This section provides descriptions, syntax, and examples of the command line tools.
The following are the mandatory options used for authenticating the administrator or the user.
Options |
Description |
---|---|
-D userid |
User ID used to bind to the directory. |
-w password |
Password used to authenticate the user ID to the directory. You may also specify password via a text file, password.txt. For example, if you specify -w mypassword.txt, and the content of the mypassword.txt file is secret, the commadmin utility takes the string secret as the password. Note that if you specify -w mypassword.txt, and the mypassword.txt file does not exist, the commadmin utility takes the string mypassword.txt itself as the password. |
-n domain |
The domain the administrator belongs to. (For more information, see the Note shown below this table.) |
The Access Manager Host (-X), Access Manager Port (-p), and the default domain (-n) values are specified during installation and stored in the cli-userprefs.properties file.
If the -X, -p, and -n options are not specified at the time when a commadmin command is executed, their values are taken from the cli-userprefs.properties file.
The commadmin admin add command grants the Organization Administrators privileges to a user for a particular domain. Only a Top-Level Administrator or an ISP administrator can execute this command.
commadmin admin add -D login -l login -n domain -w password -d domain [-h] [-i inputfile] [-p AM port] [-X AM host] [-?] [-s] [-v] [-V]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the Top-Level Administrator. |
-l login |
The user ID of the user to whom you want to grant organization administrative privileges. The user should be present in the directory and be a part of the domain specified by the -d option. |
-n domain |
The domain of the Top-Level Administrator. If not specified, default domain stored in the cli-userprefs.properties file is used. |
-w password |
The password of the Top-Level Administrator. |
-d domain |
The domain to which you want to grant administrative privileges. If not specified, the domain specified by the -n option is used. |
The following options are non-mandatory:
Options |
Description |
---|---|
-i inputfile |
Reads the command information from a file instead of the command line. |
-p AM port |
Use this option to specify an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-X AM host |
Specify the host on which the Access Manager is running. If not specified, the default AM host is used |
-h, -? |
Prints command usage syntax. |
-V |
Prints information about the utility and its version. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-v |
Enable debugging output. |
The following grants Organization Administrator privileges to the user with the user ID admin1.
commadmin admin add -D chris -n sesta.com -w bolton -l admin1 \ -d florizel.com |
The following grants Organization Administrator privileges to the user with the user ID admin2 for the domain florizel.com.
commadmin add admin -D chris -w bolton -l admin2 -n varrius.com \ -d florizel.com |
The commadmin admin remove command removes the Organization Administrator privileges from an existing Organization Administrator. Only a Top-Level Administrator can execute this command.
To remove Organization Administrator privileges from multiple users, use the -i option.
commadmin admin remove -D login -l login -n domain -w password -d domain name [-h] [-?] [-i inputfile] [-p AM port] [-X AM host] [-s] [-v] [-V]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the Top-Level Administrator. |
-l login |
The user ID of the user whose administrator privileges need to be revoked. |
-n domain |
The domain of the Top-Level Administrator. |
-w password |
The password of the Top-Level Administrator. |
-d domain name |
The domain to which administrator privileges are revoked. If -d is not specified, the domain specified by -n is used. |
The following options are non-mandatory:
Option |
Description |
---|---|
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-p AM port |
Use this option to specify an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-X AM host |
Specify the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
The following command removes Organization Administrator privileges from the administrator with user ID admin5:
commadmin admin remove -D chris -n sesta.com -w bolton -l admin5 -d test.com |
The commadmin admin search command searches and displays a specific or all Organization Administrators of a domain.
commadmin admin search -D login -n domain -w password [-l login] [-d domain]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the user with permission to execute this command. |
-n domain |
The domain of the user specified with the -D option. |
-w password |
The password of the user specified with the -D option. |
The following options are non-mandatory:
Option |
Description |
---|---|
-l login |
The user ID of the Organization Administrator searched for. If -l is not specified or -l is specified with the wildcard operator (-l\\* or -l ’*’) all Organization Administrators of the domain are displayed. |
-d domain |
Searches for users who have Organization Administrator privileges for the specified domain. If -d is not specified, the domain specified by -n is used. |
To search for all Organization Administrators of the test.com domain:
commadmin admin search -D chris -n sesta.com -w bolton -d test.com |
The commadmin debug log command creates a Delegated Administrator server log that contains debug statements generated by the Delegated Administrator servlets installed on the Web container.
commadmin debug log -D login -n domain -w password -t [ on|off ] -f path and file name
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the Top-Level Administrator. |
-n domain |
The domain of the Top-Level Administrator. |
-t [ on|off ] |
Toggles between turning on the debug log and turning it off. The value on causes the server to start writing debug statements to the log. The value off causes the server to stop writing debug statements to the log. If you specify -t on to turn on debug logging to an existing log file, the new debug statements are appended to the end of the existing file. |
-w password |
The password of the Top-Level Administrator. |
The following option is non-mandatory:
Option |
Description |
---|---|
-f path and file name |
The full path where the log will be created, including the file name of the log. The path must be one of the following two directories: /tmp/ /var/tmp/ The file name can be any file name. If the -f option is not specified, the default value is /tmp/commcli.log. |
To create a new debug log, enter:
commadmin debug log -D paul -n sesta.com -w bolton \ -t on -f /tmp/debug.log |
To turn off logging to an existing log file, enter:
commadmin debug log -D paul -n sesta.com -w bolton \ -t off |
You do not have to specify the file name when you turn off the log.
The commadmin domain create command creates a single domain on the Access Manager. To create multiple domains, use the -i option.
commadmin domain create -D login -d domain name -n domain -w password [-A [+] attributename:value] [-h] [-?] [-i inputfile] [-o organization RDN] [-p AM port] [-s] [-v] [-V] [-X AM host] [-S mail -H preferred mailhost] [-S cal [-B backend calendar data server] [-C searchable domains] [-g access control string] [-P propertyname[:value]] [-R right[:value]] [-T calendar time zone string]]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the Top-Level Administrator. |
-d domain name |
DNS domain name of the domain that is being created. |
-n domain |
The domain of the Top-Level Administrator. |
-w password |
The password of the Top-Level Administrator. |
The following options are non-mandatory:
Option |
Description |
---|---|
-A [+ ]attributename:value |
An attribute to modify. The attributename is defined in the LDAP schema and the value specified replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the attributename indicates adding the value to the current list of attributes. If the action value (+), is not specified, the default action is to add the existing value. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-o organization RDN |
Specifies the organization RDN for the domain. For example, o=varrius.florizel.com. If this option is not specified then the organization is created under the osi suffix, with o=the name of the domain, o=osiSuffix. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
-S service |
Specifies the service or services to be added to the domain. service can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive. If the -S mail option is specified, then the -H option must be specified. Can be listed as a comma-separated list. For Example: -S mail,cal A domain is created with the services mentioned depending on the value of the particular service definition present in the configuration file of Access Manager. |
The following option is only allowed if the -S mail option is specified: | |
-H preferred mailhost |
The preferred mail host for the domain. The host must be a fully qualified host name, for example, mailhost.sesta.com. This option is mandatory if the -S mail option is specified. |
The following options are only allowed if the -S cal option is specified: | |
-B backend calendar data server |
Specifies the default backend host assigned to a user or resource in a domain. |
-C searchable domains |
Specifies the domains to be searched when looking for calendars or users. |
-g access control string |
Specifies the Access Control List (ACL) for newly created user calendar. |
-P propertyname[:value] |
Sets values for multi-valued and bit oriented attributes. Refer to table Attribute Values for attributes, their descriptions and values. |
-R right[:value] |
Sets calendar domain attribute icsAllowRights. The attribute holds a bitmap value. See Attribute Values for a list of attributes, their value, and description. |
-T calendar time zone string |
Specifies the time zone ID used when importing files. See Calendar Time Zone Strings for a list of the valid time zone strings. |
To create a new domain with mail and calendar services, enter:
commadmin domain create -D chris -d florizel.com -n sesta.com -w bolton \ -S mail,cal -H mailhost.sesta.com |
The commadmin domain delete command marks a single hosted domain as deleted from the server. To mark multiple hosted domains as deleted, use the -i option.
When you mark a domain as deleted, all user and group entries in the domain are marked as deleted.
The commadmin domain purge command will permanently remove the domain.
To disable Organization Administrators usage of a service like calendar service or mail service, use the -S option. Here S is in uppercase.
commadmin domain delete -D login -d domain name -n domain -w password [-h] [-?] [-i inputfile] [-p AM port] [-s] [-S service] [-v] [-V] [-X AM host]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the Top-Level Administrator. |
-d domain name |
The DNS domain name that is being deleted. If -d is not specified, the domain specified by -n is used. |
-n domain |
The domain of the Top-Level Administrator. |
-w password |
The password of the Top-Level Administrator. |
The following options are non-mandatory:
Option |
Description |
---|---|
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured during installation. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-S service |
Modifies the value of the specified service status attribute value to ”deleted’. Multiple services are separated by a comma. The valid service values are mail and cal. These values are case-insensitive. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
To delete an existing domain:
commadmin domain delete -D chris -w bolton -d florizel.com -n sesta.com |
To delete just the mail service from the florizel.com domain:
commadmin domain delete -D chris -w bolton -d florizel.com -n sesta.com \ -S mail |
The commadmin domain modify command modifies attributes of a single domain’s directory entry. To modify multiple domains, use the -i option.
commadmin domain modify -D login -d domain -n domain -w password [-A [+|-]attributename:value] [-h] [?] [-i inputfile] [-p AM port] [-s] [-v] [-V] [-X AM host] [-S mail -H preferred mailhost] [-S cal [-g access string] [-C cross domain search domains] [-B backend calendar data server] [-P [action]propertyname[:value]] [-R propertyname[:value]] [-T calendar time zone string]]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the Top-Level Administrator. |
-d domain |
The DNS domain name to be modified. If -d is not specified, the domain specified by -n is used. |
-n domain |
The domain of the Top-Level Administrator. |
-w password |
The password of the Top-Level Administrator. |
The following options are non-mandatory:
Option |
Description |
---|---|
-A [+ | -]attributename:value |
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the attributename indicates adding the value to the current list of attributes. A “-” indicates removing the value. If the “-” is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the “-” sign. If the action value (+ or -), is not specified, the default action is to replace the existing value. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
-S service |
Adds the specified service or services to the domain during modification. The valid service values are mail and cal. These values are case-insensitive. The services listed with the -S option are separated by a comma. If -S mail is specified, then the -H option must be specified. |
When adding a service, the following option is only allowed if the -S mail option is specified: | |
-H preferred mailhost |
The preferred mailhost for the domain. This option is mandatory if the -S mail option is specified. |
When adding a service, the following options are only allowed if the -S cal option is specified: | |
-B backend calendar data server |
The default backend host assigned to a user or resource in a domain. |
-C cross domain search domains |
Specifies the domains to be searched when looking for calendars or users. |
-g access string |
Specifies the Access Control List (ACL) for newly created user calendar. |
-P [action]propertyname[:value] |
Sets the values for multi-valued and bit oriented attributes. Refer to table Attribute Values for the descriptions and values of propertyname. |
-T calendar time zone string |
Time zone ID used when importing files. See Calendar Time Zone Strings for a list of the valid time zone strings. |
-R propertyname[:value] |
Sets calendar domain attribute icsAllowRights. The attribute holds a bitmap value. See Attribute Values for a list property names, their value, and description. |
To modify an existing domain:
commadmin domain modify -D chris -w bolton -n sesta.com -d varrius.com \ -A preferredmailhost:test.siroe.com |
The commadmin domain purge command permanently removes all entries or service of entries that have been marked for removal. This can include domains, users, groups, and resources.
As part of periodic maintenance operations, use the commadmin domain purge command to remove all entries that have been deleted for a time period that is longer than the specified grace period.
You can perform a purge at any time by invoking the command manually.
When you invoke the command, the directory is searched and a list of domains is created whose entries include domains that have been marked for deletion longer than the specified grace period. The default value for the grace period is set to 5 days.
If the -d* option is specified, all domains are searched for users and domains that are marked as deleted. Users that are marked as deleted will be purged from their domain, but the domain will not be purged unless it is also marked as deleted. If a domain is marked as deleted, it will be purged along with all users within that domain.
After a service has been marked as deleted, a utility that removes resources such as mailboxes or calendars must be run before the service can be purged from the directory. For mail services, the program is called msuserpurge. Refer to the Sun Java System Messaging Server Administration Reference for information about the msuserpurge utility. For calendar services, the program is csclean. Refer to the Sun Java System Calendar Server Administration Guide for information about the csclean utility.
The commadmin domain purge command must be run by the Top-Level Administrator.
This procedure permanently removes users, groups, and Calendar resources from a domain. The domain itself remains intact in the LDAP directory. Only the LDAP entries selected for deletion are removed.
Mark the users, groups, and resources as deleted.
For example, to mark selected entries as deleted in the florizel.com domain:
commadmin user delete -D chris -w bolton -d florizel.com \ -n sesta.com -i deletedusers |
commadmin group delete -D chris -w bolton -d florizel.com \ -n sesta.com -i deletedgroups |
commadmin resource delete -D chris -w bolton -d florizel.com \ -n sesta.com -i deletedresources |
In the preceding examples, deletedusers, deletedgroups, and deletedresources are input files listing the entries marked for deletion.
You also can use the Delegated Administrator console to delete entries:
Remove resources from the selected users, groups, and calendars in the domain.
A resource can be a mailbox or a calendar.
For mail services, run the msuserpurge utility.
Refer to the Sun Java System Messaging Server Administration Reference for information about the msuserpurge utility.
For calendar services, run the csclean utility.
Refer to the Sun Java System Calendar Server Administration Guide for information about the csclean utility.
Permanently remove the selected entries from the domain by invoking the commadmin domain purge command.
For example, to remove selected users, groups, and resources from the florizel.com domain:
commadmin domain purge -D chris -w bolton -d florizel.com -n sesta.com |
In the preceding command, the florizel.com domain remains intact. Only the entries specified in the deletedusers, deletedgroups, and deletedresources input files are removed.
This procedure permanently removes mail and calendar services from a domain and from each user, group, and resource in the domain. The domain itself, including its subordinate LDAP entries, remains intact in the directory.
Mark the service(s) in the domain as deleted by running the commadmin domain delete command.
For example, to mark mail and calendar services as deleted in the florizel.com domain:
commadmin domain delete -D chris -w bolton -d florizel.com -n sesta.com \ -S mail,cal |
Remove resources from all users, groups, and resources in the domain.
A resource can be a mailbox or a calendar.
For mail services, run the msuserpurge utility.
Refer to the Sun Java System Messaging Server Administration Reference for information about the msuserpurge utility.
For calendar services, run the csclean utility.
Refer to the Sun Java System Calendar Server Administration Guide for information about the csclean utility.
If the mailbox or calendar of any user in the domain is not removed, the service cannot be purged from the domain. For example, for mail service, be sure that the grace period has been reached and that the msuserpurge utility has been run on all mail message stores encompassed by the domain.
Permanently remove the service(s) from the domain by invoking the commadmin domain purge command.
For example, to remove mail and calendar services from the florizel.com domain:
commadmin domain purge -D chris -w bolton -d florizel.com -n sesta.com \ -S mail,cal |
This procedure permanently removes a domain from the directory. All user, group, and resource entries in the domain are also removed from the directory.
Mark the domain as deleted by running the commadmin domain delete command.
For example, to mark the florizel.com domain as deleted:
commadmin domain delete -D chris -w bolton -d florizel.com -n sesta.com |
You also can use the Delegated Administrator console to mark the domain for deletion by selecting the organization on the Organizations page and clicking Delete.
Remove resources from all users, groups, and resources in the domain.
A resource can be a mailbox or a calendar.
For mail services, run the msuserpurge utility.
Refer to the Sun Java System Messaging Server Administration Reference for information about the msuserpurge utility.
For calendar services, run the csclean utility.
Refer to the Sun Java System Calendar Server Administration Guide for information about the csclean utility.
If the mailbox or calendar of any user in the domain is not removed, the domain cannot be removed. For example, for mail service, be sure that the grace period has been reached and that the msuserpurge utility has been run on all mail message stores encompassed by the domain.
Permanently remove the domain by invoking the commadmin domain purge command.
For example, to remove the florizel.com domain:
commadmin domain purge -D chris -w bolton -d florizel.com -n sesta.com |
commadmin domain purge -D login -n domain -w password -d domain [-g grace] [-h] [-?] [-i inputfile] [-p AM port] [-s] [-S service] [-v] [-V] [-X AM host]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the Top-Level Administrator. |
-n domain |
Domain of the Top-Level Administrator. |
-w password |
Password of the Top-Level Administrator. |
-d domain |
Purge specified domain. The * operator (-d*) may be used to search for a pattern. |
The following options are non-mandatory:
Option |
Description |
---|---|
-g grace |
Delay period (grace period) in days before the domain is purged. Domains marked for deletion for fewer than grace days will not be purged. For example, if you use -g 7, all entries that have been marked for deletion for 7 days and more are purged, but entries marked for deletion for 6 days and fewer are not purged. A 0 indicates purge immediately. The default value is 5 days. The default value cannot be changed permanently. You can change the grace period only by using the -g grace option in the commadmin domain purgecommand. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-S service |
Removes service related object classes and attributes from the domain. If the domain contains users and resources it removes the service specific data from the directory for these users and resources. The list of services is separated by the comma (,) delimiter. The valid service values are mail and cal. These values are case-insensitive. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
In the following example, the siroe.com domain is purged and all entries within the domain are also removed:
commadmin domain purge -D chris -d siroe.com -n sesta.com -w bolton |
The commadmin domain search command obtains all the directory properties associated with a single domain. To obtain all the directory properties for multiple domains, use the -i option. When - S is specified in this command, only the domains having active specified services are displayed.
commadmin domain search -D login -n domain -w password [-d domain] [-h] [-?] [-i inputfile] [-p AM port] [-s] [-S service] [-t Search Template] [-v] [-V] [-X AM host]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the user with permission to execute this command. |
-n domain |
The domain of the user specified with the -D option. |
-w password |
The password of the user specified with the -D option. |
The following options are non-mandatory:
Option |
Description |
---|---|
-d domain |
Search for this domain. If -d is not specified or -d* is specified, all domains are displayed. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-S service |
Specifies the services to be searched in the active domains. service can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: -S mail,cal |
-t Search template |
Specifies the name of the search templates to be used instead of the default search templates. Only active domains are displayed after the search. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
The commadmin group create command adds a single group to the Access Manager. To create multiple groups, use the -i option.
If a group is created without any members, by default, it is a static group.
Groups cannot contain both static and dynamic members.
An email distribution list is one type of group. When a message is sent to the group address, Access Manager sends the message to all members in the group.
commadmin group create -D login -G groupname -n domain -w password [-A [+]attributename:value] [-d domain] [-f ldap-filter] [-h] [-?] [-i inputfile] [-m internal-member] [-p AM port] [-s] [-v] [-V] [-X AM host] [-S service [-H mailhost] [-E email] [-M external-member] [-o owner] [-r moderator]] [-a true|false ] [-b true|false ] [-c group id] [-j DWPHost] [-q secondary owner] [-t time zone]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the user who has permission to execute this command. |
-n domain |
The domain of the user specified by the -D option. |
-G groupname |
The name of the group (for example, mktg-list). |
-w password |
The password of the user specified by the -D option. |
The following options are non-mandatory:
Option |
Description |
---|---|
-A [+ ]attributename:value |
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the attributename indicates adding the value to the current list of attributes. |
-d domain |
The fully qualified domain name of the group (for example, varrius.com). The default is the local domain. If -d is not specified, the domain specified by -n is used. |
-f ldap-filter |
Creates dynamic groups. Setup the LDAP filter by specifying an attribute or a combination of attributes. Multiple -f commands can be specified to define many LDAP filters for members of a group. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-m internal -member |
User ID of the internal members added to this group. To add more than one member, use multiple -m options. This options should be used to create static groups. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-S service |
Specifies the services to be added to the Group. service can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: -S mail,cal |
If the -S mail option is specified, the following options are allowed:
Option |
Description |
---|---|
-o owner |
The group owner’s email address. An owner is the individual responsible for the distribution list. An owner can add or delete distribution list members. (This option is also allowed, and is mandatory, when the -S cal option is specified.) |
-E email |
The email address of the group. (This option is also allowed when the -S cal option is specified.) |
-H mailhost |
The mail host to which this group responds (for example, mailhost.varrius.com). The default is the local mail host. |
-M external-member |
Adds an external member to this group. The value of external-member is the user email address. To add more than one member, use multiple -M options. |
-r moderator |
The moderator’s email address. |
If the -S cal option is specified, the following option is mandatory:
Option |
Description |
---|---|
-o owner |
The group owner’s email address. An owner is the individual responsible for the Calendar group's distribution list. An owner can add or delete distribution list members. The group owner must have Calendar service. (This option is also allowed when the -S mail option is specified.) |
If the -S cal option is specified, the following non-mandatory options are allowed:
Option |
Description |
---|---|
-a true|false |
Allows or disallows calendar appointments to be accepted automatically. true enables automatic acceptance of appointments. false disables automatic acceptance of appointments. |
-b true|false |
Allows or disallows calendar appointments to be double-booked, permitting more than one appointment at the same time. true enables double-booking of appointments. false disables double-booking of appointments. |
-c group id |
Specifies a group ID for the Calendar group. If this option is not specified, Delegated Administrator automatically supplies a group ID. |
-E email |
The email address of the group. This address is used to notify group members of Calendar events. (This option is also allowed when the -S cal option is specified.) |
-j DWPHost |
The DNS name of the back-end calendar server which hosts this Calendar group's calendar. This host is the Database Wire Protocol (DWP) server that stores the calendar and its data. If the DNS name of the back-end calendar server is not specified, the value stored in the ics.conffile of the server is used as the default value. |
-q secondary owner |
The secondary owner’s email address. A secondary owner can manage the Calendar group's distribution list. To add more than one secondary owner, use multiple -q secondary owner options. All secondary owners must have Calendar service. |
-t time zone |
The time zone used to display the Calendar group's calendar in the calendar’s user interface. See Calendar Time Zone Strings for a list of the valid time zone strings. |
To create a group testgroup in the domain sesta.com:
commadmin group create -D chris -n sesta.com -w bolton -G testgroup \ -d sesta.com -m lorca@sesta.com -S mail,cal -M achiko@varrius.com \ -o achiko@varrius.com -c calgroup1 |
The commadmin group delete command marks a single group as deleted. To mark multiple groups as deleted, use the -i option.
To disable a group’s usage of services such as Calendar Server or Messaging Server use the -S option. Here S is in uppercase.
In order to permanently remove a group, you must run the following command: commadmin domain purge.
commadmin group delete -D login -G groupname -n domain -w password [-d domain] [-h] [-?] [-i inputfile] [-p AM port] [-s] [-S service] [-v] [-V] [-X AM host]
The following are mandatory options:
Option |
Description |
---|---|
-D login |
The user ID of the user who has permission to execute this command. |
-G groupname |
The name of the group to be marked as deleted. For example, mktg-list. |
-n domain |
The domain of the user specified by the -D option. |
-w password |
The password of the user specified by the -D option. |
The following are non-mandatory options:
Option |
Description |
---|---|
-d domain |
The domain of the group. If -d is not specified, the domain specified by the -n option is used. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-S service |
Modifies the value of the specified service status attribute value to ”deleted’. The services listed with the -S option are separated by a comma. The valid service values are mail and cal. These values are case-insensitive. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
The following example marks the group testgroup@varrius.com as deleted:
commadmin group delete -D chris -n sesta.com -w bolton -G testgroup \ -d varrius.com |
The following example marks the mail service for testgroup@varrius.com as deleted:
commadmin group delete -D chris -n sesta.com -w bolton -G testgroup \ -d varrius.com -S mail |
The commadmin group modify command changes the attributes of a single group that already exists in the Access Manager. To change the attributes of multiple groups, use the -i option.
A mailing list is one type of group. When a message is sent to the group address, Access Manager sends the message to all members in the group.
commadmin group modify -D login -G groupname -n domain -w password [-A [+|-]attributename:value] [-d domain] [-f [action]ldap-filter] [-h] [-?] [-i inputfile] [-m [+|-]internal-member] [-p AM port] [-s] [-v] [-V] [-X AM host] [-S mail [-o owner] [-E email] [-H mailhost] [-M external-member] [-r moderator] [-a true|false ] [-b true|false ] [-c group id] [-j DWPHost] [-q secondary owner] [-t time zone]
The following are mandatory options:
Option |
Description |
---|---|
-D login |
The user ID of the user with permission to execute this command. |
-G groupname |
The name of the group to be modified. For example, mktg-list. |
-n domain |
The domain of the user specified by the -D option. |
-w password |
The password of the user specified by the -D option. |
The following are non-mandatory options:
Option |
Description |
---|---|
-A [+ | -]attributename:value |
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the attributename indicates adding the value to the current list of attributes. A “-” indicates removing the value. If the “-” is used, it must be preceded by two backslashes or enclosed in quotes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the “-” sign. |
-d domain |
The domain of the group. If -d is not specified, the domain specified by the -n option is used. |
- f [action] ldap-filter |
Indicates whether a ldap filter is added to or removed from the group A “+” before the ldap-filter indicates that it is to be added to the existing filters. A “-” indicates removing the existing filter. Type -f-* to remove all the filters. If the “-” is used, it must be preceded by two backslashes or enclosed in quotes if the command is specified on the command line. If action is not specified, by default the filter is added provided it is not already present. Otherwise an error message is displayed. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-m [action] internal -member |
Indicates whether to add or remove an internal member. The value of internal-member is either a mail address or user ID. An action value of: + adds the member to an existing list of internal members. - removes the member from an existing list of internal members. If the “-” is used, it must be preceded by two backslashes or enclosed in quotes if the command is specified on the command line. -m-* removes all the internal members. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the local host if no default was configured at install time. |
-S service |
Specifies the services to be added to the group during modification. Before a service is added, Delegated Administrator validates whether the service already exists. If the service exists, an error message is displayed. service can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: -S mail,cal |
If the -S mail option is specified, the following options are allowed:
Option |
Description |
---|---|
-o owner |
The group owner’s email address. An owner is the individual responsible for the distribution list. An owner can add or delete distribution list members. (This option is also allowed, and is mandatory, when the -S cal option is specified.) |
-E email |
The email address of the group. (This option is also allowed when the -S cal option is specified.) |
-H mailhost |
The mail host to which this group responds (for example, mailhost.varrius.com). The default is the local mail host. |
-M external-member |
Adds an external member to this group. The value of external-member is the user email address. To add more than one member, use multiple -M options. |
-r moderator |
The moderator’s email address. |
If the -S cal option is specified, the following option is mandatory:
Option |
Description |
---|---|
-o owner |
The group owner’s email address. An owner is the individual responsible for the Calendar group's distribution list. An owner can add or delete distribution list members. The group owner must have Calendar service. (This option is also allowed when the -S mail option is specified.) |
If the -S cal option is specified, the following non-mandatory options are allowed:
Option |
Description |
---|---|
-a true|false |
Allows or disallows calendar appointments to be accepted automatically. true enables automatic acceptance of appointments. false disables automatic acceptance of appointments. |
-b true|false |
Allows or disallows calendar appointments to be double-booked, permitting more than one appointment at the same time. true enables double-booking of appointments. false disables double-booking of appointments. |
-c group id |
Specifies a group ID for the Calendar group. If this option is not specified, Delegated Administrator automatically supplies a group ID. |
-E email |
The email address of the group. This address is used to notify group members of Calendar events. (This option is also allowed when the -S cal option is specified.) |
-j DWPHost |
The DNS name of the back-end calendar server which hosts this Calendar group's calendar. This host is the Database Wire Protocol (DWP) server that stores the calendar and its data. If the DNS name of the back-end calendar server is not specified, the value stored in the ics.conffile of the server is used as the default value. |
-q secondary owner |
The secondary owner’s email address. A secondary owner can manage the Calendar group's distribution list. To add more than one secondary owner, use multiple -q secondary owner options. All secondary owners must have Calendar service. |
-t time zone |
The time zone used to display the Calendar group's calendar in the calendar’s user interface. See Calendar Time Zone Strings for a list of the valid time zone strings. |
To remove an internal member (jsmith) from the group testgroup within the domain varrius.com:
commadmin group modify -D chris -d varrius.com -G testgroup -n sesta.com \ -w bolton -m \\-jsmith |
To add Calendar service to the group testgroup within the domain varrius.com:
commadmin group modify -D chris -d varrius.com -G testgroup -n sesta.com \ -w bolton -S cal -o achiko@varrius.com -c calgroup1 |
The commadmin group search command obtains all the directory properties associated with a single group. To obtain all the directory properties for multiple groups, use the -i option.
commadmin group search -D login -n domain -w password [-d domain] [-E string] [-G string] [-h] [-?] [-i inputfile] [-p AM port] [-s] [-S service] [-t search template] [-v] [-V] [-X AM host]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the user with permission to execute this command. |
-n domain |
The domain of the user specified by the -D option. |
-w password |
The password of the user specified by the -D option. |
The following options are non-mandatory:
Option |
Description |
---|---|
-d domain |
The domain of the group to be searched. If -d is not specified, all domains are searched. |
-E string |
Email address of the group. The wildcard operator (*) may be used within any part of string. |
-G string |
The name of the group to be searched. For example, mktg-list. If -G is not specified, all groups in the domain specified by -d are displayed. The wildcard operator (*) may be used within any part of string. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-p AM port |
Specifies an alternate TCP port where the IS server is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-S service |
Specifies the service to be searched. The only valid value for service is mail. This value is case-insensitive. For Example: -S mail Only groups with active services are displayed. |
-t Search Template |
Specifies the name of the search templates to be used instead of the default search templates. This is an entry in the directory that defines the filter for the search. Only active groups are searched for. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
To search for a group named developers under the siroe.com domain:
commadmin group search -D chris -n sesta.com -w password -G developers \ -d siroe.com |
The commadmin resource create command creates a directory entry for a resource.
For instructions on creating a resource, see Creating a Resource.
commadmin resource create -D login -n domain -w password -u identifier -N name [-c calendar identifier] [-A [+]attributename:value] [-C DWPHost] [-d domainname ] [-h] [-?] [-i inputfile][-p AM port] [-s] [-T time zone] [-v] [-V] [-X AM host]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the user with permission to execute this command. |
-n domain |
Domain of the user specified with the -D option. |
-w password |
Password of the user specified with the -D option. |
-u identifier |
Resources’ unique identifier. This identifier value should be unique within the domain namespace or within all the users and resources the calendar manages in the calendar mode. |
-N name |
Friendly name used to display the resource in the calendar GUI. |
-c calendar identifier |
Identifier for this resource's calendar. The identifier value should be unique throughout all the calendars managed by the Calendar Server |
The following options are non-mandatory:
Option |
Description |
---|---|
-A [+ ] attributename:value |
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the attributename indicates adding the value to the current list of attributes. |
-C DWPHost |
The DNS name of the back end calendar server which hosts this user's calendars. If the DNS name of the backend calendar server is not specified, the value stored in the ics.conf file of the server is used as the default value. |
-d domain name |
Domain of the resource. If -d is not specified, the domain specified by -n is used. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-T time zone |
The time zone used to display the resource's calendar in the calendar’s user interface. See Calendar Time Zone Strings for a list of the valid time zone strings. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
To create a resource with Name peter in the calendar cal.siroe.com under the domain varrius.com:
commadmin resource create -D chris -n sesta.com -w bolton \ -d varrius.com -u id -c calid -N peter -C cal.siroe.com |
A resource consists of two data descriptions: a directory entry and a calendar in the Calendar Server database. The directory entry has an attribute, icsCalendar, whose value is the name of the calendar associated with the resource.
You can create a resource with the two data descriptions, using either of the following methods:
Use commadmin resource create to create a directory entry.
The calendar for the resource is created automatically when the resource is first invited to an event. The ics.conf parameter, resource.invite.autoprovision, determines whether a resource's calendar is created automatically when the resource is invited to an event. By default, the value of this parameter is set to Yes.
To create the resource's calendar before any invitations are sent to the resource, use the cscal utility.
Example
Use commadmin resource create to create a directory entry:
commadmin resource create -D amadmin -w ampassword -n blink.sesta.com \ -X blink -p 5555 -d varrius.com -u resourceOne \ -N firstResource -c resourceOneCalendar |
The directory entry is as follows:
dn: uid=resourceONE,ou=People,o=varrius,o=domainroot uid: resrouceONE objectClass: icsCalendarResource objectClass: top cn: firstResource icsStatus: active icsCalendar: resourceOne |
Use the csresource utility by itself. The csresource utility creates a directory entry and a calendar.
However, using csresource to create both the directory entry and the calendar is only recommended if the directory is in a Schema 1 environment and you are not using Access Manager.
You can now log in as any user and invite the resource to an event.
For a detailed description of the csresource and cscal utilities, see Appendix D, Calendar Server Command-Line Utilities Reference, in Sun Java System Calendar Server 6.3 Administration Guide.
The commadmin resource delete command marks the resource as deleted.
To permanently remove the resource, run the commadmin domain purge.
commadmin resource delete -D login -u identifier -n domain -w password [-d domainname] [-h] [-?] [-i inputfile] [-p AM port] [-s] [-v] [-V] [-X AM host]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the user with permission to execute this command. |
-n domain |
Domain of the user specified with the -D option. |
-w password |
Password of the user specified with the -D option. |
-u identifier |
Resource’s unique identifier |
The following options are non-mandatory:
Option |
Description |
---|---|
-d domainname |
Domain of the resource. If -d is not specified, the domain specified by -n is used. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specify the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
To mark a resource as deleted:
commadmin resource delete -D chris -n sesta.com -w bolton -u bill023 |
The commadmin resource modify command modifies the resource.
commadmin resource modify -D login -n domain -w password -u identifier [-A [+|-]attributename:value] [-d domainname ] [-h] [-?] [-i inputfile] [-N name] [-p AM port] [-s] [-T time zone] [-v] [-V] [-X sAM host]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the user with permission to execute this command. |
-n domain |
Domain of the user specified with the -D option. |
-w password |
Password of the user specified with the -D option. |
-u identifier |
Resources's unique identifier. |
The following options are non-mandatory:
Option |
Description |
---|---|
-A [+ | -]attributename:value |
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the attributename indicates adding the value to the current list of attributes. A “-” indicates removing the value. If the “-” is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the “-” sign. |
-d domainname |
Domain of the resource. If -d is not specified, the domain specified by -n is used. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-N name |
Common name used to display the resource in the calendar user interface. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-T time zone |
The time zone used to display resource's calendar in the calendar GUI. See Calendar Time Zone Strings for a list of the valid time zone strings. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
To modify a resource with the unique identifier bill023 with a new common name bjones:
commadmin resource modify -D chris -n sesta.com -w bolton -d test.com \ -u bill023 -N bjones |
The commadmin resource search command searches for a resource.
commadmin resource search -D login -n domain -w password [-d domain] [-h] [-?] [-i inputfile] [-N string] [-p AM port] [-s] [-t Search Template] [-u string] [-V] [-v] [-X AM host]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the user with the permission to execute this command. |
-n domain |
Domain of the user specified with the -D option. |
-w password |
Password of the user specified with the -D option. |
The following options are non-mandatory:
Option |
Description |
---|---|
-d domain |
Domain of the resource. Search is performed only in the domain. If -d is not specified or -d* is specified, then all domains are searched. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-N string |
Enter the resource’s common name. The wildcard operator (*) may be used within any part of string. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-t Search Template |
Specifies the name of the search templates to be used instead of the default search templates. This is an entry in the directory that defines the filter for the search. Only active resources are searched for. |
-u string |
The resource identifier specified must be unique for the domain namespace or for all the users and resources the calendar manages. The wildcard operator (*) may be used within any part of string. If the identifier is not specified or -l* is specified all resources are displayed during the search. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specify the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
To search for a resource arabella in the domain sesta.com:
commadmin resource search -D serviceadmin -w serviceadmin -n sesta.com \s -d sesta.com -u arabella |
The commadmin user create command creates a single user in the Access Manager system. To create multiple users, use the -i option.
commadmin user create -D login -F firstname -n domain -L lastname -l userid -w password -W password [-A [+]attributename:value] [-d domain] [-I initial] [-h] [-?] [-i inputfile] [-p AM port] [-s] [-v] [-V] [-X AM host] [-S mail [-E email] [-H mailhost]] [-S cal [-B DWPHost] [-E email] [-k calid_type] [-J First Day of Week] [-T time zone]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the user with permission to execute this command. |
-F firstname |
The user’s first name; must be a single word without any spaces. |
-n domain |
The domain of the user specified with the -D option. |
-l userid |
The user’s login name. |
-w password |
The password of the user specified with the -D option. |
-W password |
The password of the user that is being created. You may also specify password via a text file, password.txt. For example, if you specify -W mypassword.txt, and the content of the mypassword.txt file is secret, the commadmin utility takes the string secret as the password. Note that if you specify -W mypassword.txt, and the mypassword.txt file does not exist, the commadmin utility takes the string mypassword.txt itself as the password. |
-L lastname |
The User’s last name. |
The following options are non-mandatory:
Option |
Description |
---|---|
-A [+ ]attributename:value |
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the attributename indicates adding the value to the current list of attributes. |
-d domain |
Domain of the user. If -d is not specified, the domain specified by -n is used. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-I initial |
User’s middle initial. |
-h, -? |
Prints command usage syntax. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
-S service |
Adds the specified service to the user during creation. service can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: -S mail,cal |
The following options are only allowed if the -S mail option is specified: | |
-E email |
The email address of the user. |
-H mailhost |
The mail host of the user. |
The following options are only allowed if the -S cal option is specified: | |
-B DWPHost |
DNS name of the back end calendar that hosts the user’s calendar. |
-E email |
The email address of the calendar user. |
-J First Day of Week |
First day of the week shown when the calendar is displayed in the calendar server user interface. The valid values are 0-6 (0 is Sunday, 1 is Monday, and so on). |
-k calid_type |
Specifies the type of calendar id that is created. The accepted values are legacy and hosted. If -k legacy is specified, only the calendar id is used (for example, jsmith). If -k hosted is specified, the calendar id plus domain is used (for example, jsmith@sesta.com). If the -k option is not specified, the default is to use the calendar id plus domain (hosted). You can set the value of the calendar id type that is created if the -k option is not specified. To do so, add the following parameter to the resource.properties file: switch-caltype=value where value is “hosted” | “legacy”. The resource.properties file is located in the following directory: da-base/data/WEB-INF/classes/sun/comm/cli/ \ server/servlet/resource.properties |
-T time zone |
The time zone in which the user’s calendar is displayed. See Calendar Time Zone Strings for a list of the valid time zone strings. |
To create a new user, smith, enter:
commadmin user create -D chris -n sesta.com -w secret -F smith -l john \ -L major -W secret -S mail -H mailhost.siroe.com |
The commadmin user delete command marks a single user as deleted. To mark multiple users as deleted, use the -i option.
No undelete utility exists. However, you can use the ldapmodify command to change the status attribute of a user entry to active at any time before the purge grace period has expired and a purge is set to run against the entry.
Mark the user as deleted by running the commadmin user delete command.
Remove resources from the user.
A resource can be a mailbox or a calendar.
For mail services, the program is called msuserpurge. Refer to the Sun Java System Messaging Server Administration Reference for information about the msuserpurge utility.
For calendar services, the program is csclean. Refer to the Sun Java System Calendar Server Administration Guide for information about the csclean utility.
Permanently remove the user, by invoking the following command: commadmin domain purge.
For more information about removing users, see commadmin domain purge.
commadmin user delete -D login -n domain -l login name -w password [-d domain] [-h] [-?] [-i inputfile] [-p AM port] [-s] [-S service] [-v] [-V] [-X AM host]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the user with the permission to execute this command. |
-n domain |
The domain of the user specified with the -D option. |
-w password |
The password of the user specified with the -D option. |
-l userid |
The user ID of the user to be deleted. |
The following options are non-mandatory:
Option |
Description |
---|---|
-d domain |
Domain of the user. If -d is not specified, the domain specified by -n is used. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-S service |
Specifies the services to be removed from the user. The user remains active, but only the specified services are deactivated. If -S is not specified, then the user is deleted. service can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: -S mail,cal |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
To mark an existing user as deleted:
commadmin user delete -D chris -n sesta.com -w bolton -l smith |
To delete the mail services only from user smith:
commadmin user delete -D chris -n sesta.com -w bolton -l smith -S mail |
The commadmin user modify command modifies attributes of a single user’s directory entry. To modify multiple user, use the -i option.
commadmin user modify -D login -n domain -l userid -w password [-A [+|-]attributename:value] [-d domain] [-h] [-?] [-i inputfile] [-p AM port] [-s] [-v] [-V] [-X AM host] [-S mail -H mailhost [-E email]] [-S cal [-B DWPHost] [-E email] [-k calid_type] [-J First Day of Week] [-T time zone]]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the user with permission to execute this command. |
-n domain |
Domain of the user specified with the -D option. |
-w password |
The password of user specified with the -D option. |
-l userid |
User’s login ID. |
The following options are non-mandatory:
Option |
Description |
---|---|
-A [+ | -]attributename:value |
An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. You can repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the attributename indicates adding the value to the current list of attributes. A “-” indicates removing the value. If the “-” is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the “-” sign. |
-d domain |
Domain of the user or group. If -d is not specified, the domain specified by -n is used. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-p AM port |
Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
-S service |
Adds the specified services to the user after validating whether the user has the service specified with -S option.If the user already has the service an error message is displayed. services can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: -S mail,cal |
The following options are only allowed if the -S mail option is specified: | |
-E email |
Specifies the email address of the user. |
-H mailhost |
The mail host of the user. This option is mandatory if the -S mail option is specified. |
The following options are only allowed if the -S cal option is specified: | |
-B DWPHost |
Specifies the DNS name of the backend calendar server that hosts this user’s calendars. Note: This attribute can only be added and cannot be modified if it already exists. |
-E email |
Specifies the email address for the calendar user. |
-J First Day of Week |
The first day of the week shown when the calendar is displayed in the calendar server user interface. The valid values are 0-6 (0 is Sunday, 1 is Monday, and so on). |
-k calid_type |
Specifies the type of calendar id that is created (when adding the calendar service). The accepted values are legacy and hosted. If -k legacy is specified, only the calendar id is used (for example, jsmith). If -k hosted is specified, the calendar id plus domain is used (for example, jsmith@sesta.com). If the -k option is not specified, the default is to use the calendar id plus domain (hosted). You can set the value of the calendar id type that is created if the -k option is not specified. To do so, add the following parameter to the resource.properties file: switch-caltype=value where value is “hosted” | “legacy”. The resource.properties file is located in the following directory: da-base/data/WEB-INF/classes/sun/comm/cli/ \ server/servlet/resource.properties |
-T time zone |
A user’s calendar is displayed in this time zone. See Calendar Time Zone Strings for a list of the valid time zone strings. |
The following example adds a mail service for the user smith:
commadmin user modify -D chris -n sesta.com -w bolton -l smith \ -A description:"new description" -S mail -H mailhost.siroe.com |
In this example, a mail forwarding address is added for user smith:
commadmin user modify -D chris -n sesta.com -w bolton -l smith \ -A +mailforwardingaddress:tsmith@siroe.com |
The commadmin user search command obtains all the directory properties associated with a single user. To obtain all the directory properties for multiple users, use the -i option. Only active users are displayed after a search.
commadmin user search -D login -n domain -w password [-d domain] [-E string] [-F string] [-h] [-?] [-i inputfile] [-L string] [-l string] [-p AM port] [-s] [-S service] [-t Search Template] [-v] [-V] [-X AM host]
The following options are mandatory:
Option |
Description |
---|---|
-D login |
The user ID of the user with permission to execute this command. |
-n domain |
The domain of the user specified with the -D option. |
-w password |
The password of the user specified with the -D option. |
The following options are non-mandatory:
Option |
Description |
---|---|
-d domain |
The domain of the user. The user is searched only in the specified domain. If -d is not specified, all domains are considered for the search. |
-E string |
Searches for user’s mail address. The wildcard operator (*) may be used within any part of string. |
-F string |
Searches for user’s first name. The wildcard operator (*) may be used within any part of string. |
-h, -? |
Prints command usage syntax. |
-i inputfile |
Reads the command information from a file instead of the command line. |
-L string |
Searches for user’s last name. The wildcard operator (*) may be used within any part of string. |
-l string |
Searches for user’s login name. The wildcard operator (*) may be used within any part of string. |
-p AM port |
Use this option to specify an alternate TCP port where the Access Manager is listening. If not specified, the default AM port is used, or Port 80 is used if no default was configured at install time. |
-s |
Use SSL (Secure Socket Layer) to connect to the Access Manager. |
-S service |
Specifies the services to match in the user search. services can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: -S mail,cal |
-t Search template |
Specifies the name of the search templates to be used instead of the default search templates. This is an entry in the directory that defines the filter for the search. Only active users are searched for. |
-v |
Enable debugging output. |
-V |
Prints information about the utility and its version. |
-X AM host |
Specifies the host on which the Access Manager is running. If not specified, the default AM host is used, or the localhost if no default was configured at install time. |
The following example searches for users in the varrius.com domain:
commadmin user search -D chris -w bolton -d varrius.com -n sesta.com |