file of the Identity Sever.

The following option is only allowed if the -S mail option is specified:

-H preferred mailhost

The preferred mail host for the domain. The host must be a fully qualified host name, for example, mailhost.sesta.com.

This option is mandatory if the -S mail option is specified.

The following options are only allowed if the -S cal option is specified:

-B backend calendar data server

Specifies the default backend host assigned to a user or resource in a domain.

-C searchable domains

Specifies the domains to be searched when looking for calendars or users.

-g access control string

Specifies the Access Control List (ACL) for newly created user calendar.

-P propertyname[:value]

Sets values for multi-valued and bit oriented attributes. Refer to table Table A-1 for attributes, their descriptions and values.

-R right[:value]

Sets calendar domain attribute icsAllowRights. The attribute holds a bitmap value. See Table A-2 for a list of attributes, their value, and description.

-T calendar time zone string

Specifies the time zone ID used when importing files.

See "Calendar Time Zone Strings" for a list of the valid time zone strings.

Example

To create a new domain with mail and calendar services, enter:

commadmin domain create -D chris -d florizel.com -n sesta.com -w bolton \
-S mail,cal -H mailhost.sesta.com

commadmin domain delete

The commadmin domain delete command marks a single hosted domain as deleted from the server. To mark multiple hosted domains as deleted, use the -i option.

The commadmin domain purge command will permanently remove the domain.

To disable domain administrators usage of a service like calendar service or mail service, use the -S option. Here S is in uppercase.

Syntax

commadmin domain delete -D login -d domain name -n domain -w password [-h] [-?]
  [-i inputfile] [-p IS Port] [-s] [-S service] [-v] [-V] [-X IS Host]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the top-level administrator.

-d domain name

The DNS domain name that is being deleted. If -d is not specified, the domain specified by -n is used.

-n domain

The domain of the top-level administrator.

-w password

The password of the top-level administrator.

The following options are non-mandatory:

Option

Description

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-p IS Port

Specifies an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured during installation.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-S service

Modifies the value of the specified service status attribute value to ‘deleted’.

Multiple services are separated by a comma. The valid service values are mail and cal. These values are case-insensitive.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

Example

To delete an existing domain:

commadmin domain delete -D chris -w bolton -d florizel.com -n sesta.com

To delete just the mail service from the florizel.com domain:

commadmin domain delete -D chris -w bolton -d florizel.com -n sesta.com \
-S mail

commadmin domain modify

The commadmin domain modify command modifies attributes of a single domain’s directory entry. To modify multiple domains, use the -i option.

Syntax

commadmin domain modify -D login -d domain -n domain -w password
  [-A [+|-]attributename:value] [-h] [?] [-i inputfile] [-p IS Port] [-s] [-v] [-V]
  [-X IS Host]
  [-S mail -H preferred mailhost]
  [-S cal [-G access string] [-C cross domain search domains] [-B backend calendar data server]
  [-P [action]propertyname[:value]] [-R propertyname[:value]] [-T calendar time zone string]]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the top-level administrator.

-d domain

The DNS domain name to be modified. If -d is not specified, the domain specified by -n is used.

-n domain

The domain of the top-level administrator.

-w password

The password of the top-level administrator.

The following options are non-mandatory:

Option

Description

-A [+ | -]attributename:value

An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.

A “+” before the attributename indicates adding the value to the current list of attributes. A “-” indicates removing the value.

If the “-” is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the “-” sign.

If the action value (+ or -), is not specified, the default action is to replace the existing value.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-p IS port

Specifies an alternate TCP port where the identity server is listening. If not specified, the default IS port is used, or Port 80 is used if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

-S service

Adds the specified service or services to the domain during modification.

The valid service values are mail and cal. These values are case-insensitive.

The services listed with the -S option are separated by a comma.

If -S mail is specified, then the -H option must be specified.

When adding a service, the following option is only allowed if the -S mail option is specified:

-H preferred mailhost

The preferred mailhost for the domain.

This option is mandatory if the -S mail option is specified.

When adding a service, the following options are only allowed if the -S cal option is specified:

-B backend calendar data server

The default backend host assigned to a user or resource in a domain.

-C cross domain search domains

Specifies the domains to be searched when looking for calendars or users.

-G access string

Specifies the Access Control List (ACL) for newly created user calendar.

-P [action]propertyname[:value]

Sets the values for multi-valued and bit oriented attributes. Refer to table Table A-1 for the descriptions and values of propertyname.

-T calendar time zone string

Time zone ID used when importing files.

See "Calendar Time Zone Strings" for a list of the valid time zone strings.

-R propertyname[:value]

Sets calendar domain attribute icsAllowRights. The attribute holds a bitmap value. See Table A-2 for a list property names, their value, and description.

Example

To modify an existing domain:

commadmin domain modify -D chris -w bolton -n sesta.com -d varrius.com \
-A preferredmailhost:test.siroe.com

commadmin domain purge

The commadmin domain purge command permanently removes all entries or service of entries that have been marked as deleted. This can include domains, users, groups, and resources. If a domain is marked as deleted, then all entries and the services within that domain are removed whether or not those are marked deleted.

As part of periodic maintenance operations, use the commadmin domain purge command to remove all entries that have been deleted for a time period that is longer than the specified grace period.

You can perform a purge at any time by invoking the command manually.

When you invoke the command, the directory is searched and a list of domains is created whose entries include domains that have been marked for deletion longer than the specified grace period. The default value for the grace period is initially set to 10 days at the time of installation.

If the -d* option is specified, all domains are searched for users and domains that are marked as deleted. Users that are marked as deleted will be purged from their domain, but the domain will not be purged unless it is also marked as deleted. If a domain is marked as deleted, it will be purged along with all users within that domain.

After a service has been marked as deleted, a utility that removes resources such as mailboxes or calendars must be run before the service can be purged from the directory. For mail services, the program is called msuserpurge. Refer to the Sun ONE Messaging Server Reference Manual for information about the msuserpurge utility. For calendar services, the program is csclean. Refer to the Sun ONE Calendar Server Administrator’s Guide for information about the csclean utility.


Note

The commadmin domain purge command must be run by the Top-level administrator.


Syntax

commadmin domain purge -D login -n domain -w password -d domain [-g grace] [-h]
  [-?] [-i inputfile] [-p IS Port] [-s] [-S service] [-v] [-V] [-X IS Host]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the top-level administrator.

-n domain

Domain of the top-level administrator.

-w password

Password of the top-level administrator.

-d domain

Purge specified domain. The * operator (-d*) may be used to search for a pattern.

The following options are non-mandatory:

Option

Description

-g grace

Grace period in days before the domain is purged. Domains marked for deletion for less than grace days will not be purged. A 0 indicates purge immediately. The default value is read from the configuration file on the server. At installation time the default value is set to 10 days.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-p IS Port

Specifies an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-S service

Removes service related object classes and attributes from the domain. If the domain contains users and resources it removes the service specific data from the directory for these users and resources.

The list of services is separated by the comma (,) delimiter.

The valid service values are mail and cal. These values are case-insensitive.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

Example

In the following example, the siroe.com domain is purged and all entries within the domain are also removed:

commadmin domain purge -D chris -d siroe.com -n sesta.com -w bolton

commadmin domain search

The commadmin domain search command obtains all the directory properties associated with a single domain. To obtain all the directory properties for multiple domains, use the -i option. When - S is specified in this command, only the domains having active specified services are displayed.

Syntax

commadmin domain search -D login -n domain -w password [-d domain] [-h] [-?]
  [-i inputfile] [-p IS Port] [-s] [-S service] [-t Search Template] [-v] [-V]
  [-X IS Host]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the user with permission to execute this command.

-n domain

The domain of the user specified with the -D option.

-w password

The password of the user specified with the -D option.

The following options are non-mandatory:

Option

Description

-d domain

Search for this domain. If -d is not specified or -d* is specified, all domains are displayed.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-p IS Port

Specifies an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-S service

Specifies the services to be searched in the active domains.

service can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive.

The list of services is separated by the comma (,) delimiter.

For Example:

-S mail,cal

-t Search template

Specifies the name of the search templates to be used instead of the default search templates. Only active domains are displayed after the search.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

commadmin group create

The commadmin group create command adds a single group to the identity server. To create multiple groups, use the -i option.

If a group is created without any members, by default, it is a static group.


Note

Groups cannot contain both static and dynamic members.


An email distribution list is one type of group. When a message is sent to the group address, Identity Server sends the message to all members in the group.

Syntax

commadmin group create -D login -G groupname -n domain -w password
  [-A [+]attributename:value] [-d domain] [-f ldap-filter] [-h] [-?]
  [-i inputfile] [-m internal-member] [-p IS Port] [-s] [-v] [-V] [-X IS Host]
  [-S service [-H mailhost] [-E email] [-M external-member] [-o owner] [-r moderator]]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the user who has permission to execute this command.

-n domain

The domain of the user specified by the -D option.

-G groupname

The name of the group (for example, mktg-list).

-w password

The password of the user specified by the -D option.

The following options are non-mandatory:

Option

Description

-A [+ ]attributename:value

An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.

A “+” before the attributename indicates adding the value to the current list of attributes.

-d domain

The fully qualified domain name of the group (for example, varrius.com). The default is the local domain. If -d is not specified, the domain specified by -n is used.

-f ldap-filter

Creates dynamic groups.

Setup the LDAP filter by specifying an attribute or a combination of attributes.

Multiple -f commands can be specified to define many LDAP filters for members of a group.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-m internal -member

User ID of the internal members added to this group. To add more than one member, use multiple -m options.

This options should be used to create static groups.

-p IS Port

Specifies an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-S service

Specifies the services to be added to the Group.

service can have the value of a single service or multiple services.The valid service values are mail and cal. These values are case-insensitive.

The list of services is separated by the comma (,) delimiter.

For Example:

-S mail,cal

The following options are only allowed if the -S mail option is specified:

-H mailhost

The mail host to which this group responds (for example, mailhost.varrius.com). The default is the local mail host.

-E email

The email address of the group.

-M external-member

User ID of the external members added to this group. To add more than one member, use multiple -M options.

-o owner

The group owner’s email address. An owner is the individual responsible for the distribution list.

An owner can add or delete distribution list members.

-r moderator

The moderator’s email address.

Example

To create a group testgroup in the domain sesta.com:

commadmin group create -D chris -n sesta.com -w bolton -G testgroup \
-d sesta.com -m lorca@sesta.com -S mail -M achiko@varrius.com

commadmin group delete

The commadmin group delete command deletes a single group from the identity server. To delete multiple groups, use the -i option.

To disable a group’s usage of services such as Sun ONE Calendar Server or Sun ONE Messaging Server use the -S option. Here S is in uppercase.

Syntax

commadmin group delete -D login -G groupname -n domain -w password [-d domain]
  [-h] [-?] [-i inputfile] [-p IS Port] [-s] [-S service] [-v] [-V] [-X IS Host]

Options

The following are mandatory options:

Option

Description

-D login

The user ID of the user who has permission to execute this command.

-G groupname

The name of the group to be deleted. For example, mktg-list.

-n domain

The domain of the user specified by the -D option.

-w password

The password of the user specified by the -D option.

The following are non-mandatory options:

Option

Description

-d domain

The domain of the group. If -d is not specified, the domain specified by the -n option is used.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-p IS Port

Specifies an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-S service

Modifies the value of the specified service status attribute value to ‘deleted’.

The services listed with the -S option are separated by a comma. The valid service values are mail and cal. These values are case-insensitive.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

Example

To delete the group testgroup@varrius.com:

commadmin group delete -D chris -n sesta.com -w bolton -G testgroup \
-d varrius.com

The following example marks the mail service for testgroup@varrius.com as deleted:

commadmin group delete -D chris -n sesta.com -w bolton -G testgroup \
-d varrius.com -S mail

commadmin group modify

The commadmin group modify command changes the attributes of a single group that already exists in the identity server. To change the attributes of multiple groups, use the -i option.

A mailing list is one type of group. When a message is sent to the group address, Identity Server sends the message to all members in the group.

Syntax

commadmin group modify -D login -G groupname -n domain -w password
  [-A [+|-]attributename:value] [-d domain] [-f [action]ldap-filter] [-h] [-?]
  [-i inputfile] [-m [+|-]internal-member] [-p IS Port] [-s] [-v] [-V] [-X IS Host]
  [-S mail -o owner [-E email] [-H mailhost] [-M external-member] [-r moderator]]

Options

The following are mandatory options:

Option

Description

-D login

The user ID of the user with permission to execute this command.

-G groupname

The name of the group to be modified. For example, mktg-list.

-n domain

The domain of the user specified by the -D option.

-w password

The password of the user specified by the -D option.

The following are non-mandatory options:

Option

Description

-A [+ | -]attributename:value

An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.

A “+” before the attributename indicates adding the value to the current list of attributes. A “-” indicates removing the value. If the “-” is used, it must be preceded by two backslashes or enclosed in quotes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the “-” sign.

-d domain

The domain of the group. If -d is not specified, the domain specified by the -n option is used.

- f [action] ldap-filter

Indicates whether a ldap filter is added to or removed from the group

A “+” before the ldap-filter indicates that it is to be added to the existing filters. A “-” indicates removing the existing filter. Type -f-* to remove all the filters. If the “-” is used, it must be preceded by two backslashes or enclosed in quotes if the command is specified on the command line.

If action is not specified, by default the filter is added provided it is not already present. Otherwise an error message is displayed.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-m [action] internal -member

Indicates whether to add or remove an internal member.

The value of internal-member is either a mail address or user ID.

An action value of:

     + adds the member to an existing list of internal members.

     - removes the member from an existing list of internal members. If the “-” is used, it must be preceded by two backslashes or enclosed in quotes if the command is specified on the command line.

 -m-* removes all the internal members.

-p IS Port

Specifies an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

-S mail

Adds mail service to the group during modification after validating whether the mail service already exists. If the service exists an error message is displayed.

The only valid value for -S is mail.

The following options are only allowed if the -S mail option is specified:

-o owner

The group owner’s email address. An owner is the individual responsible for the distribution list.

An owner can add or delete distribution list members.

This option is mandatory if the -S mail option is specified.

-E email

The email address of the group.

-H mailhost

The group’s mail host. The default is the local mail host.

-M external -member

Adds an external member.

The value of external-member is the user mail address.

-r moderator

The moderator’s user ID. Type the email address if the moderator is in a different domain.

The -S mail option must be specified with this option.

Example

To remove an internal member (jsmith) from the group testgroup within the domain varrius.com:

commadmin group modify -D chris -d varrius.com -G testgroup -n sesta.com \
-w bolton -m \\-jsmith

commadmin group search

The commadmin group search command obtains all the directory properties associated with a single group. To obtain all the directory properties for multiple groups, use the -i option.

Syntax

commadmin group search -D login -n domain -w password [-d domain] [-E string]
  [-G string] [-h] [-?] [-i inputfile] [-p IS Port] [-s] [-S service] [-t search template]
  [-v] [-V] [-X IS Host]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the user with permission to execute this command.

-n domain

The domain of the user specified by the -D option.

-w password

The password of the user specified by the -D option.

The following options are non-mandatory:

Option

Description

-d domain

The domain of the group to be searched. If -d is not specified, all domains are searched.

-E string

Email address of the group. The wildcard operator (*) may be used within any part of string.

-G string

The name of the group to be searched. For example, mktg-list. If -G is not specified, all groups in the domain specified by -d are displayed. The wildcard operator (*) may be used within any part of string.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-p IS Port

Specifies an alternate TCP port where the IS server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-S service

Specifies the service to be searched.

The only valid value for service is mail. This value is case-insensitive.

For Example:

-S mail

Only groups with active services are displayed.

-t Search Template

Specifies the name of the search templates to be used instead of the default search templates. This is an entry in the directory that defines the filter for the search. Only active groups are searched for.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

Example

To search for a group named developers under the siroe.com domain:

commadmin group search -D chris -n sesta.com -w password -G developers \
-d siroe.com

commadmin resource create

The commadmin resource create command adds a user to a particular resource.

Syntax

commadmin resource create -D login -n domain -w password -u identifier -N name
  -o owner [-A [+]attributename:value] [-c calendar identifier] [-C DWPHost]
  [-d domainname ] [-h] [-?] [-i inputfile][-p IS Port] [-s] [-T time zone] [-v]
  [-V] [-X IS Host]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the user with permission to execute this command.

-n domain

Domain of the user specified with the -D option.

-w password

Password of the user specified with the -D option.

-u identifier

Resources’ unique identifier.

This identifier value should be unique within the domain namespace or within all the users and resources the calendar manages in the calendar mode.

If the -c option is not specified, the identifier specified by the -u option is used as the calendar identifier.

-N name

Friendly name used to display the resource in the calendar GUI.

-o owner

Owner of the resource. This user ID must exist under the domain in which the resource is created.

The following options are non-mandatory:

Option

Description

-A [+ ] attributename:value

An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.

A “+” before the attributename indicates adding the value to the current list of attributes.

-c calendar identifier

Identifier for this resource's calendar.

The identifier value should be unique throughout all the calendars managed by the Calendar Server

-C DWPHost

The DNS name of the back end calendar server which hosts this user's calendars.

If the DNS name of the backend calendar server is not specified, the value stored in the ics.conf file of the server is used as the default value.

-d domain name

Domain of the resource. If -d is not specified, the domain specified by -n is used.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-p IS Port

Specifies an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-T time zone

The time zone used to display the resource's calendar in the calendar’s user interface.

See "Calendar Time Zone Strings" for a list of the valid time zone strings.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

Example

To create a resource with Name peter in the calendar cal.siroe.com under the domain varrius.com:

commadmin resource create -D chris -n sesta.com -w bolton -o ownerid \
-d varrius.com -u id -N peter -C cal.siroe.com

commadmin resource delete

The commadmin resource delete command marks the resource as deleted.

Syntax

commadmin resource delete -D login -u identifier -n domain -w password [-d domainname]
  [-h] [-?] [-i inputfile] [-p IS Port] [-s] [-v] [-V] [-X IS Host]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the user with permission to execute this command.

-n domain

Domain of the user specified with the -D option.

-w password

Password of the user specified with the -D option.

-u identifier

Resource’s unique identifier

The following options are non-mandatory:

Option

Description

-d domainname

Domain of the resource. If -d is not specified, the domain specified by -n is used.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-p IS Port

Specifies an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specify the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

Example

To mark a resource as deleted:

commadmin resource delete -D chris -n sesta.com -w bolton -u bill023

commadmin resource modify

The commadmin resource modify command modifies the resource.

Syntax

commadmin resource modify -D login -n domain -w password -u identifier
  [-A [+|-]attributename:value] [-d domainname ] [-h] [-?] [-i inputfile]
  [-N name] [-p IS Port] [-s] [-T time zone] [-v] [-V] [-X IS Host]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the user with permission to execute this command.

-n domain

Domain of the user specified with the -D option.

-w password

Password of the user specified with the -D option.

-u identifier

Resources's unique identifier.

The following options are non-mandatory:

Option

Description

-A [+ | -]attributename:value

An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.

A “+” before the attributename indicates adding the value to the current list of attributes. A “-” indicates removing the value.

If the “-” is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the “-” sign.

-d domainname

Domain of the resource. If -d is not specified, the domain specified by -n is used.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-N name

Common name used to display the resource in the calendar user interface.

-p IS Port

Specifies an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-T time zone

The time zone used to display resource's calendar in the calendar GUI.

See "Calendar Time Zone Strings" for a list of the valid time zone strings.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

Example

To modify a resource with the unique identifier bill023 with a new common name bjones:

commadmin resource modify -D chris -n sesta.com -w bolton -d test.com \
-u bill023 -N bjones

commadmin resource search

The commadmin resource search command searches for a resource.

Syntax

commadmin resource search -D login -n domain -w password [-d domain] [-h] [-?]
  [-i inputfile] [-N string] [-p IS Port] [-s] [-t Search Template] [-u string] [-V] [-v]
  [-X IS Host]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the user with the permission to execute this command.

-n domain

Domain of the user specified with the -D option.

-w password

Password of the user specified with the -D option.

The following options are non-mandatory:

Option

Description

-d domain

Domain of the resource. Search is performed only in the domain. If -d is not specified or -d* is specified, then all domains are searched.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-N string

Enter the resource’s common name. The wildcard operator (*) may be used within any part of string.

-p IS Port

Specifies an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-t Search Template

Specifies the name of the search templates to be used instead of the default search templates. This is an entry in the directory that defines the filter for the search. Only active resources are searched for.

-u string

The resource identifier specified must be unique for the domain namespace or for all the users and resources the calendar manages.

The wildcard operator (*) may be used within any part of string.

If the identifier is not specified or -l* is specified all resources are displayed during the search.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specify the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

Example

To search for a resource arabella in the domain sesta.com:

commadmin resource search -D serviceadmin -w serviceadmin -n sesta.com \
-d sesta.com -u arabella

commadmin user create

The commadmin user create command creates a single user in the Identity Server system. To create multiple users, use the -i option.

Syntax

commadmin user create -D login -F firstname -n domain - L lastname -l userid
  -w password -W password [-A [+]attributename:value] [-d domain]
  [-I initial] [-h] [-?] [-i inputfile] [-p IS Port] [-s] [-v] [-V] [-X IS Host]
  [-S mail [-E email] [-H mailhost]]
  [-S cal [-B DWPHost] [-c Default Calendar] [-J First Day of Week] [-T time zone]]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the user with permission to execute this command.

-F firstname

The user’s first name; must be a single word without any spaces.

-n domain

The domain of the user specified with the -D option.

-l userid

The user’s login name.

-w password

The password of the user specified with the -D option.

-W password

The password of the user logging in.

-L lastname

The User’s lastname.

The following options are non-mandatory:

Option

Description

-A [+ ]attributename:value

An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.

A “+” before the attributename indicates adding the value to the current list of attributes.

-d domain

Domain of the user. If -d is not specified, the domain specified by -n is used.

-i inputfile

Reads the command information from a file instead of the command line.

-I initial

User’s middle initial.

-h, -?

Prints command usage syntax.

-p IS Port

Specifies an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

-S service

Adds the specified service to the user during creation. service can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive.

The list of services is separated by the comma (,) delimiter.

For Example:

-S mail,cal

The following options are only allowed if the -S mail option is specified:

-E email

The email address of the user.

-H mailhost

The mail host of the user.

The following options are only allowed if the -S cal option is specified:

-B DWPHost

DNS name of the back end calendar that hosts the user’s calendar.

-c Default Calendar

Calendar identifier for this user’s default calendar.

-J First Day of Week

First day of the week shown when the calendar is displayed in the calendar server user interface.

-T time zone

The time zone in which the user’s calendar is displayed.

See "Calendar Time Zone Strings" for a list of the valid time zone strings.

Example

To create a new user, smith, enter:

commadmin user create -D chris -n sesta.com -w secret -F smith -l john \
-L major -W secret -S mail -H mailhost.siroe.com

commadmin user delete

The commadmin user delete command deletes a single user from the Identity Server. To delete multiple users, use the -i option.

No undelete utility exists. However, you can use the ldapmodify command to change the status attribute of a user entry to active at any time before the purge grace period has expired and a purge is set to run against the entry.

Syntax

commadmin user delete -D login -n domain -l login name -w password [-d domain]
  [-h] [-?] [-i inputfile] [-p IS Port] [-s] [-S service] [-v] [-V] [-X IS Host]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the user with the permission to execute this command.

-n domain

The domain of the user specified with the -D option.

-w password

The password of the user specified with the -D option.

-l userid

The user ID of the user to be deleted.

The following options are non-mandatory:

Option

Description

-d domain

Domain of the user. If -d is not specified, the domain specified by -n is used.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-p IS Port

Specifies an alternate TCP port where the Identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-S service

Specifies the services to be removed from the user. The user remains active, but only the specified services are deactivated. If -S is not specified, then the user is deleted.

service can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive.

The list of services is separated by the comma (,) delimiter.

For Example:

-S mail,cal

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

Example

To delete an existing user:

commadmin user delete -D chris -n sesta.com -w bolton -l smith

To delete the mail services only from user smith:

commadmin user delete -D chris -n sesta.com -w bolton -l smith -S mail

commadmin user modify

The commadmin user modify command modifies attributes of a single user’s directory entry. To modify multiple user, use the -i option.

Syntax

commadmin user modify -D login -n domain -l userid -w password
  [-A [+|-]attributename:value] [-d domain] [-h] [-?] [-i inputfile] [-p IS Port] [-s]
  [-v] [-V] [-X IS Host]
  [-S mail -H mailhost [-E email]]
  [-S cal [-B DWPHost] [-J First Day of Week] [-L language] [-T time zone]]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the user with permission to execute this command.

-n domain

Domain of the user specified with the -D option.

-w password

The password of user specified with the -D option.

-l userid

User’s login ID.

The following options are non-mandatory:

Option

Description

-A [+ | -]attributename:value

An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. You can repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.

A “+” before the attributename indicates adding the value to the current list of attributes.

A “-” indicates removing the value.

If the “-” is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the “-” sign.

-d domain

Domain of the user or group. If -d is not specified, the domain specified by -n is used.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-p IS Port

Specifies an alternate TCP port where the Identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

-S service

Adds the specified services to the user after validating whether the user has the service specified with -S option.If the user already has the service an error message is displayed.

services can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive.

The list of services is separated by the comma (,) delimiter.

For Example:

-S mail,cal

The following options are only allowed if the -S mail option is specified:

-E email

Specifies the email address of the user.

-H mailhost

The mail host of the user.

This option is mandatory if the -S mail option is specified.

The following options are only allowed if the -S cal option is specified:

-B DWPHost

Specifies the DNS name of the backend calendar server that hosts this user’s calendars.

Note: This attribute can only be added and cannot be modified if it already exists.

-J First Day of Week

The first day of the week shown when the calendar is displayed in the calendar server user interface.

-L language

The language used to display a user’s calendars.

-T time zone

A user’s calendar is displayed in this time zone.

See "Calendar Time Zone Strings" for a list of the valid time zone strings.

Example

To following example adds a mail service for the user smith:

commadmin user modify -D chris -n sesta.com -w bolton -l smith \
-A description:"new description" -S mail -H mailhost.siroe.com

In this example, a mail forwarding address is added for user smith:

commadmin user modify -D chris -n sesta.com -w bolton -l smith \
-A +mailforwardingaddress:tsmith@siroe.com

commadmin user search

The commadmin user search command obtains all the directory properties associated with a single user. To obtain all the directory properties for multiple users, use the -i option. Only active users are displayed after a search.

Syntax

commadmin user search -D login -n domain -w password [-d domain] [-E string]
  [-F string] [-h] [-?] [-i inputfile] [-L string] [-l string] [-p IS Port] [-s]
  [-S service] [-t Search Template] [-v] [-V] [-X IS Host]

Options

The following options are mandatory:

Option

Description

-D login

The user ID of the user with permission to execute this command.

-n domain

The domain of the user specified with the -D option.

-w password

The password of the user specified with the -D option.

The following options are non-mandatory:

Option

Description

-d domain

The domain of the user. The user is searched only in the specified domain.

If -d is not specified, all domains are considered for the search.

-E string

Searches for user’s mail address. The wildcard operator (*) may be used within any part of string.

-F string

Searches for user’s first name. The wildcard operator (*) may be used within any part of string.

-h, -?

Prints command usage syntax.

-i inputfile

Reads the command information from a file instead of the command line.

-L string

Searches for user’s last name. The wildcard operator (*) may be used within any part of string.

-l string

Searches for user’s login name. The wildcard operator (*) may be used within any part of string.

-p IS Port

Use this option to specify an alternate TCP port where the identity server is listening. If not specified, the default IS Port is used, or Port 80 is used if no default was configured at install time.

-s

Use SSL (Secure Socket Layer) to connect to the identity server.

-S service

Specifies the services to match in the user search.

services can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive.

The list of services is separated by the comma (,) delimiter.

For Example:

-S mail,cal

-t Search template

Specifies the name of the search templates to be used instead of the default search templates. This is an entry in the directory that defines the filter for the search. Only active users are searched for.

-v

Enable debugging output.

-V

Prints information about the utility and its version.

-X IS Host

Specifies the host on which the identity server is running. If not specified, the default IS Host is used, or the localhost if no default was configured at install time.

Example

The following example searches for users in the varrius.com domain:

commadmin user search -D chris -w bolton -d varrius.com -n sesta.com



Previous      Contents      Index      Next     


Copyright 2003 Sun Microsystems, Inc. All rights reserved.