Chapter 3
Delegated Administrator Command-line Utilities
The command-line utilities for iPlanet Delegated Administrator for Messaging and Collaboration manage domain administrators, users, and groups for iPlanet Messaging Server.
The commands are listed in Table 3-1.
Table 3-1    Delegated Administrator Command Line Interfaces
Command
|
Description
|
Which administrator has permission to execute this command
|
imadmin admin add
|
Grants domain administrator privileges to a user.
|
Top-level
|
imadmin admin remove
|
Revokes domain administrator privileges from a user.
|
Top-level
|
imadmin admin search
|
Searches and displays users who have domain administrator privileges.
|
Anybody
|
imadmin domain create
|
Creates a domain.
|
Top-level
|
imadmin domain delete
|
Deletes a domain.
|
Top-level
|
imadmin domain modify
|
Modifies a domain.
|
Top-level
|
imadmin domain purge
|
Purges a domain.
|
Top-level
|
imadmin domain search
|
Searches for a domain.
|
Top-level, Domain, Family
|
imadmin family create
|
Creates a family group.
|
Top-level, Domain
|
imadmin family delete
|
Deletes a family group.
|
Top-level, Domain
|
imadmin family modify
|
Modifies a family group.
|
Top-level, Domain
|
imadmin family purge
|
Purges a family group.
|
Top-level
|
imadmin family search
|
Searches for a family group.
|
Anybody
|
imadmin family-admin add
|
Grants family administrator privileges to a user.
|
Top-level, Domain, Family
|
imadmin family-admin remove
|
Revokes family administrator privileges from a user.
|
Top-level, Domain, Family
|
imadmin family-admin search
|
Searches and displays users who have family administrator privileges.
|
Anybody
|
imadmin family-member create
|
Adds a member to a family group.
|
Top-level, Domain, Family
|
imadmin family-member delete
|
Marks a family group member for deletion from the directory.
|
Top-level, Domain, Family
|
imadmin family-member remove
|
Removes the membership of the specified user.
|
Top-level, Domain, Family
|
imadmin family-member search
|
Searches for a family group member.
|
Anybody
|
imadmin group create
|
Creates a group.
|
Top-level, Domain, and Mail list owner
|
imadmin group delete
|
Deletes a group.
|
Top-level, Domain, and Mail list owner
|
imadmin group modify
|
Modifies a group.
|
Top-level, Domain, and Mail list owner
|
imadmin group purge
|
Purges a group.
|
Top-level
|
imadmin group search
|
Searches for a group.
|
Anybody
|
imadmin user create
|
Creates a user.
|
Top-level, Domain
|
imadmin user delete
|
Deletes a user.
|
Top-level, Domain
|
imadmin user modify
|
Modifies a user.
|
Top-level, Domain
|
imadmin user purge
|
Purges a user.
|
Top-level, Domain
|
imadmin user search
|
Searches for a user.
|
Anybody
|
Execution Modes
The command line execution has three possible modes:
Interactive
imadmin object task
-
The administrator is queried for the remainder of the options and attributes.
Execute with options specified in a file
imadmin object task -i inputfile
-
Analyzes inputfile and executes it.
Immediate or shell execution
imadmin object task [options]
Command File Format
Options can be specified within a file, using the -i option.
Within the file, option names are separated from option values by white space. The option value begins with the first non-white space character and extends to the end-of-line character. Option sets are separated by blank lines.
The general syntax is:
|
<option name><white space>[option value, if any]
<option name><white space>[option value, if any]
...
<option name><white space>[option value, if any]
<blank line>
<option name><white space>[option value, if any]
<option name><white space>[option value, if any]
...
<option name><white space>[option value, if any]
|
|
The command line values become the default for each option set. Alternatively, these options can be specified for each option set. The value then overrides any default specified on the command line.
The following shows an example of the format and syntax for the file specified by the -i option for the imadmin user add command.
|
l newuser1
F new
L user1
W secret
l newuser2
F new
L user2
W secret
l newuser3
F new
L user3
W secret
<and so on...>
|
|
Command Descriptions
This section provides descriptions, syntax, and examples for the Delegated Administrator commands.
Note
|
If the -X, -p, and -n options are not specified at the time when an imadmin command is executed, their values are taken from the cli-userprefs.properties configuration file.
|
imadmin admin add
The imadmin admin add command grants Domain Administrator privileges to a user for a particular domain.
Syntax
|
imadmin admin add -D login -l login -n domain -w password
[-d domain] [-h] [-i inputfile] [-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the Top-level Administrator.
|
-l login
|
The user id of the user to whom you want to grant administrative privileges. The user should be present in the directory.
|
-n domain
|
The domain of the Top-level Administrator.
|
-w password
|
The password of the Top-level Administrator.
|
The following options are non-mandatory:
Options
|
Description
|
-d domain
|
The domain to which you want to grant administrative privileges. If not specified, the domain specified by the -n option is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Examples
The following grants domain administrator privileges to the user with user id admin1.
|
imadmin admin add -D chris -n siroe.com -w bolton -l admin1
|
|
The following grants domain administrator privileges to the user with user id admin2 for the domain acme2.com.
|
imadmin add admin -D chris -w bolton -l admin2 -n acme2.com
|
|
imadmin admin remove
The imadmin admin remove command removes domain administrator privileges from a user. To remove domain administrator privileges from multiple users, use the -i option.
Syntax
|
imadmin admin remove -D login -l userid -n domain -w password
[-d domain] [-h] [-i inputfile] [-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the Top-level Administrator.
|
-l userid
|
The user id of the user to whom administrator privileges are revoked.
|
-n domain
|
The domain of the Top-level Administrator.
|
-w password
|
The password of the Top-level Administrator.
|
The following options are non-mandatory:
Option
|
Description
|
-d domain
|
The domain to which administrator privileges are revoked. If -d is not specified, the domain specified by -n is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
The following command removes domain administrator privileges from the administrator with user id admin5:
|
imadmin admin remove -D chris -n siroe.com -w bolton \
-l admin5 -d test.com
|
|
imadmin admin search
The imadmin admin search command searches and displays users who have domain administrator privileges.
Syntax
|
imadmin admin search -D login -n domain -w password
[-d domain] [-h] [-i inputfile] [-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-n domain
|
The domain of the user specified with the -D option.
|
-w password
|
The password of the user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d domain
|
Searches for users who have domain administrator privileges for the specified domain. If -d is not specified, the domain specified by -n is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To search for all domain administrators of the test.com domain:
|
imadmin admin search -D chris -n siroe.com -w bolton \
-d test.com
|
|
imadmin domain create
The imadmin domain create command creates a single domain in the Messaging Server system. To create multiple domains, use the -i option.
Syntax
|
imadmin domain create -D login -d domain -H mailhost -n domain
-w password [-A [+|-]attributename:value] [-c] [-h] [-i inputfile]
[-o orgname] [-p idaport] [-t domaincontainer] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the Top-level Administrator.
|
-d domain
|
The name of the domain that is being created.
|
-H mailhost
|
The mail host to which this domain responds (for example, mailhost.siroe.com).
|
-n domain
|
The domain of the Top-level Administrator.
|
-w password
|
The password of the Top-level Administrator.
|
The following options are non-mandatory:
Option
|
Description
|
-A [+ | -]attributename:value
|
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. You can repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.
A "+" before the attributename indicates adding the value to the current list of attributes. A "-" indicates removing the value. If the "-" is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the "-" sign.
|
-c
|
Specifies that the users and groups need to be created in the domain tree.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-o orgname
|
Specifies the organization name.
|
-t domaincontainer
|
The domain container DN for the domain. This is the pointer into the tree where the domain's users and groups are stored. If this option is not specified then a domain container is created under the osisuffix specified in the iDA servlet properties.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To create a new domain, enter:
|
imadmin domain create -D chris -d test.com \
-H mailhost.siroe.com -n siroe.com -w bolton
|
|
imadmin domain delete
The imadmin domain delete command deletes a single hosted domain from the Messaging Server system and sets inetdomainstatus to "delete." To delete multiple hosted domains, use the -i option.
No undelete utility exists. However, the administrator can use the ldapmodify command to change the status attribute of a domain entry to active at any time before the purge grace period has expired and a purge is set to run against the entry.
Syntax
|
imadmin domain delete -D login -d domain -n domain -w password [-h]
[-i inputfile] [-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the Top-level Administrator.
|
-d domain
|
The domain that is being deleted. If -d is not specified, the domain specified by -n is used.
|
-n domain
|
The domain of the Top-level Administrator.
|
-w password
|
The password of the Top-level Administrator.
|
The following options are non-mandatory:
Option
|
Description
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To delete an existing domain:
|
imadmin domain delete -D chris -d test.com -n siroe.com \
-w bolton
|
|
imadmin domain modify
The imadmin domain modify command modifies attributes of a single domain's directory entry. To modify multiple domains, use the -i option.
Syntax
|
imadmin domain modify -D login -d domain -n domain -w password
[-A [+|-]attributename:value] [-h] [-i inputfile] [-p idaport] [-X idahost]
[-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the Top-level Administrator.
|
-d domain
|
The domain to be modified. If -d is not specified, the domain specified by -n is used.
|
-n domain
|
The domain of the Top-level Administrator.
|
-w password
|
The password of the Top-level Administrator.
|
The following options are non-mandatory:
Option
|
Description
|
-A [+ | -]attributename:value
|
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. You can repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.
A "+" before the attributename indicates adding the value to the current list of attributes. A "-" indicates removing the value. If the "-" is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the "-" sign.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To modify an existing domain:
|
imadmin domain modify -D chris -w bolton -n siroe.com \
-d domain1.com -A mailhosts:test.sun.com
|
|
imadmin domain purge
The imadmin domain purge command permanently removes all deleted domains from the Messaging Server system.
As part of periodic maintenance operations, use the imadmin domain purge command to remove all domains that have been deleted for a time period that is longer than the specified grace period.
You can perform a purge at any time by invoking the command manually.
When you invoke the command, these actions occur in the following order:
The directory is searched and a list of Messaging Server domains is created whose entries include domains that have been marked for deletion longer than the specified grace period. (The default value for the grace period is initially set to 10 days at the time of installation.)
Each domain's entire directory entry is removed if the value of the inetdomainstatus attribute is deleted. Each domain is stripped of mail related attributes if the maildomainstatus attribute is deleted.
All mail lists, family groups, organizations, and users and their address books within each domain are also removed or stripped. Sub-domains are not purged.
No undelete utility exists. However, the administrator can use the ldapmodify command to change the status attribute of a domain entry to active at any time before the purge grace period has expired and a purge is set to run against the entry.
Multiple Message Stores
In order for the imadmin domain purge utility to work across multiple message stores, the resources.properties files must be changed. For each message store and its associated Administration Server, add MsgSvr$N-name, MsgSvr$N-adminurl, and MsgSvr$N-cgipath to the iPlanet Delegated Administrator file: resource.properties. Find this file in the iDA_INSTALL_DIRECTORY/nda/classes/netscape/nda/servlet/ directory.
For an explanation of these configuration parameters, see the iPlanet Delegated Administrator for Messaging and Collaboration Installation and Administration Guide.
In order to allow for connections from the iPlanet Delegated Administrator host to the Administration Server hosts, change all the Administration Server's connection restrictions, if necessary. Make these changes from the Configuration tab in the Administration Server Console.
Syntax
|
imadmin domain purge -D login -n domain -w password [-d domain]
[-g grace] [-h] [-i inputfile] [-P] [-p idaport] [-r] [-X idahost]
[-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the Top-level Administrator.
|
-n domain
|
Domain of the Top-level Administrator.
|
-w password
|
Password of the Top-level Administrator.
|
The following options are non-mandatory:
Option
|
Description
|
-d domain
|
The domain to be purged. If -d is not specified, all domains marked as "deleted are purged.
|
-g grace
|
Grace period in days before the domain is purged. Domains marked for deletion for less than grace days will not be purged. A 0 indicates purge immediately. The default value is read from the configuration file on the server. At installation time the default value is set to 10 days.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-r
|
Removes the entire subtree rooted at the domain entry's node.
|
-P
|
Preview only. Does not perform the purge.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To purge an existing domain:
|
imadmin domain purge -D chris -d test.com -n siroe.com \
-w bolton
|
|
imadmin domain search
The imadmin domain search command obtains all the directory properties associated with a single domain. To obtain all the directory properties for multiple domains, use the -i option.
Syntax
|
imadmin domain search -D login -n domain -w password
[-d domain] [-h] [-i inputfile] [-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-n domain
|
The domain of the user specified with the -D option.
|
-w password
|
The password of the user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d domain
|
Search for this domain. If -d is not specified, all domains are displayed.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
imadmin family create
The imadmin family create command creates a single family group in the Messaging Server system. To add multiple family groups, use the -i option.
Syntax
|
imadmin family create -D login -m familyname -n domain -u userid
-w password [-A [+|-]attributename:value] [-d familydomain] [-h]
[-i inputfile] [-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-m familyname
|
The name of the family group. familyname must be a single word without any spaces.
|
-n domain
|
The domain of the user specified with the -D option.
|
-u userid
|
The userid of the person to whom billing information is sent.
|
-w password
|
The password of the user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-A [+ | -]attributename:value
|
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. You can repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.
A "+" before the attributename indicates adding the value to the current list of attributes. A "-" indicates removing the value. If the "-" is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the "-" sign.
|
-d familydomain
|
Domain of the family group. If -d is not specified, the domain specified by -n is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To create a new family group, smith, enter:
|
imadmin family create -D chris -n siroe.com -w secret \
-m smith -u john
|
|
imadmin family delete
The imadmin family delete command deletes a single family group from the Messaging Server system and sets the mnggrpstatus to "deleted." To delete multiple family groups, use the -i option.
Members of the family group are deleted when a family group is deleted.
No undelete utility exists. However, you can use the ldapmodify command to change the status attribute of a family group entry to active at any time before the purge grace period has expired and a purge is set to run against the entry.
Syntax
|
imadmin family delete -D login -m familyname -n domain -w password
[-d familydomain] [-h] [-i inputfile] [-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with the permission to execute this command.
|
-m familyname
|
The name of the family group. familyname must be a single word without any spaces.
|
-n domain
|
Domain of the user specified with the -D option.
|
-w password
|
The password of the user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d familydomain
|
Domain of the family group. If -d is not specified, the domain specified by -n is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the directory server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To delete an existing family group:
|
imadmin family delete -D chris -n siroe.com -w bolton -w smith
|
|
imadmin family modify
The imadmin family modify command modifies attributes of a single family group's directory entry. To modify multiple family groups, use the -i option.
Syntax
|
imadmin family modify -D login -m familyname -n domain -w password
[-A [+|-]attributename:value] [-d familydomain] [-h] [-i inputfile]
[-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-m familyname
|
The name of the family group. familyname must be a single word without any spaces.
|
-n domain
|
Domain of the user specified with the -D option.
|
-w password
|
The password of user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-A [+ | -]attributename:value
|
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. You can repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.
A "+" before the attributename indicates adding the value to the current list of attributes. A "-" indicates removing the value. If the "-" is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the "-" sign.
|
-d familydomain
|
Domain of the family group. If -d is not specified, the domain specified by -n is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To modify an existing family group:
|
imadmin family modify -D chris -m smith -n siroe.com \
-w bolton -A description:"new family"
|
|
imadmin family purge
The imadmin family purge command permanently removes all deleted family groups from the Messaging Server system.
As part of periodic maintenance operations, use the imadmin family purge command to remove all family groups that have been deleted for a time period that is longer than the specified grace period.
You can perform a purge at any time by invoking the command manually.
When you invoke the command, the following actions occur:
The directory is searched and a list of Messaging Server family groups is created whose entries include family groups that have been marked for deletion longer than the specified grace period. (The default value for the grace period is initially set to 10 days at the time of installation.)
Each family group's entire directory entry is removed.
All the users in the family group are also purged when the family group is purged.
No undelete utility exists. However, you can use the ldapmodify command to change the status attribute of a family group entry to active at any time before the purge grace period has expired and a purge is set to run against the entry.
Multiple Message Stores
In order for the imadmin family purge utility to work across multiple message stores, the resources.properties files must be changed. For each message store and its associated Administration Server, add MsgSvr$N-name, MsgSvr$N-adminurl, and MsgSvr$N-cgipath to the iPlanet Delegated Administrator file: resource.properties. Find this file in the iDA_INSTALL_DIRECTORY/nda/classes/netscape/nda/servlet/ directory.
For an explanation of these configuration parameters, see the iPlanet Delegated Administrator for Messaging and Collaboration Installation and Administration Guide.
In order to allow for connections from the iPlanet Delegated Administrator host to the Administration Server hosts, change all the Administration Server's connection restrictions, if necessary. Make these changes from the Configuration tab in the Administration Server Console.
Syntax
|
imadmin family purge -D login -n domain -w password [-d familydomain]
[-g grace] [-h] [-i inputfile] [-m familyname] [-P] [-p idaport]
[-X idahost] [-s] [-v
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-n domain
|
The domain of the user specified with the -D option.
|
-w password
|
The password of the user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d familydomain
|
The domain of the family group to be purged. If -d is not specified, the domain specified by -n is used.
|
-g grace
|
The grace period in days before the family group is purged. Family groups marked for deletion for less than grace days will not be purged. A 0 indicates purge immediately. The default value is read from the configuration file on the server. At installation time the default value is set to 10 days.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-m familyname
|
The name of the family group. familyname must be a single word without any spaces. If -m is not specified, all family groups marked as "deleted" in the domain specified by -d are purged.
|
-P
|
Preview only, without performing any action.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To purge an existing family group:
|
imadmin family purge -D chris -n siroe.com -w bolton \
-d domain.com -m familyname
|
|
imadmin family search
The imadmin family search command obtains all the directory properties associated with a single family group. To obtain all the directory properties for multiple family groups, use the -i option.
Syntax
|
imadmin family search -D login -n domain -w password
[-d familydomain] [-h] [-i inputfile] [-m familyname] [-p idaport]
[-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-n domain
|
The domain of the user specified with the -D option.
|
-w password
|
The password of the user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d familydomain
|
The domain of the family group. If -d is not specified, the domain specified by -n is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-m familyname
|
Name of the family group. If -m is not specified, all family groups in the domain specified by -d are displayed.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
The following example searches for family groups in the domain1.com domain:
|
imadmin family search -D chris -w bolton -d domain1.com \
-n siroe.com
|
|
imadmin family-admin add
The imadmin family-admin add command grants a user family administrator privileges.
Syntax
|
imadmin family-admin add -D login -l login -m familyname -n domain
-w password [-d familydomain] [-h] [-i inputfile] [-p idaport]
[-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-l login
|
User id of the person who is being added into the family group administrator's group specified with the -m option.
|
-m familyname
|
Name of the family group.
|
-n domain
|
Domain of the user specified with the -D option.
|
-w password
|
Password of the user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d familydomain
|
Domain of the family group. If -d is not specified, the domain specified by -n is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To grant family administrator privileges to a user with userid parent1 to the family group Smith:
|
imadmin family-admin add -D chris -n siroe.com -w bolton \
-d test1.com -l parent1 -m Smith
|
|
imadmin family-admin remove
The imadmin family-admin remove command revokes Family Administrator privileges from a user.
Syntax
|
imadmin family-admin remove -D login -l login -m familyname -n domain
-w password [-d familydomain] [-h] [-i inputfile] [-p idaport] [-X idahost]
[-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-l login
|
User id of the family administrator.
|
-m familyname
|
Name of the family group.
|
-n domain
|
Domain of the user specified with the -D option.
|
-w password
|
Password of the user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d familydomain
|
Domain of the family group. If -d is not specified, the domain specified by -n is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To remove family administrator privileges to a user with userid parent1 to the family group Smith:
|
imadmin family-admin remove -D chris -n siroe.com -w bolton \
-d test1.com -l parent1 -m Smith
|
|
imadmin family-admin search
The imadmin family-admin search command searches for and displays users who have Family Administrator privileges for a particular family group.
Syntax
|
imadmin family-admin search -D login -m familyname -n domain
-w password [-d familydomain] [-h] [-i inputfile] [-p idaport]
[-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-m familyname
|
Name of the family group.
|
-n domain
|
Domain of the user specified with the -D option.
|
-w password
|
Password of the user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d familydomain
|
Domain of the family group. If -d is not specified, the domain specified by -n is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
|
imadmin family-admin search -D chris -w bolton -n siroe.com \
-m MyFamily
|
|
imadmin family-member create
The imadmin family-member create command adds a user to a particular family group.
Syntax
|
imadmin family-member create -D login -F firstname -H mailhost
-L lastname -l login -m familyname -n domain -w password -W password
[-A [+|-]attributename:value] [-d familydomain] [-h] [-I initial]
[-i inputfile] [-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-F firstname
|
The first name of the family member.
|
-H mailhost
|
Family member's mail host.
|
-L lastname
|
Last name of the family member.
|
-l login
|
User id of the family member.
|
-m familyname
|
Name of the family group.
|
-n domain
|
Domain of the user specified with the -D option.
|
-w password
|
Password of the user specified with the -D option.
|
-W password
|
The user's password.
|
The following options are non-mandatory:
Option
|
Description
|
-A [+ | -]attributename:value
|
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. You can repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.
A "+" before the attributename indicates adding the value to the current list of attributes. A "-" indicates removing the value. If the "-" is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the "-" sign.
|
-d familydomain
|
Domain of the family group. If -d is not specified, the domain specified by -n is used.
|
-h
|
Prints command usage syntax.
|
-I initial
|
Middle initial of the family member.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To create a family member with userid peter to the family group Athens4:
|
imadmin family-member create -D chris -n siroe.com -w bolton \
-d test.com -H mailhost.siroe.com -l peter -m Athens4 -F Peter \
-L Beck -W secret
|
|
imadmin family-member delete
The imadmin family-member delete command marks a family group member as deleted. To remove the entry from the directory, use the imadmin user purge command.
Syntax
|
imadmin family-member delete -D login -l login -m familyname -n domain
-w password [-d familydomain] [-h] [-i inputfile] [-p idaport]
[-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-l login
|
User id of the family member.
|
-m familyname
|
Name of the family group.
|
-n domain
|
Domain of the user specified with the -D option.
|
-w password
|
Password of the user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d familydomain
|
Domain of the family group. If -d is not specified, the domain specified by -n is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To mark a family member with userid bill as deleted from the family group Athens4:
|
imadmin family-member delete -D chris -n siroe.com -w bolton \
-l bill -m Athens4
|
|
imadmin family-member remove
The imadmin family-member remove command removes the membership of the specified user.
Syntax
|
imadmin family-member remove -D login -l login -m familyname -n domain
-w password [-d familydomain] [-h] [-i inputfile] [-p idaport]
[-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-m familyname
|
The name of the family group.
|
-l login
|
User id of the family member.
|
-n domain
|
Domain of the user specified with the -D option.
|
-w password
|
Password of the user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d familydomain
|
Domain of the family group. If -d is not specified, the domain specified by -n is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To remove a family member, execute:
|
imadmin family-member remove -D chris -n siroe.com -w bolton \
-d test.com -l john -m Family1
|
|
imadmin family-member search
The imadmin family-member search command searches for a member of a family group.
Syntax
|
imadmin family-member search -D login -m familyname -n domain
-w password [-d familydomain] [-h] [-i inputfile] [-l familymember]
[-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with the permission to execute this command.
|
-m familyname
|
Name of the family group.
|
-n domain
|
Domain of the user specified with the -D option.
|
-w password
|
Password of the user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d familydomain
|
Domain of the family group. If -d is not specified, the domain specified by -n is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-l familymember
|
Specifies the user id of the family member to be searched. If -l is not specified, all members of the family group specified by the -m option is displayed.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To search for a family member arabella of family straycats1 in the domain sesta.com:
|
imadmin family-member search -D serviceadmin -w serviceadmin \
-n siroe.com -m straycats1 -d sesta.com -l arabella
|
|
imadmin group create
The imadmin group create command adds a single group to the Messaging Server system. To create multiple groups, use the -i option.
An email distribution list is one type of group. When a message is sent to the group address, Messaging Server sends the message to all members in the group.
Syntax
|
imadmin group create -e groupemail -D login -G groupname -n domain
-w password [-A [+|-]attributename:value] [-d groupdomain] [-h]
[-H mailhost] [-i inputfile] [-M user] [-m user] [-o owner] [-p idaport]
[-r moderator] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-e groupemail
|
The email address of the group.
|
-D login
|
The user id of the user who has permission to execute this command.
|
-n domain
|
The domain of the user specified by the -D option.
|
-G groupname
|
The name of the group (for example, mktg-list).
|
-w password
|
The password of the user specified by the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-A [+ | -]attributename:value
|
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. You can repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.
A "+" before the attributename indicates adding the value to the current list of attributes. A "-" indicates removing the value. If the "-" is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the "-" sign.
|
-d groupdomain
|
The fully qualified domain name (for example, bravo.com). The default is the local domain. If -d is not specified, the domain specified by -n is used.
|
-h
|
Prints command usage syntax.
|
-H mailhost
|
The mail host to which this group responds (for example, mailhost.bavo.com). The default is the local mail host.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-M user
|
User id of the external members added to this group. If more than one member, use multiple -M options.
|
-m user
|
User id of the internal members added to this group. If more than one member, use multiple -m options.
|
-o owner
|
The group owner's email address. An owner is the individual responsible for the distribution list. An owner can add or delete distribution list members.
|
-r moderator
|
The moderator's email address.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To create a group testgroup to the domain domain1.com:
|
imadmin group create -D chris -e testgroup@siroe.com \
-n siroe.com -w bolton -G testgroup -d domain1.com \
-m lorca@siroe.com -M achiko@sesta.com
|
|
imadmin group delete
The imadmin group delete command deletes a single group from the Messaging Server system. To delete multiple groups, use the -i option.
When you invoke the imadmin group delete command, the inetmailgroupstatus attribute of the group is set to deleted.
No undelete utility exists. However, you can use the ldapmodify command to change the status attribute of a group entry to active at any time before the purge grace period has expired and a purge is set to run against the entry.
Syntax
|
imadmin group delete -D login -G groupname -n domain -w password
[-d groupdomain] [-h] [-i inputfile] [-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following are mandatory options:
Option
|
Description
|
-D login
|
The user id of the user who has permission to execute this command.
|
-G groupname
|
The name of the group to be deleted. For example, mktg-list.
|
-n admindomain
|
The domain of the user specified by the -D option.
|
-w password
|
The password of the user specified by the -D option.
|
The following are non-mandatory options:
Option
|
Description
|
-d groupdomain
|
The domain of the group. If -d is not specified, the domain specified by the -n option is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To delete the group testgroup@domain1.com:
|
imadmin group delete -D chris -G testgroup@domain1.com \
-n siroe.com -w bolton
|
|
imadmin group modify
The imadmin group modify command changes the attributes of a single group that already exists in the Messaging Server system. To change multiple groups, use the -i option.
A mailing list is one type of group. When a message is sent to the group address, Messaging Server sends the message to all members in the group.
Syntax
|
imadmin group modify -D login -G groupname -n domain -w password
[-A [+|-]attributename:value] [-d groupdomain] [-h] [-i inputfile]
[-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following are mandatory options:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-G groupname
|
The name of the group to be modified. For example, mktg-list. The name of the group cannot be modified.
|
-n domain
|
The domain of the user specified by the -D option.
|
-w password
|
The password of the user specified by the -D option.
|
The following are non-mandatory options:
Option
|
Description
|
-A [+ | -]attributename:value
|
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. You can repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.
A "+" before the attributename indicates adding the value to the current list of attributes. A "-" indicates removing the value. If the "-" is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the "-" sign.
|
-d groupdomain
|
The domain of the group. If -d is not specified, the domain specified by the -n option is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To modify the group testgroup@domain1.com:
|
imadmin group modify -D chris -d siroe.com -G testgroup \
-n siroe.com -w bolton
|
|
imadmin group purge
The imadmin group purge command permanently removes all deleted groups from the Messaging Server system.
As part of periodic maintenance operations, use the imadmin group purge command to permanently remove all groups that have been deleted for a time period that is longer than the specified grace period.
You can perform a purge at any time by invoking the command manually.
When you invoke the command, the following actions occur:
The directory is searched and a list of Messaging Server groups is created whose entries include groups that have been marked for deletion longer than the specified grace period. (The default value for the grace period is initially set to 10 days at the time of installation.)
Each group's entire directory entry is removed or stripped of all mail related attributes if the -S option is specified.
No undelete utility exists. However, you can use the ldapmodify command to change the status attribute of a group entry to active at any time before the purge grace period has expired and a purge is set to run against the entry.
Syntax
|
imadmin group purge -D login -n domain -w password [-d groupdomain]
[-G groupname] [-g grace] [-h] [-i inputfile] [-P] [-p idaport]
[-S] [-s] [-v] [-X idahost]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-n domain
|
The domain of the user specified with the -D option.
|
-w password
|
The password of the user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d groupdomain
|
The domain of the group to be purged. If -d is not specified, the domain of -n is used.
|
-G groupname
|
The name of the group to be purged. For example, mktg-list. The name of the group cannot be modified.
|
-g grace
|
The grace period in days before the group is purged. Groups marked for deletion for less than grace days will not be purged. A 0 indicates purge immediately. The default value is read from the configuration file on the server. At installation time the default value is set to 10 days.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-P
|
Preview only.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-S
|
Strip mail attributes only.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To purge an existing group:
|
imadmin group purge -D chris -n siroe.com -w bolton \
-G groupname
|
|
imadmin group search
The imadmin group search command obtains all the directory properties associated with a single group. To obtain all the directory properties for multiple groups, use the -i option.
Syntax
|
imadmin group search -D login -n domain -w password [-d groupdomain]
[-G groupname] [-h] [-i inputfile] [-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-n domain
|
The domain of the user specified by the -D option.
|
-w password
|
The password of the user specified by the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d groupdomain
|
The domain of the group to be searched. If -d is not specified, the domain of -n is used.
|
-G groupname
|
The name of the group to be searched. For example, mktg-list. If -G is not specified, all groups in the domain specified by -d are displayed.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To search new groups:
|
imadmin group search -D chris -n siroe.com -w password \
-G=newgroup
|
|
imadmin user create
The imadmin user create command creates a single user to the Messaging Server system. To create multiple users, use the -i option.
Syntax
|
imadmin user create -D login -F firstname -L lastname -l userid
-n domain -W password -w password [-A [+|-]attributename:value]
[-d userdomain] [-H hostname] [-h] [-I initial] [-i inputfile]
[-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-F firstname
|
The user's first name.
|
-L lastname
|
The user's last name.
|
-l userid
|
The user's login name.
|
-n domain
|
The domain of the user specified by the -D option.
|
-W password
|
The user's password.
|
-w password
|
The password of the user specified by the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-A [+ | -]attributename:value
|
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. You can repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.
A "+" before the attributename indicates adding the value to the current list of attributes. A "-" indicates removing the value. If the "-" is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the "-" sign.
|
-d userdomain
|
The domain of the user. If -d is not specified, the value of -n is used.
|
-H mailhost
|
The mail host to which this user responds (for example, mailhost.bavo.com). The default is the local mail host.
|
-h
|
Prints command usage syntax.
|
-I initial
|
The user's middle initial.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
The following command creates a user:
|
imadmin user create -D chris -n siroe.com -w bolton -F Rachel \
-L Smith -l rsmith -W secret
|
|
imadmin user delete
The imadmin user delete command deletes a single user from the Messaging Server system and sets the inetuserstatus to "deleted." To delete multiple users, use the -i option.
No undelete utility exists. However, you can use the ldapmodify command to change the status attribute of a user entry to active at any time before the purge grace period has expired and a purge is set to run against the entry.
Syntax
|
imadmin user delete -D login -l username -n domain -w password
[-d userdomain] [-h] [-i inputfile] [-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-l username
|
The user's user id.
|
-n domain
|
The domain of the user specified by the -D option.
|
-w password
|
The password of the user specified by the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d userdomain
|
The domain of the user. If -d is not specified, the domain of -n is assumed.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To delete a user:
|
imadmin user delete -D chris -l user1 -n siroe.com -w bolton
|
|
imadmin user modify
The imadmin user modify command changes the attributes of a single user that already exists in the Messaging Server system. To change multiple users, use the -i option.
Syntax
|
imadmin user modify -D login -l userid -n domain -w password
[-A [+|-]attributename:value] [-d userdomain] [-h] [-i inputfile]
[-p idaport] [-X idahost] [-s] [-v]
|
|
Options
The following are mandatory options:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-l userid
|
The user id of the user to be modified.
|
-n domain
|
The domain of the user specified by the -D option.
|
-w password
|
The password of the user specified by the -D option.
|
The following are non-mandatory options:
Option
|
Description
|
-A [+ | -]attributename:value
|
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. You can repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute.
A "+" before the attributename indicates adding the value to the current list of attributes. A "-" indicates removing the value. If the "-" is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the "-" sign.
|
-d userdomain
|
The domain of the user. If -d is not specified, the domain specified by the -n option is used.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To modify the user user1@domain1.com:
|
imadmin user modify -D chris -l sydney -d siroe.com \
-n siroe.com -w bolton
|
|
imadmin user purge
The imadmin user purge command permanently deletes a single user from the Messaging Server system. To permanently delete multiple users, use the -i option.
As part of periodic maintenance operations, use the imadmin user purge command to permanently delete all users that have been deleted by the status attribute for a time period that is longer than the specified grace period.
You can perform a purge at any time by invoking the command manually.
When you invoke the command, the following actions occur:
The directory is searched and a list of Messaging Server users is created whose entries include users that have been marked for deletion longer than the specified grace period. (The default value for the grace period is initially set to 10 days at the time of installation.)
Each user's Personal Address Book is deleted from the directory.
Each user's mailbox is deleted from the message store.
Each user's entire directory entry is removed if the value of the inetuserstatus attribute is deleted. Each user is stripped of mail-related attributes if the mailuserstatus attribute is deleted.
No undelete utility exists. However, you can use the ldapmodify command to change the status attribute of a user entry to active at any time before the purge grace period has expired and a purge is set to run against the entry.
Pass-through Authentication
If separate directories exist for configuration and user-group, in order to run imadmin user purge pass-through authentication for the configuration directory must be set up in order for it to point to the user-group directory.
This passes the authentication of the service administrator performed by the Administration Server, before it can run the Common Gateway Interface (CGI) to delete user mailboxes, on to the user-group directory.
The following line should be added (one single line) to the configuration directory's slapd.conf file:
|
plugin preoperation on "Pass Through Authentication"
"SERVER_ROOT/lib/passthru-plugin.so"
passthruauth_init"ldap://ugldap.varrius.com/SEARCH_BASE"
|
|
SEARCH_BASE can be o=varrius.com or o=internet that is the OSI suffix in the user-group directory. If this search base exists in the configuration directory as well, then a narrower search base should be provided that does not exist in the configuration directory, for example, dc=varrius, dc=com, o=internet. If the suffix (or search base) also exists in the configuration directory, this will not work.
Refer to the following site for details on how to use the pass-through authentication plug-in: http://docs.iplanet.com/docs/manuals/directory/41/technote/passthru.htm. If you are using iPlanet Directory Server 5.x, see http://docs.iplanet.com/docs/manuals/directory/51/html/ag/pasthru.htm.
Multiple Message Stores
In order for the imadmin user purge utility to work across multiple message stores, the resource.properties files must be changed. For each message store and its associated Administration Server, add MsgSvr$N-name, MsgSvr$N-adminurl, and MsgSvr$N-cgipath to the iPlanet Delegated Administrator file: resource.properties. Find this file in the iDA_INSTALL_DIRECTORY/nda/classes/netscape/nda/servlet/ directory.
For an explanation of these configuration parameters, see the UNIX Installation Instructions "Install Screen 4 - Enable Purge Command" in the iPlanet Delegated Administrator for Messaging and Collaboration Installation and Administration Guide.
In order to allow for connections from the iPlanet Delegated Administrator host to the Administration Server hosts, change all the Administration Server's connection restrictions, if necessary. Make these changes from the Configuration tab in the Administration Server Console.
Syntax
|
imadmin user purge -D login -n domain -w password [-d userdomain]
[-g grace] [-h] [-i inputfile] [-l userid] [-P] [-p idaport] [-X idahost]
[-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-n domain
|
The domain of the user specified by the -D option.
|
-w password
|
The password of the user specified by the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-d userdomain
|
The domain of the user to be purged. If -d is not specified, the domain of -n is used.
|
-g grace
|
The grace period in days before the user is purged. Users marked for deletion for less than grace days will not be purged. A 0 indicates purge immediately. The default value is read from the configuration file on the server. At installation time the default value is set to 10 days.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-l userid
|
The user id of the user to be purged. If -l is not specified, all users marked as "deleted" in the domain specified by -d are purged.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To purge an existing user:
|
imadmin user purge -D chris -w bolton -n siroe.com -l scott
|
|
imadmin user search
The imadmin user search command obtains all the directory properties associated with a single user. To obtain all the directory properties for multiple users, use the -i option.
Syntax
|
imadmin user search -D login -n domain -w password [-d userdomain]
[-F firstname] [-h] [-i inputfile] [-L lastname] [-l userid] [-p idaport]
[-X idahost] [-s] [-v]
|
|
Options
The following options are mandatory:
Option
|
Description
|
-D login
|
The user id of the user with permission to execute this command.
|
-n domain
|
The domain of the user specified with the -D option.
|
-w password
|
The password of the user specified with the -D option.
|
The following options are non-mandatory:
Option
|
Description
|
-F firstname
|
The user's first name.
|
-L lastname
|
The user's last name
|
-l userid
|
The user's user id. If the -l option is not specified, all users of the domain specified by -n are returned.
|
-h
|
Prints command usage syntax.
|
-i inputfile
|
Reads the command information from a file instead of from the command line.
|
-p idaport
|
Use this option to specify an alternate TCP port where the iDA server is listening. If not specified, the default idaport will be used, or 80 if no default was configured at install time.
|
-X idahost
|
Specifies an alternate host on which the enterprise server is running. If the -X option is specified and that server does not respond, then the command will fail; it does not try to connect to the default server. If not specified, the default idahost will be used, or the localhost if no default was configured at install time.
|
-s
|
Use SSL (Secure Socket Layer) to connect to the iDA server.
|
-v
|
Enable debugging output.
|
Example
To search for a user with the login testuser:
|
imadmin user search -D chris -n siroe.com -w bolton \
-l testuser
|
|