Sun Java System Access Manager Policy Agent 2.2 Guide for BEA WebLogic Server/Portal 9.2

agentadmin --getUuid

This section demonstrates the format and use of the agentadmin command with the --getUuid option.


Example 2–17 Command Format: agentadmin --getUuid

The following example illustrates the format of the agentadmin command with the --getUuid option:


./agentadmin --getUuid userName IdType realmName

The following arguments are supported with the agentadmin command when using the --getUuid option:

userName

Use this first parameter of the --getUuid option to specify the name associated with the identity type. The identity type is represented in this example as the IdType parameter. Therefore, if the identity type is for a user, this userName parameter would be the name of that user.

IdType

Use this second parameter to specify a valid identity type. The following are examples of valid identity types: user, role, group, filtered role, agent, and such.

realmName

Use this third parameter to specify the name of the default organization of the Access Manager installation.

For example, if the ID of the user is manager, the identity type is role, and the realm name is dc=example,dc=com, the following would be the universal ID:


id=manager,ou=role,dc=example,dc=com


Caution – Caution –

The universal ID concept is only valid starting with Access Manager 7. Do not use this option with earlier versions of Access Manager, such as version 6.3. If the application is deployed with Access Manager 6.3 principals or roles, replace the role-to-principal mappings with the distinguished name (DN) of the user in Access Manager 6.3.



Example 2–18 Command Usage: agentadmin --getUuid

In Access Manager 7, issuing the agentadmin command with the --getUuid option retrieves the universal ID of any identity type in Access Manager 7.

The following information about how to map Access Manager roles to the principal names is agent specific. This information does not apply to all J2EE agents, but does, for example, apply to Agent for BEA WebLogic Server/Portal 9.2.

If you run the agent in J2EE_POLICY mode, map Access Manager roles to the principal names defined in the respective application's deployment descriptor file (or files).

Use the correct universal IDs generated by this command as the Access Manager roles. The mapping is established by setting the property com.sun.identity.agents.config.privileged.attribute.mapping[] in the J2EE agent Access Manager.

For more information, see the following: