2 Infrastructure Security Custom WLST Commands

This chapter describes the Oracle Fusion Middleware Infrastructure Security WLST commands.

It includes the following topic:

Related Topics

Securing Applications with Oracle Platform Security Services.

"Using Custom WLST Commands" in the Administering Oracle Fusion Middleware.

2.1 Infrastructure Commands

The infrastructure WLST security commands are divided into the following categories:

Table 2-1 WLST Command Categories

Command Category Description

OPSS Security Store Commands

Manage domain and credential domain stores and migrate domain policy store.

Audit Configuration Commands

View and manage audit policies and the audit repository configuration

OPSS Keystore Service Commands

Manage the OPSS keystore service.

Identity Directory Service Commands

Manage Identity Directory Service entity attributes, entity definitions, relationships, and default operational configurations.

Library Oracle Virtual Directory (libOVD) Commands

View and manage Library Oracle Virtual Directory (libOVD) configurations associated with a particular OPSS context.


Note:

In syntax descriptions, optional arguments are enclosed in square brackets; all other arguments are required.

2.1.1 OPSS Security Store Commands

Use the WLST security commands listed in Table 2-2 to operate on a domain policy or credential store, to migrate policies and credentials from a source repository to a target repository, and to import and export (credential) encryption keys.

Table 2-2 WLST Security Commands

Use this command... To... Use with WLST...

addBootStrapCredential

Add a credential to the bootstrap credential store

Offline

addResourceToEntitlement

Add a resource to an entitlement.

Online

createAppRole

Create a new application role.

Online

createCred

Create a new credential.

Online

createEntitlement

Create an entitlement.

Online

createResource

Create a resource.

Online

createResourceType

Create a new resource type.

Online

deleteAppPolicies

Remove all policies in an application.

Online

deleteAppRole

Remove an application role.

Online

deleteCred

Remove a credential.

Online

deleteEntitlement

Remove an entitlement.

Online

deleteResource

Remove a resource.

Online

deleteResourceType

Remove an existing resource type.

Online

exportEncryptionKey

Export the domain encryption key to the file ewallet.p12.

Offline

getEntitlement

List an entitlement.

Online

getResourceType

Fetch an existing resource type.

Online

grantAppRole

Add a principal to a role.

Online

grantEntitlement

Create an entitlement.

Online

grantPermission

Create a new permission.

Online

importEncryptionKey

Import the encryption key in file ewallet.p12 to the domain.

Offline

listAppRoles

List all roles in an application.

Online

listAppRolesMembers

List all members in an application role.

Online

listAppStripes

List application stripes in policy store.

Online

listCodeSourcePermissions

List permissions assigned to a source code in global policies.

Online

listEntitlement

List an entitlement.

Online

listEntitlements

List entitlements in an application stripe.

Online

listPermissions

List all permissions granted to a principal.

Online

listResourceActions

List actions in a resource.

Online

listResourceTypes

List resource types in an application stripe.

Online

listResources

List resources in an application stripe.

Online

listSecurityStoreInfo

List the type and location of the OPSS security store, and the user allowed to access it.

Offline

migrateSecurityStore

Migrate policies or credentials from a source repository to a target repository.

Offline

modifyBootStrapCredential

Update bootstrap credential store

Offline

reassociateSecurityStore

Reassociate policies and credentials to an LDAP repository

Online

restoreEncryptionKey

Restore the domain encryption key as it was before the last importing.

Offline

revokeAppRole

Remove a principal from a role.

Online

revokeEntitlement

Remove an entitlement.

Online

revokePermission

Remove a permission.

Online

revokeResourceFromEntitlement

Remove a resource from an entitlement

Online

rollOverEncryptionKey

Replace the current domain encryption key with a new one.

Offline

updateCred

Modify the attribute values of a credential.

Online

updateTrustServiceConfig

Update the configuration of the trust service.

Online


2.1.1.1 addBootStrapCredential

Offline command that adds a credential to the bootstrap credential store.

Description

Adds a password credential with the given map, key, user name, and user password to the bootstrap credentials configured in the default JPS context of a JPS configuration file. In the event of an error, the command returns a WLSTException.

Syntax

addBootStrapCredential(jpsConfigFile, map, key, username, password)
Argument Definition
jpsConfigFile Specifies the location of the file jps-config.xml relative to the location where the command is run.
map Specifies the map of the credential to add.
key Specifies the key of the credential to add.
username Specifies the name of the user in the credential to add.
password Specifies the password of the user in the credential to add.

Example

The following example adds a credential to the bootstrap credential store:

wls:/mydomain/serverConfig> addBootStrapCredential(jpsConfigFile='./jps-config.xml', map='myMapName', key='myKeyName', username='myUser', password='myPassword')

2.1.1.2 addResourceToEntitlement

Online command that adds a resource with specified actions to an entitlement.

Description

Adds a resource with specified actions to an entitlement in a specified application stripe. The passed resource type must exist in the passed application stripe.

Syntax

addResourceToEntitlement(appStripe="appStripeName", name="entName", resourceName="resName",actions="actionList")
Argument Definition
appStripe Specifies the application stripe where the entitlement is located.
name Specifies the name of the entitlement to modify.
resourceName Specifies the name of the resource to add.
resourceType Specifies the type of the resource to add. The passed resource type must be present in the application stripe at the time this script is invoked.
actions Specifies the comma-separated list of actions for the added resource.

Example

The following example adds the resource myResource to the entitlement myEntitlement in the application stripe myApplication:

wls:/mydomain/serverConfig> addResourceToEntitlement(appStripe="myApplication", 
name="myEntitlement", resourceName="myResource", resourceType="myResType", 
actions="view,edit")

2.1.1.3 createAppRole

Online command that creates a new application role.

Description

Creates a new application role in the domain policy store with a given application and role name. In the event of an error, the command returns a WLSTException.

Syntax

createAppRole(appStripe, appRoleName)
Argument Definition
appSripe Specifies an application stripe.
appRoleName Specifies a role name.

Example

The following example creates a new application role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> createAppRole(appStripe="myApp", appRoleName="myRole")

2.1.1.4 createCred

Online command that creates a new credential in the domain credential store.

Description

Creates a new credential in the domain credential store with a given map name, key name, type, user name and password, URL and port number. In the event of an error, the command returns a WLSTException. This command runs in interactive mode only.

Syntax

createCred(map, key, user, password, [desc])
Argument Definition
map  
Specifies a map name (folder).
key 
Specifies a key name.
user 
Specifies the credential user name.
password 
Specifies the credential password.
desc 
Specifies a string describing the credential.

Example

The following example creates a new password credential with the specified data:

wls:/mydomain/serverConfig> createCred(map="myMap, key="myKey", user="myUsr", 
password="myPassw", desc="updated usr name and passw to connect to app xyz")

2.1.1.5 createEntitlement

Online command that creates a new entitlement.

Description

Creates a new entitlement with just one resource and a list of actions in a specified application stripe. Use addResourceToEntitlement to add additional resources to an existing entitlement; use revokeResourceFromEntitlement to delete resources from an existing entitlement.

Syntax

createEntitlement(appStripe="appStripeName", name="entitlementName", resourceName="resName", actions="actionList" [,-displayName="dispName"] [,-description="descript"])
Argument Definition
appStripe  
Specifies the application stripe where the entitlement is created.
name  
Specifies the name of the entitlement created.
resourceName  
Specifies the name of the one resource member of the entitlement created.
actions  
Specifies a comma-separated the list of actions for the resource resourceName.
displayName  
Specifies the display name of the resource created. Optional.
description  
Specifies the description of the entitlement created. Optional.

Example

The following example creates the entitlement myEntitlement with just the resource myResource in the stripe myApplication:

wls:/mydomain/serverConfig> createEntitlement(appStripe="myApplication", name="myEntitlement", resourceName="myResource", actions="read,write")

2.1.1.6 createResource

Online command that creates a new resource.

Description

Creates a resource of a specified type in a specified application stripe. The passed resource type must exist in the passed application stripe.

Syntax

createResource(appStripe="appStripeName", name="resName", type="resTypeName" [,-displayName="dispName"] [,-description="descript"])
Argument Definition
appStripe  
Specifies the application stripe where the resource is created.
name  
Specifies the name of the resource created.
type  
Specifies the type of resource created. The passed resource type must be present in the application stripe at the time this script is invoked.
displayName  
Specifies the display name of the resource created. Optional.
description  
Specifies the description of the resource created. Optional.

Example

The following example creates the resource myResource in the stripe myApplication:

wls:/mydomain/serverConfig> createResource(appStripe="myApplication", name="myResource", type="myResType", displayName="myNewResource")

2.1.1.7 createResourceType

Online command that creates a new resource type in the domain policy store within a given application stripe.

Description

Creates a new resource type element in the domain policy store within a given application stripe and with specified name, display name, description, and actions. In the event of an error, the command returns a WLSTException.

Syntax

createResourceType(appStripe, resourceTypeName, displayName, description [, provider] [, matcher], actions [, delimeter])
Argument Definition
appStripe  
Specifies the application stripe where to insert the resource type.
resourceTypeName 
Specifies the name of the resource type to insert.
displayName 
Specifies the name for the resource type used in UI gadgets.
description 
Specifies a brief description of the resource type.
provider 
Specifies the provider for the resource type.
matchere 
Specifies the class of the resource type. If unspecified, it defaults to oracle.security.jps.ResourcePermission.
actions 
Specifies the actions allowed on instances of the resource type.
delimeter 
Specifies the character used to delimit the list of actions. If unspecified, it defaults to comma ','.

Example

The following example creates a resource type in the stripe myApplication with actions BWPrint and ColorPrint delimited by a semicolon:

wls:/mydomain/serverConfig> createResourceType(appStripe="myApplication", 
resourceTypeName="resTypeName", displayName="displName", description="A resource
type", provider="Printer", matcher="com.printer.Printer",
actions="BWPrint;ColorPrint" [, delimeter=";"])

2.1.1.8 deleteAppPolicies

Online command that removes all policies with a given application stripe.

Description

Removes all policies with a given application stripe. In the event of an error, the command returns a WLSTException.

Syntax

deleteAppPolicies(appStripe)
Argument Definition
appStripe 
Specifies an application stripe. If not specified, the command works on system policies.

Example

The following example removes all policies of application myApp:

wls:/mydomain/serverConfig> deleteAppPolicies(appStripe="myApp")

2.1.1.9 deleteAppRole

Online command that removes an application role.

Description

Removes an application role in the domain policy store with a given application and role name. In the event of an error, the command returns a WLSTException.

Syntax

createAppRole(appStripe, appRoleName)
Argument Definition
appStripe 
Specifies an application stripe.
appRoleName 
Specifies a role name.

Example

The following example removes the role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> deleteAppRole(appStripe="myApp", appRoleName="myRole")

2.1.1.10 deleteEntitlement

Online command that deletes an entitlement.

Description

Deletes an entitlement in a specified application stripe. It performs a cascading deletion by removing all references to the specified entitlement in the application stripe.

Syntax

deleteEntitlement(appStripe="appStripeName", name="entitlementName")
Argument Definition
appStripe  
Specifies the application stripe where the entitlement is deleted.
name  
Specifies the name of the entitlement to delete.

Example

The following example deletes the entitlement myEntitlement in the stripe myApplication:

wls:/mydomain/serverConfig> deleteEntitlement(appStripe="myApplication", name="myEntitlement")

2.1.1.11 deleteCred

Online command that removes a credential in the domain credential store.

Description

Removes a credential with given map name and key name from the domain credential store. In the event of an error, the command returns a WLSTException.

Syntax

deleteCred(map,key)
Argument Definition
map  
Specifies a map name (folder).
key 
Specifies a key name.

Example

The following example removes the credential with map name myMap and key name myKey:

wls:/mydomain/serverConfig> deleteCred(map="myApp",key="myKey")

2.1.1.12 deleteResource

Online command that deletes a resource.

Description

Deletes a resource and all its references from entitlements in an application stripe. It performs a cascading deletion: if the entitlement refers to one resource only, it removes the entitlement; otherwise, it removes from the entitlement the resource actions for the passed type.

Syntax

deleteResource(appStripe="appStripeName", name="resName", type="resTypeName")
Argument Definition
appStripe  
Specifies the application stripe where the resource is deleted.
name  
Specifies the name of the resource deleted.
type  
Specifies the type of resource deleted. The passed resource type must be present in the application stripe at the time this script is invoked.

Example

The following example deletes the resource myResource in the stripe myApplication:

wls:/mydomain/serverConfig> deleteResource(appStripe="myApplication", name="myResource", type="myResType")

2.1.1.13 deleteResourceType

Online command that removes a resource type from the domain policy store within a given application stripe.

Description

Removes a <resource-type> entry in the domain policy store within a given application stripe and with specified name. In the event of an error, the command returns a WLSTException.

Syntax

deleteResourceType(appStripe, resourceTypeName)
Argument Definition
appStripe  
Specifies the application stripe from where to remove the resource type.
resourceTypeName 
Specifies the name of the resource type to remove.

Example

The following example removes the resource type myResType from the stripe myApplication:

wls:/mydomain/serverConfig> deleteResourceType(appStripe="myApplication", resourceTypeName="myResType")

2.1.1.14 exportEncryptionKey

Offline command that extracts the encryption key from a domain's bootstrap wallet to the file ewallet.p12.

Description

Writes the domain's credential encryption key to the file ewallet.p12. The password passed must be used to import data from that file with the command importEncryptionKey.

exportEncryptionKey(jpsConfigFile, keyFilePath, keyFilePassword)

Syntax

Argument Definition
jpsConfigFile  
Specifies the location of the file jps-config.xml relative to the location where the command is run.
keyFilePath 
Specifies the directory where the file ewallet.p12 is created; note that the content of this file is encrypted and secured by the value passed to keyFilePassword.
keyFilePassword 
Specifies the password to secure the file ewallet.p12; note that this same password must be used when importing that file.

Example

The following example writes the file ewallet.p12 in the directory myDir:

exportEncryptionKey(jpsConfigFile="pathName", keyFilePath="myDir" ,keyFilePassword="password")

2.1.1.15 getEntitlement

Online command that gets an entitlement.

Description

Returns the name, display name, and all the resources (with their actions) of an entitlement in an application stripe.

Syntax

getEntitlement(appStripe="appStripeName", name="entitlementName")
Argument Definition
appStripe  
Specifies the application stripe where the entitlement is located.
name  
Specifies the name of the entitlement to access.

Example

The following example returns the information of the entitlement myEntitlement in the stripe myApplication:

wls:/mydomain/serverConfig> getEntitlement(appStripe="myApplication", name="myEntitlement")

2.1.1.16 getResourceType

Online command that fetches a resource type from the domain policy store within a given application stripe.

Description

Gets the relevant parameters of a <resource-type> entry in the domain policy store within a given application stripe and with specified name. In the event of an error, the command returns a WLSTException.

Syntax

getResourceType(appStripe, resourceTypeName)
Argument Definition
appStripe  
Specifies the application stripe from where to fetch the resource type.
resourceTypeName 
Specifies the name of the resource type to fetch.

Example

The following example fetches the resource type myResType from the stripe myApplication:

wls:/mydomain/serverConfig> getResourceType(appStripe="myApplication", resourceTypeName="myResType")

2.1.1.17 grantAppRole

Online command that adds a principal to a role.

Description

Adds a principal (class or name) to a role with a given application stripe and name. In the event of an error, the command returns a WLSTException.

Syntax

grantAppRole(appStripe, appRoleName,principalClass, principalName)
Argument Definition
appStripe 
Specifies an application stripe.
appRoleName 
Specifies a role name.
principalClass 
Specifies the fully qualified name of a class.
principalName 
Specifies the principal name.

Example

The following example adds a principal to the role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> grantAppRole(appStripe="myApp",  
appRoleName="myRole",principalClass="com.example.xyzPrincipal",
principalName="myPrincipal")

2.1.1.18 grantEntitlement

Online command that grant an entitlement to a named principal.

Description

Grants an entitlement to a specified principal in a specified application stripe.

Syntax

grantEntitlement(appStripe="appStripeName", principalClass="principalClass", principalName="principalName" ,-permSetName="entName")
Argument Definition
appStripe  
Specifies the application stripe where the principal resides.
principalClass  
Specifies the class associated with the principal.
principalName  
Specifies the name of the principal to which the entitlement is granted.
permSetName  
Specifies the name of the entitlement granted.

Example

The following example grants the entitlement myEntitlement in the stripe myApplication to the principal myPrincipalName:

wls:/mydomain/serverConfig> grantEntitlement(appStripe="myApplication", 
principalClass="oracle.security.jps.service.policystore.ApplicationRole", 
principalName="myPrincipalName", permSetName="myEntitlement")

2.1.1.19 grantPermission

Online command that creates a new permission.

Description

Creates a new permission for a given code base or URL. In the event of an error, the command returns a WLSTException.

Syntax

grantPermission([appStripe,] [codeBaseURL,] [principalClass,] [principalName,]permClass, [permTarget,] [permActions])
Argument Definition
appStripe 
Specifies an application stripe. If not specified, the command works on system policies.
codeBaseURL 
Specifies the URL of the code granted the permission.
principalClass 
Specifies the fully qualified name of a class (grantee).
principalName 
Specifies the name of the grantee principal.
permClass 
Specifies the fully qualified name of the permission class.
permTarget 
Specifies, when available, the name of the permission target. Some permissions may not include this attribute.
permActions 
Specifies a comma-separated list of actions granted. Some permissions may not include this attribute and the actions available depend on the permission class.

Example

The following example creates a new application permission (for the application with application stripe myApp) with the specified data:

wls:/mydomain/serverConfig> grantPermission(appStripe="myApp",  
principalClass="my.custom.Principal",  principalName="manager",
permClass="java.security.AllPermission")

The following example creates a new system permission with the specified data:

wls:/mydomain/serverConfig> grantPermission(principalClass="my.custom.Principal", principalName="manager",   
permClass="java.io.FilePermission", permTarget="/tmp/fileName.ext", 
permTarget="/tmp/fileName.ext", permActions="read,write")

2.1.1.20 importEncryptionKey

Offline command that imports keys from the specified ewallet.p12 file into the domain.

Description

Imports encryption keys from the file ewallet.p12 into the domain. The password passed must be the same as that used to create the file with the command exportEncryptionKey.

Syntax

importEncryptionKey(jpsConfigFile, keyFilePath, keyFilePassword)
Argument Definition
jpsConfigFile  
Specifies the location of the file jps-config.xml relative to the location where the command is run.
keyFilePath 
Specifies the directory where the ewallet.p12 is located.
keyFilePassword 
Specifies the password used when the file ewallet.p12 was generated.

Example

importEncryptionKey(jpsConfigFile="pathName", keyFilePath="dirloc" ,keyFilePassword="password")

2.1.1.21 listAppRoles

Online command that lists all roles in an application.

Description

Lists all roles within a given application stripe. In the event of an error, the command returns a WLSTException.

Syntax

listAppRoles(appStripe)
Argument Definition
appStripe 
Specifies an application stripe.

Example

The following example returns all roles with application stripe myApp:

wls:/mydomain/serverConfig> listAppRoles(appStripe="myApp")

2.1.1.22 listAppRolesMembers

Online command that lists all members in a role.

Description

Lists all members in a role with a given application stripe and role name. In the event of an error, the command returns a WLSTException.

Syntax

listAppRoleMembers(appStripe, appRoleName)
Argument Definition
appStripe 
Specifies an application stripe.
appRoleName 
Specifies a role name.

Example

The following example returns all members in the role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> listAppRoleMembers(appStripe="myApp", appRoleName="myRole")

2.1.1.23 listAppStripes

Online or offline command that lists the application stripes in the policy store.

Description

This script can be run in offline or online mode. When run in offline mode, a configuration file must be passed, and it lists the application stripes in the policy store referred to by the configuration in the default context of the passed configuration file; the default configuration must not have a service instance reference to an identity store. When run in online mode, a configuration file must not be passed, and it lists stripes in the policy store of the domain to which you connect. In any mode, if a regular expression is passed, it lists the application stripes with names that match the regular expression; otherwise, it lists all application stripes.

Syntax

listAppStripes([configFile="configFileName"] [, regularExpression="aRegExp"])
Argument Definition
configFile  
Specifies the path to the OPSS configuration file. Optional. If specified, the script runs offline; the default context in the specified configuration file must not have a service instance reference to an identity store. If unspecified, the script runs online and it lists application stripes in the policy store.
regularExpression 
Specifies the regular expression that returned stripe names should match. Optional. If unspecified, it matches all names. To match substrings, use the character *.

Example

The following (online) invocation returns the list of application stripes in the policy store:

wls:/mydomain/serverConfig> listAppStripes

The following (offline) invocation returns the list of application stripes in the policy store referenced in the default context of the specified configuration file:

wls:/mydomain/serverConfig> listAppStripes(configFile=" 
/home/myFile/jps-config.xml")

The following (online) invocation returns the list of application stripes that contain the prefix App:

wls:/mydomain/serverConfig> listAppStripes(regularExpression="App*")

2.1.1.24 listCodeSourcePermissions

Online command that lists permissions assigned to a source code in global policies.

Description

This command allows listing codebase permissions in global policies.

Syntax

listCodeSourcePermissions([codeBase="codeUrl"])
Argument Definition
codeBaseURL
Specifies the name of the grantee codebase URL.

Example

The following example returns the list permissions assigned to a code source in all global policies:

wls:/mydomain/serverConfig> listCodeSourcePermissions(codeBaseURL="file:/tmp/lib/myJars.jar")

2.1.1.25 listEntitlement

Online command that lists an entitlement in a specified application stripe.

Description

If a principal name and a class are specified, it lists the entitlements that match the specified principal; otherwise, it lists all the entitlements.

Syntax

listEntitlement(appStripe="appStripeName" [, principalName="principalName", principalClass="principalClass"])
Argument Definition
appStripe  
Specifies the application stripe where the entitlement is deleted.
principalName  
Specifies the name of the principal to match. Optional.
principalClass  
Specifies the class of the principal to match. Optional.

Example

The following example lists all entitlements in the stripe myApplication:

wls:/mydomain/serverConfig> listEntitlement(appStripe="myApplication")

2.1.1.26 listEntitlements

Online command that lists the entitlements in an application stripe.

Description

Lists all the entitlements in an application stripe. If a resource name and a resource type are specified, it lists the entitlements that have a resource of the specified type matching the specified resource name; otherwise, it lists all the entitlements in the application stripe.

Syntax

listEntitlements(appStripe="appStripeName" [,resourceTypeName="resTypeName", resourceName="resName"])
Argument Definition
appStripe  
Specifies the application stripe from where to list entitlements.
resourceTypeName  
Specifies the name of the type of the resources to list. Optional.
resourceName  
Specifies the name of resource to match. Optional.

Examples

The following example lists all the entitlements in the stripe myApplication:

wls:/mydomain/serverConfig> listEntitlements(appStripe="myApplication")

The following example lists all the entitlements in the stripe myApplication that contain a resource type myResType and a resource whose name match the resource name myResName:

wls:/mydomain/serverConfig> listEntitlements(appStripe="myApplication", resourceTypeName="myResType", resourceName="myResName") 

2.1.1.27 listPermissions

Online command that lists all permissions granted to a given principal.

Description

Lists all permissions granted to a given principal. In the event of an error, the command returns a WLSTException.

Syntax

listPermissions([appStripe,] principalClass, principalName)
Argument Definition
appStripe 
Specifies an application stripe. If not specified, the command works on system policies.
principalClass 
Specifies the fully qualified name of a class (grantee).
principalName 
Specifies the name of the grantee principal.

Example

The following example lists all permissions granted to a principal by the policies of application myApp:

wls:/mydomain/serverConfig> listPermissions(appStripe="myApp", principalClass="my.custom.Principal",principalName="manager")
                

The following example lists all permissions granted to a principal by system policies:

wls:/mydomain/serverConfig> listPermissions(principalClass="my.custom.Principal", principalName="manager")

2.1.1.28 listResourceActions

Online command that lists the resources and actions in an entitlement.

Description

Lists the resources and actions in an entitlement within an application stripe.

Syntax

listResourceActions(appStripe="appStripeName", permSetName="entitlementName")
Argument Definition
appStripe  
Specifies the application stripe where the entitlement resides.
permSetName  
Specifies the name of the entitlement whose resources and actions to list.

Example

The following example lists the resources and actions of the entitlement myEntitlement in the stripe myApplication:

wls:/mydomain/serverConfig> listResourceActions(appStripe="myApplication", permSetName="myEntitlement")

2.1.1.29 listResources

Online command that lists resources in a specified application stripe.

Description

If a resource type is specified, it lists all the resources of the specified resource type; otherwise, it lists all the resources of all types.

Syntax

listResources(appStripe="appStripeName" [,type="resTypeName"])
Argument Definition
appStripe  
Specifies the application stripe where the resources are listed.
type  
Specifies the type of resource listed. The passed resource type must be present in the application stripe at the time this script is invoked.

Example

The following example lists all resources of type myResType in the stripe myApplication:

wls:/mydomain/serverConfig> listResources(appStripe="myApplication", type="myResType")

2.1.1.30 listResourceTypes

Online command that lists resource types.

Description

Lists all the resource types in a specified application stripe.

Syntax

listResourceTypes(appStripe="appStripeName")
Argument Definition
appStripe  
Specifies the application stripe where the resource types are located.

Example

The following example lists all resource types in the stripe myApplication:

wls:/mydomain/serverConfig> listResourceTypes(appStripe="myApplication")

2.1.1.31 listSecurityStoreInfo

Offline command that lists the type, the location, and the administrative user of the domain security store.

Description

The script runs in offline mode and outputs the type of the OPSS security store (file, OID, or DB), its location, and the user allowed to access it (typically a security administrator).

Syntax

listSecurityStoreInfo(domainConfig="configFilePath")
Argument Definition
domainConfig  
Specifies the full absolute path to the OPSS configuration file jps-config.xml; the file jps-config-jse.xml is also expected to be in the passed directory.

Example

The following example returns the type, location, and administrative user of the OPSS policy store:

wls:/mydomain/serverConfig> listSecurityStoreInfo(domainConfig="/home/myConfigPathDirectory/config/fmwconfig")

The following lines illustrate a sample output generated by this command:

For jps-config.xml
Store Type: DB_ORACLE
Location/Endpoint: jdbc:oracle:thin:@adc2120515.us.myComp.com:1555/OWSM.US.COM
User: DEV_OPSS
Datasource: jdbc/OpssDataSource
For jps-config-jse.xml
Store Type: DB_ORACLE
Location/Endpoint: jdbc:oracle:thin:@adc2120515.us.myComp.com:1521/OWSM.US.COM
User: DEV_OPSS

2.1.1.32 migrateSecurityStore

Offline command that migrates identities, application-specific, system policies, a specific credential folder, or all credentials.

Description

Migrates security artifacts from a source repository to a target repository. For full details, see Migrating with the Script migrateSecurityStore.

2.1.1.33 modifyBootStrapCredential

Offline command that updates a bootstrap credential store.

Description

Updates a bootstrap credential store with given user name and password. In the event of an error, the command returns a WLSTException.

Typically used in the following scenario: suppose that the domain policy and credential stores are LDAP-based, and the credentials to access the LDAP store (stored in the LDAP server) are changed. Then this command can be used to seed those changes into the bootstrap credential store.

Syntax

modifyBootStrapCredential(jpsConfigFile, username, password)
Argument Definition
jpsConfigFile  
Specifies the location of the file jps-config.xml relative to the location where the command is run.
username
Specifies the distinguished name of the user in the LDAP store.
password
Specifies the password of the user.

Example

Suppose that in the LDAP store the password of the user with distinguished name cn=orcladmin has been changed to welcome1, and that the configuration file jps-config.xml is located in the current directory.Then the following example changes the password in the bootstrap credential store to welcome1:

wls:/mydomain/serverConfig> modifyBootStrapCredential(jpsConfigFile='./jps-config.xml', username='cn=orcladmin', password='welcome1')

Any output regarding the audit service can be disregarded.

2.1.1.34 reassociateSecurityStore

Online command that migrates the policy and credential stores to an LDAP repository.

Description

The script reassociateSecurityStore migrates the OPSS security store from a source to a target LDAP- or DB-based store, and it resets services in the files jps-config.xml and jps-config-jse.xml to the target repository. It also allows specifying that the OPSS security store be shared with that in a different domain (see optional argument join below). The OPSS binaries and the target policy store must have compatible versions.

For complete details and samples see Securing Applications with Oracle Platform Security Services.

2.1.1.35 restoreEncryptionKey

Offline command to restore the domain credential encryption key.

Description

Restores the state of the domain bootstrap keys as it was before running importEncryptionKey.

Syntax

restoreEncryptionKey(jpsConfigFile)
Argument Definition
jpsConfigFile  
Specifies the location of the file jps-config.xml relative to the location where the command is run.

Example

restoreEncryptionKey(jpsConfigFile="pathName")

2.1.1.36 revokeAppRole

Online command that removes a principal from a role.

Description

Removes a principal (class or name) from a role with a given application stripe and name. In the event of an error, the command returns a WLSTException.

Syntax

revokeAppRole(appStripe, appRoleName, principalClass, principalName)
Argument Definition
appStripe 
Specifies an application stripe.
appRoleName 
Specifies a role name.
principalClass 
Specifies the fully qualified name of a class.
principalName 
Specifies the principal name.

Example

The following example removes a principal to the role with application stripe myApp and role name myRole:

wls:/mydomain/serverConfig> revokeAppRole(appStripe="myApp", 
appRoleName="myRole",principalClass="com.example.xyzPrincipal", 
principalName="myPrincipal")

2.1.1.37 revokeEntitlement

Online command that deletes an entitlement.

Description

Deletes an entitlement and revokes the entitlement from the principal in a specified application stripe.

Syntax

revokeEntitlement(appStripe="appStripeName", principalClass="principalClass", principalName="principalName" ,-permSetName="entName")
Argument Definition
appStripe  
Specifies the application stripe where the entitlement is deleted.
principalClass  
Specifies the class associated with the principal.
principalName  
Specifies the name of the principal to which the entitlement is revoked.
permSetName  
Specifies the name of the entitlement deleted.

Example

The following example deleted the entitlement myEntitlement in the stripe myApplication:

wls:/mydomain/serverConfig> revokeEntitlement(appStripe="myApplication", 
principalClass="oracle.security.jps.service.policystore.ApplicationRole", 
principalName="myPrincipalName", permSetName="myEntitlement")

2.1.1.38 revokePermission

Online command that removes a permission.

Description

Removes a permission for a given code base or URL. In the event of an error, the command returns a WLSTException.

Syntax

revokePermission([appStripe,] [codeBaseURL,] [principalClass,] [principalName,]permClass, [permTarget,] [permActions])
Argument Definition
appStripe 
Specifies an application stripe. If not specified, the command works on system policies.
codeBaseURL 
Specifies the URL of the code granted the permission.
principalClass 
Specifies the fully qualified name of a class (grantee).
principalName 
Specifies the name of the grantee principal.
permClass 
Specifies the fully qualified name of the permission class.
permTarget 
Specifies, when available, the name of the permission target. Some permissions may not include this attribute.
permActions 
Specifies a comma-separated list of actions granted. Some permissions may not include this attribute and the actions available depend on the permission class.

Example

The following example removes the application permission (for the application with application stripe myApp) with the specified data:

wls:/mydomain/serverConfig> revokePermission(appStripe="myApp",  
principalClass="my.custom.Principal", principalName="manager", 
permClass="java.security.AllPermission")

The following example removes the system permission with the specified data:

wls:/mydomain/serverConfig> revokePermission(principalClass="my.custom.Principal", principalName="manager",  
permClass="java.io.FilePermission", permTarget="/tmp/fileName.ext", 
permActions="read,write")

2.1.1.39 revokeResourceFromEntitlement

Online command that removes a resource from an entitlement.

Description

Removes a resource from an entitlement in a specified application stripe.

Syntax

revokeResourceFromEntitlement(appStripe="appStripeName", name="entName", resourceName="resName", resourceType="resTypeName", actions="actionList")
Argument Definition
appStripe  
Specifies the application stripe where the entitlement is located.
name  
Specifies the name of the entitlement to modify.
resourceName  
Specifies the name of the resource to remove.
resourceType  
Specifies the type of the resource to remove.
actions  
Specifies the comma-separated list of actions to remove.

Example

The following example removes the resource myResource from the entitlement myEntitlement in the stripe myApplication:

wls:/mydomain/serverConfig> revokeResourceFromEntitlement(appStripe="myApplication", name="myEntitlement", 
resourceName="myResource", resourceType="myResType", actions="view,edit")

2.1.1.40 rollOverEncryptionKey

Offline command that changes the domain encryption key.

Description

This offline script replaces the current domain OPSS encryption key with a new one; the current key is not deleted but archived, since it is used to decrypt data that was encrypted using that key.

Note the following important points:

  • This command should be executed from the administration server in the domain. No server restart is needed after its execution.

  • If the domain is the only domain accessing the security store, nothing else is required.

  • However, if two or more domains share the security store, the newly generated key should be exported from the domain where the script was run and imported into each of the other domains sharing the security store, using the scripts exportEncryptionKey and importEncryptionKey.

Syntax

rollOVerEncryptionKey(jpsConfigFile="pathName")
Argument Definition
jpsConfigFile Specifies the location of the file jps-config.xml; either relative to the location where the script is run, or the full path.

Example

The following example lists all resource types in the stripe myApplication:

wls:/mydomain/serverConfig> rollOverEncryptionKey(jpsConfigFile="myConfig")

2.1.1.41 updateCred

Online command that modifies the type, user name, and password of a credential.

Description

Modifies the type, user name, password, URL, and port number of a credential in the domain credential store with given map name and key name. This command can update the data encapsulated in credentials of type password only. In the event of an error, the command returns a WLSTException. This command runs in interactive mode only.

Syntax

updateCred(map, key, user, password, [desc])
Argument Definition
map 
Specifies a map name (folder).
key 
Specifies a key name.
user 
Specifies the credential user name.
password 
Specifies the credential password.
desc 
Specifies a string describing the credential.

Example

The following example updates a password credential with the specified data:

wls:/mydomain/serverConfig> updateCred(map="myMap", key="myKey", user="myUsr", 
password="myPassw", desc="updated passw cred to connect to app xyz")

2.1.1.42 updateTrustServiceConfig

Online command that updates the configuration of the domain trust service service with the values passed in a property file.

Description

Updates the trust service domain configuration. In the event of an error, the command returns a WLSTException.

Syntax

updateTrustServiceConfig([providerName="<the provider name>",] 
                          propsFile="<path of properties file>")
Argument Definition
providerName 
Specifies the name of the trust service provider; optional; if unspecified, it defaults to trust.provider.embedded.
propsFile
Specifies the path to the file where the property values are set.

Here is a sample property file:

trust.keystoreType=KSS
trust.keyStoreName=kss://<stripeName>/<keystoreName>
trust.trustStoreName=kss://<stripeName>/<truststoreName>
trust.aliasName=<aliasName>
trust.issuerName=<aliasName>

Note that the list of specified properties differs according to the value of the property trust.keystoreType. The type can be KSS or JKS; if a property is set to the empty string, then that property is removed from the trust service configuration. For the list of available properties, see section Trust Service Properties.

Example

The following example updates the trust store service with the specifications in the file myProps:

wls:/mydomain/serverConfig> updateTrustServiceConfig(providerName="myProvider", propsFile="myProps")

2.1.2 Audit Configuration Commands

Use the WLST commands listed in Table 2-3 to view and manage audit policies and the audit repository configuration.

Table 2-3 WLST Audit Commands

Use this command To Use with WLST

createIAUView

Generate an SQL script to create an IAU view in the database.

Online

createAuditDBView

Generate an SQL script to create an audit definitions view in the database.

Online

deregisterAudit

Remove audit definitions of a specified component from the audit store.

Online

exportAuditConfig

Export a component's audit configuration.

Online

getIAUViewInfo

Get information about a view.

Online

getNonJavaEEAuditMBeanName

Display the mBean name for a non-Java EE component.

Online

getAuditPolicy

Display audit policy settings.

Online

getAuditRepository

Display audit repository settings.

Online

importAuditConfig

Import a component's audit configuration.

Online

listAuditComponents

List components that can be audited.

Online

listAuditEvents

List audit events for one or all components.

Online

setAuditPolicy

Update audit policy settings.

Online

setAuditRepository

Update audit repository settings.

Online

registerAudit

Register audit definitions for a specified component in the audit store.

Online


For more information, see the Securing Applications with Oracle Platform Security Services.

2.1.2.1 getNonJavaEEAuditMBeanName

Online command that displays the mbean name for non-Java EE components.

Description

This command displays the mbean name for non-Java EE components given the instance name, component name, component type, and the name of the Oracle WebLogic Server on which the component's audit mbean is running. The mbean name is a required parameter to other audit WLST commands when managing a non-Java EE component.

Syntax

getNonJavaEEAuditMBeanName(instName, compName, compType, svrName)
Argument Definition
instName Specifies the name of the application server instance.
compName Specifies the name of the component instance.
compType Specifies the type of component. Valid values are ohs, oid, ovd, and WebCache.
svrName Specifies the name of the Oracle WebLogic Server.

Example

The following example displays the mBean name for an Oracle Internet Directory:

wls:/mydomain/serverConfig> getNonJavaEEAuditMBeanName(instName='inst1', compName='oid1', compType='oid', svrName='AdminServer')

2.1.2.2 getAuditPolicy

Online command that displays the audit policy settings.

Description

This command displays audit policy settings including the filter preset, special users, custom events, maximum log file size, and maximum log directory size. The component mbean name is required for non-Java EE components like Oracle HTTP Server.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.

Syntax

getAuditPolicy([mbeanName, componentType])
Argument Definition
mbeanName Specifies the name of the component audit MBean for non-Java EE components.
componentType Requests the audit policy for a specific component registered in the audit store. If not specified, the audit policy in jps-config.xml is returned.

Example

The following example displays the audit settings for a Java EE component:

wls:/mydomain/serverConfig> getAuditPolicy(componentType='JPS');
Location changed to domainRuntime tree. This is a read-only tree with DomainMBean as the root.
For more help, use help(domainRuntime)
 
FilterPreset:All
Max Log File Size:104857600

The following example displays the audit settings for MBean CSAuditProxyMBean:

wls:/mydomain/serverConfig> getAuditPolicy(on='oracle.security.audit.test:type=CSAuditMBean,
name=CSAuditProxyMBean')

2.1.2.3 setAuditPolicy

Online command that updates an audit policy.

Description

Online command that configures the audit policy settings. You can set the filter preset, add or remove users, and add or remove custom events. The component mbean name is required for non-Java EE components like Oracle HTTP Server.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.

Syntax

setAuditPolicy([mbeanName],[filterPreset],[addSpecialUsers],
[removeSpecialUsers],[addCustomEvents],[removeCustomEvents], [componentType], [maxFileSize], [andCriteria], [orCriteria], [componentEventsFile])
Argument Definition
mbeanName Specifies the name of the component audit MBean for non-Java EE components.
filterPreset Specifies the filter preset to be changed.
addSpecialUsers Specifies the special users to be added.
removeSpecialUsers Specifies the special users to be removed.
addCustomEvents Specifies the custom events to be added.
removeCustomEvents Specifies the custom events to be removed.
componentType Specifies the component definition type to be updated. The audit runtime policy for the component is registered in the audit store. If not specified, the audit configuration defined in jps-config.xml is modified.
maxFileSize Specifies the maximum size of the log file.
andCriteria Specifies the and criteria in a custom filter preset definition.
orCriteria Specifies the or criteria in a custom filter preset definition.
componentEventsFile Specifies a component definition file under the 11g Release 1 (11.1.1.6) metadata model. This parameter is required if you wish to create/update an audit policy in the audit store for an 11g Release 1 (11.1.1.6) metadata model component, and the filter preset level is set to ”Custom”.

Examples

The following example sets audit policy to None level, and adds users user2 and user3 while removing user1 from the policy:

wls:/mydomain/serverConfig> setAuditPolicy (filterPreset=
'None',addSpecialUsers='user2,user3',removeSpecialUsers='user1',componentType='JPS')

wls:/mydomain/serverConfig> getAuditPolicy(componentType='JPS');
Already in Domain Runtime Tree

FilterPreset:None
Special Users:user2,user3
Max Log File Size:104857600

The following example adds login events while removing logout events from the policy:

wls:/mydomain/serverConfig> setAuditPolicy(filterPreset=
'Custom',addCustomEvents='UserLogin',removeCustomEvents='UserLogout')
 

The following example sets audit policy to a Low level:

wls:/IDMDomain/domainRuntime> setAuditPolicy(filterPreset='Low',componentType='JPS);
Already in Domain Runtime Tree
Audit Policy Information updated successfully

wls:/IDMDomain/domainRuntime> getAuditPolicy(componentType='JPS')
Already in Domain Runtime Tree
FilterPreset:Low
Max Log File Size:104857600

The following example sets a custom filter to audit the CheckAuthorization event:

wls:/IDMDomain/domainRuntime>setAuditPolicy(filterPreset='Custom',
componentType='JPS',addCustomEvents='Authorization:CheckPermission,
CheckSubject;CredentialManagement:CreateCredential,DeleteCredential');
Already in Domain Runtime Tree
 
Audit Policy Information updated successfully
wls:/IDMDomain/domainRuntime> getAuditPolicy(componentType='JPS');
Already in Domain Runtime Tree
 
FilterPreset:Custom
Special Users:user1
Max Log File Size:104857600
Custom Events:JPS:CheckAuthorization

2.1.2.4 getAuditRepository

Online command that displays audit repository settings.

Description

This command displays audit repository settings for Java EE components and applications (for other components like Oracle Internet Directory, the repository configuration resides in opmn.xml). Also displays database configuration if the repository is a database type.

Syntax

getAuditRepository 

Example

The following example displays audit repository configuration:

wls:/IDMDomain/domainRuntime> getAuditRepository()
Already in Domain Runtime Tree
 
Repository Type:File

2.1.2.5 setAuditRepository

Online command that updates audit repository settings.

Description

This command sets the audit repository settings for Java EE and SE components and applications (for other components like Oracle Internet Directory, the repository is configured by editing opmn.xml).

Syntax

setAuditRepository([switchToDB],[dataSourceName],[interval],
                   [timezone], [repositoryType], [logDirectory],
                   [jdbcString], [dbUser], [dbPassword])
Argument Definition
switchToDB If true, switches the repository from file to database. Valid value: true.
dataSourceName Specifies the JNDI name of the data source. This data source must be configured in the specified Oracle Weblogic Server domain.
interval Specifies the time, in seconds, that the audit loader sleeps.
timezone Specifies the time zone in which the audit loader records the timestamps of the audit events. Valid values are utc and local.
repostoryType Specifies the database type to which the data has to be uploaded. The supported databases are Oracle, MS SQL Server and IBM DB2.
logDirectory Specifies the audit log directory for SE applications to store bus stop files.
jdbcString Specifies the audit repository jdbc connection string for SE applications.
dbUser Specifies the audit repository IAU schema user.
interval Specifies the audit repository IAU schema password.

Example

The following example changes audit repository to a specific database and sets the audit loader interval to 14 seconds, and the time zone to utc:

wls:/mydomain/serverConfig> setAuditRepository(switchToDB="true",
        dataSourceName="jdbc/AuditDB",interval="14",timezone="utc",
        repositoryType="DB_ORACLE", logDirectory="/foo",
        jdbcString="jdbc:oracle:thin:@db.example.com:5001:sid", 
        dbUser="scott_iau", dbPassword="tiger")

2.1.2.6 listAuditEvents

Online command that displays a component's audit events.

Description

This command displays a component's audit events and attributes. For non-Java EE components, pass the component mbean name as a parameter. Java EE applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter. Without a component type, all generic attributes applicable to all components are displayed.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.

Syntax

listAuditEvents([mbeanName],[componentType])
Argument Definition
mbeanName Specifies the name of the component MBean.
componentType Specifies the component type to limit the list to all events of the component type.

Examples

The following example displays audit events for the Oracle Platform Security Services component:

wls:/IDMDomain/domainRuntime> listAuditEvents(componentType='JPS');
Already in Domain Runtime Tree
 
Common Attributes
ComponentType
Type of the component. For MAS integrated SystemComponents this is the componentType
InstanceId
Name of the MAS Instance, that this component belongs to
HostId
DNS hostname of originating host
HostNwaddr
IP or other network address of originating host
ModuleId
ID of the module that originated the message. Interpretation is unique within Component ID.
ProcessId
ID of the process that originated the message

The following example displays audit events for Oracle HTTP Server:

wls:/mydomain/serverConfig> listAuditEvents(componentType='ohs')

The following example displays all audit events:

wls:/IDMDomain/domainRuntime> listAuditEvents();

Already in Domain Runtime Tree
Components:
DIP
JPS
OIF
OWSM-AGENT
OWSM-PM-EJB
ReportsServer
WS-PolicyAttachment
WebCache
WebServices
Attributes applicable to all components:
ComponentType
InstanceId
HostId
HostNwaddr
ModuleId
ProcessId
OracleHome
HomeInstance
ECID
RID
...

2.1.2.7 exportAuditConfig

Online command that exports a component's audit configuration.

Description

This command exports the audit configuration to a file. For non-Java EE components, pass the component mbean name as a parameter. Java EE applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.

Syntax

exportAuditConfig([mbeanName],fileName, [componentType])
Argument Definition
mbeanName Specifies the name of the non-Java EE component MBean.
fileName Specifies the path and file name to which the audit configuration should be exported.
componentType Specifies that only events of the given component be exported to the file. If not specified, the audit configuration in jps-config.xml is exported.

Example

The following example exports the audit configuration for a component:

wls:/mydomain/serverConfig> exportAuditConfig(on='oracle.security.audit.test:type=CSAuditMBean,
name=CSAuditProxyMBean',fileName='/tmp/auditconfig')

The following example exports the audit configuration for a Java EE component; no mBean is specified:

wls:/mydomain/serverConfig> exportAuditConfig(fileName='/tmp/auditconfig')

2.1.2.8 importAuditConfig

Online command that imports a component's audit configuration.

Description

This command imports the audit configuration from an external file. For non-Java EE components, pass the component mbean name as a parameter. Java EE applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter.

Note:

You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.

Syntax

importAuditConfig([mbeanName],fileName, [componentType])
Argument Definition
mbeanName Specifies the name of the non-Java EE component MBean.
fileName Specifies the path and file name from which the audit configuration should be imported.
componentType Specifies that only events of the given component be imported from the file. If not specified, the audit configuration in jps-config.xml is imported.

Examples

The following example imports the audit configuration for a component:

wls:/mydomain/serverConfig> importAuditConfig(on='oracle.security.audit.test:type=CSAuditMBean,
name='CSAuditProxyMBean',fileName='/tmp/auditconfig')

The following example imports the audit configuration from a file; no mBean is specified:

wls:/mydomain/serverConfig> importAuditConfig(fileName='/tmp/auditconfig')

2.1.2.9 createAuditDBView

Creates a SQL script that generates a view for audit in the database.

Description

This command generates a SQL script that you can use to create a database view of the audit definitions of a specified component. The script is written to the specified file and also printed out to the console.

Upon execution, the result of the SQL script depends on the audit model at your site:

  • If using the 11.1.1.6.0 model, and the component is registered in the audit store, the script creates a view using the system component tables (IAU_COMMON, IAU_USERSESSION, IAU_AUDITSERVICE and IAU_CUSTOM) for the specified component.

  • If using the pre-11.1.1.6.0 model, the component is not registered in the audit store but its event definitions reside in the component_events.xml file (in the oracle_common/modules/oracle.iau_11.1.1/components/componentType directory), and the view is created using the IAU_BASE and component tables.

Syntax

createAuditDBView(fileName, componentType, [dbType], [viewType])
Argument Definition
fileName The path and file name to which the SQL script is written.
componentType The name of the registered component.
dbType The database type. One of the following: DB_ORACLE, MS_SQL_SERVER, IBM_DB2.
viewType The view type. One of the following: SIMPLE, INDEXABLE.

Example

wls:/mydomain/serverConfig> 
createAuditDBView(fileName="/tmp/JPSAuditView.sql", componentType="JPS", 
                  dbType="DB_ORACLE", viewType=INDEXABLE)

2.1.2.10 createIAUView

Generates an SQL script to create an IAU view in the database.

Description

The generated script creates, by default, a SIMPLE view when the component is registered with the audit service; it switches the view from SIMPLE to INDEXABLE, or creates a view in the database. INDEXABLE views are supported for an Oracle database only. SIMPLE views can be created for all supported databases in the IAU_VIEWER schema.

Syntax

createIAUView(componentType, [viewType])
Argument Definition
componentType The component whose definitions are the basis of the view.
viewType The type of view; valid values are SIMPLE or INDEXABLE. Default is SIMPLE.

Examples

wls:/mydomain/serverConfig>createIAUView(componentType="AuditApp, viewType="INDEXABLE")
                                         
wls:/mydomain/serverConfig>createIAUView(componentType="AuditApp, viewType="SIMPLE")

wls:/mydomain/serverConfig>createIAUView(componentType="AuditApp") 

2.1.2.11 getIAUViewInfo

Returns information about the view of a component.

Description

Retrieves information about the view of a specified component.

Syntax

getIAUViewInfo(componentType)
Argument Definition
componentType The component whose definitions are the basis of the view.

Example

wls:/mydomain/serverConfig> getIAUViewInfo(componentType="JPS")

2.1.2.12 listAuditComponents

Lists components that can be audited.

Description

This command creates a list of the components that can be audited. It lists components registered in the audit store using both the 11.1.1.6.0 model and the pre-11.1.1.6.0 model.

Syntax

listAuditComponents(fileName)
Argument Definition
fileName Specifies the path and file name to which the output is written.

Example

listAuditComponents(fileName = "/tmp/complist.txt")

2.1.2.13 registerAudit

Registers a component with the audit service.

Description

Adds the event definition and translation content for a specified component to the audit store. If you try to register using the pre-11.1.1.6.0 audit XML schema definition, it is upgraded to the 11.1.1.6.0 XML schema definition and then registered with the audit store.

Syntax

registerAudit(xmlFile, [xlfFile],componentType,[mode=OVERWRITE|UPGRADE],
              [createView=SIMPLE|INDEXABLE|DISABLE]) 
Argument Definition
xmlFile Specifies the Component Event definition file.
xlfFile Specifies the component xlf jar file. Optional.
componentType Specifies the component to be registered.
mode Optional. OVERWRITE or UPGRADE. Default is UPGRADE.
createView Optional. SIMPLE, INDEXABLE or DISABLE. Default is SIMPLE.

Example

wls:/mydomain/serverConfig>registerAudit(xmlFile="/tmp/comp.xml", 
xmlFile="/tmp/comp_xlf.jar", componentType="AuditApp", mode="UPGRADE", createView=INDEXABLE)

2.1.2.14 deregisterAudit

Removes the event definition and translation content from the audit store. for a component.

Description

Removes an existing event definition and translation content for a specified component or application from the audit store.

Syntax

deregisterAudit(componentType)
Argument Definition
componentType Specifies the component whose definitions are to be removed.

Example

wls:/mydomain/serverConfig> deregisterAudit(componentType="AuditApp")

2.1.3 OPSS Keystore Service Commands

This section contains commands used with the OPSS keystore service.

Note:

You need to acquire an OPSS handle to use keystore service commands; this handle is denoted by 'svc' in the discussion that follows. For details, see "Managing Keys and Certificates" in Securing Applications with Oracle Platform Security Services.

Table 2-4 lists the WLST commands used to manage the keystore service.

Table 2-4 OPSS Keystore Service Commands

Use this Command... to... Use with WLST...

changeKeyPassword

Change the password for a key.

Online

changeKeyStorePassword

Change the password on a keystore.

Online

createKeyStore

Create a keystore.

Online

deleteKeyStore

Delete a keystore.

Online

deleteKeyStoreEntry

Delete an entry in a keystore.

Online

exportKeyStore

Export a keystore to file.

Online

exportKeyStoreCertificate

Export a certificate to a file.

Online

exportKeyStoreCertificateRequest

Export a certificate request to a file.

Online

generateKeyPair

Generate a keypair.

Online

generateSecretKey

Generate a secret key.

Online

getKeyStoreCertificates

Get information about a certificate or trusted certificate.

Online

getKeyStoreSecretKeyProperties

Get the secret key properties.

Online

importKeyStore

Import a keystore from file.

Online

importKeyStoreCertificate

Import a certificate or other object.

Online

listExpiringCertificates

List certificates expiring in a specified period.

Online

listKeyStoreAliases

List aliases in a keystore.

Online

listKeyStores

List all the keystores in a stripe.

Online

syncKeyStores

Synchronizes the keystores in the administration server with keystores in the security store.

Online


2.1.3.1 changeKeyPassword

Changes a key password.

Description

Changes the password for a key.

Syntax

svc.changeKeyPassword(appStripe='stripe', name='keystore', password='password', 
alias='alias', currentkeypassword='currentkeypassword', 
newkeypassword='newkeypassword')
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe containing the keystore
name
Specifies the name of the keystore
password
Specifies the keystore password
alias
Specifies the alias of the key entry whose password is changed
currentkeypassword
Specifies the current key password
newkeypassword
Specifies the new key password

Example

The following example changes the password on the key entry orakey:

wls:/mydomain/serverConfig> svc.changeKeyPassword(appStripe='system', 
name='keystore', password='password', 
alias='orakey', currentkeypassword='currentkeypassword', 
newkeypassword='newkeypassword')

2.1.3.2 changeKeyStorePassword

Changes the password of a keystore.

Description

Changes the password of the specified keystore.

Syntax

svc.changeKeyStorePassword(appStripe='stripe', name='keystore', currentpassword='currentpassword', newpassword='newpassword')
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe containing the keystore
name
Specifies the name of the keystore
currentpassword
Specifies the current keystore password
newpassword
Specifies the new keystore password

Example

The following example changes the password for keystore2.

wls:/mydomain/serverConfig> svc.changeKeyStorePassword(appStripe='system', name='keystore2', 
currentpassword='currentpassword', newpassword='newpassword')

2.1.3.3 createKeyStore

This keystore service command creates a new keystore.

Description

Creates a new keystore on the given application stripe.

Syntax

svc.createKeyStore(appStripe='stripe', name='keystore', password='password',permission=true|false)
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe where the keystore is created.
name
Specifies the name of the new keystore.
password
Specifies the keystore password.
permission
This parameter is true if the keystore is protected by permission only, false if protected by both permission and password.

Example

The following example creates a keystore named keystore1.

wls:/mydomain/serverConfig> svc.createKeyStore(appStripe='system', 
name='keystore1', password='password', permission=true)

2.1.3.4 deleteKeyStore

Deletes the named keystore.

Description

This keystore service command deletes a specified keystore.

Syntax

svc.deleteKeyStore(appStripe='stripe', name='keystore', password='password')
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe where the keystore resides.
name
Specifies the name of the keystore to be deleted.
password
Specifies the keystore password.

Example

The following example deletes the keystore named keystore1.

wls:/mydomain/serverConfig> svc.deleteKeyStore(appStripe='system', name='keystore1', password='password')

2.1.3.5 deleteKeyStoreEntry

Deletes a keystore entry.

Description

This command deletes the specified entry in a keystore.

Syntax

svc.deleteKeyStoreEntry(appStripe='stripe', name='keystore', 
password='password', alias='alias', keypassword='keypassword')
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe where the keystore resides.
name
Specifies the name of the keystore.
password
Specifies the keystore password.
alias
Specifies the alias of the entry to be deleted
keypassword
Specifies the key password of the entry to be deleted

Example

The following example deletes a keystore entry denoted by alias orakey.

wls:/mydomain/serverConfig> svc.deleteKeyStoreEntry(appStripe='system', name='keystore2', password='password', alias='orakey', keypassword='keypassword')

2.1.3.6 exportKeyStore

Exports a keystore to a file.

Description

Exports a keystore to a specified file.

Syntax

svc.exportKeyStore(appStripe='stripe', name='keystore', password='password', aliases='comma-separated-aliases', keypasswords='comma-separated-keypasswords', 
type='keystore-type', filepath='absolute_file_path')
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe where the keystore resides.
name
Specifies the name of the keystore.
password
Specifies the keystore password. The value also applies to the output file, based on the current usage of the command:
  • For password-protected keystores of all types, this will be the password of the output file;

  • For permission-protected keystores of type JKS or JCEKS, this will be the password of the output file;

  • For permission-protected keystores of type OracleWallet, if the password value is non-empty, this will be the password of the output file; an empty value will create an auto-login wallet.

If the keystore is password-based, the value of this argument must be the same as the password specified when the password-based keystore was created. Otherwise, if the keystore is not password-based, any value is valid.

aliases
Specifies a comma separated list of aliases to be exported.
keypasswords
Specifies the password(s) of the key(s) being exported. The usage depends on the keystore type:
  • If type is JKS or JCEKS, and the keystore is permission-protected, this is a comma separated list of the key passwords corresponding to aliases in the output file.

  • If type is JKS or JCEKS, and the keystore is password-protected, this is a comma separated list of the key passwords corresponding to aliases in both the source keystore and the output file.

  • If type is OracleWallet, this parameter is ignored.

type
Exported keystore type. Valid values are 'JKS' or 'JCEKS' or 'OracleWallet'.
filepath
For type JKS or JCEKS, the absolute path of the file where the keystore is exported, including filename. For type OracleWallet, the absolute path of the directory where the keystore is exported.

Examples

The following example exports two aliases from the specified keystore.

wls:/mydomain/serverConfig> svc.exportKeyStore(appStripe='system', name='keystore2', 
password='password',aliases='orakey,seckey', 
keypasswords='keypassword1,keypassword2', 
type='JKS',filepath='/tmp/file.jks')

The following example exports a keystore to create an Oracle Wallet file:

wls:/mydomain/serverConfig> svc.exportKeyStore(appStripe='system', name='keystore2', 
password='mypassword',aliases='orakey,seckey', 
keypasswords='', type='OracleWallet',filepath='/tmp')

2.1.3.7 exportKeyStoreCertificate

Exports a certificate.

Description

Exports a certificate, trusted certificate or certificate chain.

Syntax

svc.exportKeyStoreCertificate(appStripe='stripe', name='keystore', 
password='password', alias='alias', keypassword='keypassword', 
type='entrytype',filepath='absolute_file_path')
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe where the keystore resides.
name
Specifies the name of the keystore.
password
Specifies the keystore password.
alias
Specifies the alias of the entry to be exported
keypassword
Specifies the key password.
type
Specifies the type of keystore entry to be exported. Valid values are 'Certificate', 'TrustedCertificate' or 'CertificateChain'.
filepath
Specifies the absolute path of the file where certificate, trusted certificate or certificate chain is exported.

Example

The following example exports a certificate corresponding to the orakey alias:

wls:/mydomain/serverConfig> svc.exportKeyStoreCertificate(appStripe='system', name='keystore2', 
password='password', alias='orakey', keypassword='keypassword', 
type='Certificate', filepath='/tmp/cert.txt')

2.1.3.8 exportKeyStoreCertificateRequest

Exports a certificate request.

Description

Generates and exports a certificate request from a keystore.

Syntax

svc.exportKeyStoreCertificateRequest(appStripe='stripe', name='keystore', 
password='password', alias='alias', keypassword='keypassword', 
filepath='absolute_file_path')
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe where the keystore resides.
name
Specifies the name of the keystore.
password
Specifies the keystore password.
alias
Specifies the entry's alias name.
keypassword
Specifies the key password.
filepath
Specifies the absolute path of the file where certificate request is exported.

Example

The following example exports a certificate request corresponding to the orakey alias.

wls:/mydomain/serverConfig> svc.exportKeyStoreCertificateRequest(appStripe='system', name='keystore2', 
password='password', alias='orakey', keypassword='keypassword', 
filepath='/tmp/certreq.txt')

2.1.3.9 generateKeyPair

Generates a key pair in a keystore.

Description

Generates a key pair using a specified algorithm, and wraps it in a demo CA-signed certificate.

Syntax

svc.generateKeyPair(appStripe='stripe', name='keystore', password='password', 
dn='distinguishedname', keysize='keysize', alias='alias', 
keypassword='keypassword'[, algorithm='algorithm'])
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe where the keystore resides.
name
Specifies the name of the keystore.
password
Specifies the keystore password.
dn
Specifies the distinguished name of the certificate wrapping the key pair.
keysize
Specifies the key size.
alias
Specifies the alias of the key pair entry.
keypassword
Specifies the key password.
algorithm
Specifies the algorithm to use to encrypt the generated keys. The only valid values are RSA or EC (Elliptic Curve Cryptography). Optional. If not specified, the command uses the RSA algorithm.

Examples

The following example generates a keypair in keystore2 using the default RSA algorithm:

wls:/mydomain/serverConfig> svc.generateKeyPair(appStripe='system', name='keystore2', password='password', dn='cn=www.oracle.com', keysize='1024', alias='orakey', keypassword='keypassword')

The following example generates a keypair in keystore2 using the RSA algorithm:

wls:/mydomain/serverConfig> svc.generateKeyPair(appStripe='system', name='keystore2', password='password', dn='cn=www.oracle.com', keysize='1024', alias='orakey', keypassword='keypassword', algorithm='RSA')

The following example generates a keypair in keystore2. using the ECC (Elliptic Curve Cryptography) algorithm:

wls:/mydomain/serverConfig> svc.generateKeyPair(appStripe='system', name='keystore2', password='password', dn='cn=www.oracle.com', keysize='1024', alias='orakey', keypassword='keypassword', algorithm='EC')

2.1.3.10 generateSecretKey

Generates a secret key.

Description

Generates a symmetric key in a keystore.

Syntax

svc.generateSecretKey(appStripe='stripe', name='keystore', password='password', 
algorithm='algorithm', keysize='keysize', alias='alias', 
keypassword='keypassword')
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe where the keystore resides.
name
Specifies the name of the keystore.
password
Specifies the keystore password.
algorithm
Specifies the symmetric key algorithm.
keysize
Specifies the key size.
alias
Specifies the alias of the key entry.
keypassword
Specifies the key password.

Example

The following example generates a keypair with keysize 128 in keystore2.

wls:/mydomain/serverConfig> svc.generateSecretKey(appStripe='system', name='keystore2', password='password', 
algorithm='AES', keysize='128', alias='seckey', keypassword='keypassword')

2.1.3.11 getKeyStoreCertificates

Gets a certificate from the keystore.

Description

Retrieves information about a certificate or trusted certificate.

Syntax

svc.getKeyStoreCertificates(appStripe='stripe', name='keystore', 
password='password', alias='alias', keypassword='keypassword')
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe where the keystore resides.
name
Specifies the name of the keystore.
password
Specifies the keystore password.
alias
Specifies the alias of the certificate, trusted certificate or certificate chain to be displayed.
keypassword
Specifies the key password.

Example

The following example gets certificates associated with keystore3.

wls:/mydomain/serverConfig> svc.getKeyStoreCertificates(appStripe='system', name='keystore3', password='password', alias='orakey', keypassword='keypassword')

2.1.3.12 getKeyStoreSecretKeyProperties

Retrieves secret key properties.

Description

Retrieves secret key properties like the algorithm.

Syntax

svc.getKeyStoreSecretKeyProperties(appStripe='stripe', name='keystore', 
password='password', alias='alias', keypassword='keypassword')
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe where the keystore resides.
name
Specifies the name of the keystore.
password
Specifies the keystore password.
alias
Specifies the alias of the secret key whose properties are displayed.
keypassword
Specifies the secret key password.

Example

The following example gets properties for secret key seckey:

wls:/mydomain/serverConfig> svc.getKeyStoreSecretKeyProperties(appStripe='system', name='keystore3', 
password='password', alias='seckey', keypassword='keypassword')

2.1.3.13 importKeyStore

Imports a keystore from file.

Description

Imports a keystore from a system file.

Syntax

svc.importKeyStore(appStripe='stripe', name='keystore', password='password', aliases='comma-separated-aliases', keypasswords='comma-separated-keypasswords', 
type='keystore-type', permission=true|false, filepath='absolute_file_path')
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe where the keystore will reside.
name
Specifies the name of the keystore.
password
Specifies the keystore password. These rules apply:
  • If importing an auto-login Oracle Wallet file, no password is needed.

  • If importing a password-protected Oracle Wallet file (ewallet.p12), enter a password of minimum eight characters.

aliases  
Specifies the comma-separated aliases of the entries to be imported from the file. If type is set to OracleWallet, it is not required; otherwise, it is a required argument.
keypasswords  
Specifies the passwords of the keys in the file. These rules apply:
  • If type is JKS or JCEKS, enter comma-separated passwords of the keys.

  • If type is OracleWallet, no password is needed. The key passwords will be the same as the keystore password.

type  
Specifies the imported keystore type. Valid values are 'JKS' or 'JCEKS' or 'OracleWallet'.
filepath 
If type is set to JKS or JCEKS, it specifies rthe absolute path of the keystore file to be imported, including filname. If itype is set to OracleWallet, it specifies the absolute path of the directory where the Oracle Wallet is located.
permission 
Specifies true if keystore is protected by permission only, false if protected by both permission and password. If set to true, the imported file is permission protected, so when call getKeyStore or getKey, set password to null.

Example

The following example imports a JKS keystore file to keystore2:

wls:/mydomain/serverConfig> svc.importKeyStore(appStripe='system', name='keystore2', 
password='password',aliases='orakey,seckey', keypasswords='keypassword1, 
keypassword2', type='JKS', permission=true, filepath='/tmp/file.jks')

The following example imports an Oracle Wallet to keystore2:

svc.importKeyStore(appStripe='system', name='keystore2', 
password='mypassword',aliases='orakey,seckey', keypasswords='', type='OracleWallet', permission=true, filepath='/tmp')

2.1.3.14 importKeyStoreCertificate

Imports a certificate or other specified object.

Description

Imports a certificate, trusted certificate or certificate chain.

Syntax

svc.importKeyStoreCertificate(appStripe='stripe', name='keystore', 
password='password', alias='alias', keypassword='keypassword', 
type='entrytype',filepath='absolute_file_path')
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe where the keystore resides.
name
Specifies the name of the keystore.
password
Specifies the keystore password.
alias  
Specifies the alias of the entry to be imported.
keypassword  
Specifies the key password of the newly imported entry.
type  
Specifies the type of keystore entry to be imported. Valid values are 'Certificate', 'TrustedCertificate' or 'CertificateChain'.
filepath  
Specifies the absolute path of the file from where certificate, trusted certificate or certificate chain is imported.

Example

The following example imports a certificate into keystore2.

wls:/mydomain/serverConfig> svc.importKeyStoreCertificate(appStripe='system', name='keystore2', 
password='password', alias='orakey', keypassword='keypassword', 
type='Certificate', filepath='/tmp/cert.txt')

2.1.3.15 listExpiringCertificates

Lists expiring certificates.

Description

Lists expiring certificates and optionally renews them.

Syntax

svc.listExpiringCertificates(days='days', autorenew=true|false)
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
days  
Specifies that the list should only include certificates within this many days from expiration.
autorenew  
Specifies true for automatically renewing expiring certificates, false for only listing them.

Example

The following example lists certificates expiring within one year, and requests that they be renewed:

wls:/mydomain/serverConfig> svc.listExpiringCertificates(days='365', autorenew=true)

2.1.3.16 listKeyStoreAliases

Lists the aliases in a keystore.

Description

Lists the aliases in a keystore for a given type of entry.

Syntax

svc.listKeyStoreAliases(appStripe='stripe', name='keystore', 
password='password', type='entrytype')
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe where the keystore resides.
name
Specifies the name of the keystore.
password
Specifies the keystore password.
type
Specifies the type of entry for which aliases are listed. Valid values are 'Certificate', 'TrustedCertificate', 'SecretKey' or '*'.

Example

The following example lists secret keys in keystore2:

wls:/mydomain/serverConfig> svc.listKeyStoreAliases(appStripe='system', name='keystore2', 
password='password', type='SecretKey')

2.1.3.17 listKeyStores

Lists all the keystores in a stripe.

Description

Lists all the keystores in the specified stripe.

Syntax

svc.listKeyStores(appStripe='stripe')
Argument Definition
svc
Specifies the service command object obtained through a call to getOpssService().
appStripe
Specifies the name of the stripe whose keystores are listed.

Example

The following example lists all keystores on all stripes.

wls:/mydomain/serverConfig> svc.listKeyStores(appStripe='*')

2.1.3.18 syncKeyStores

Synchronizes keystores from the OPSS security store to the local repository.

Description

Downloads keystores from an application stripe in the security store to the specified directory on the file system, in the given format.

If the target format is Oracle Wallet, the command downloads the contents of all KSS keystores for a given stripe into auto-login wallets on the server. The contents of the domain trust store are automatically included in each wallet.

Syntax

The syntax is as follows:

syncKeyStores(appStripe='<application_stripe>', keystoreFormat='exported_file_format',
rootDirectory='root_dir_absolute_path')
Argument Definition
appStripe
Name of the KSS application stripe containing the keystores that need to be synchronized with the local repository.
keystoreFormat
Specifies the format of the target keystore. Valid formats are 'KSS' and 'OracleWallet'.

If the keystoreFormat is 'OracleWallet', then the keystores in this stripe must be permission-protected only. You cannot use password-protected keystores in an Oracle wallet.

rootDirectory
For the Oracle Wallet format, specifies the absolute path of the server directory where the wallet(s) are created.

Note:

The svc argument does not apply to this command.

Example

The following example looks up the security store for the "system" stripe and downloads its contents into the keystores.xml file under the DOMAIN_HOME/config/fmwconfig directory.

wls:/mydomain/serverConfig> syncKeyStores((appStripe='system', keystoreFormat='KSS')
 

The following example generates Oracle Wallets corresponding to all keystores in the stripe 'ohs':

syncKeyStores(appStripe=”ohs”, 
keystoreFormat=”OracleWallet”, rootDirectory=”/tmp/bin”)

2.1.4 Identity Directory Service Commands

Use the WLST commands listed in Table 2-5 to manage Identity Directory Service entity attributes, entity definitions, relationships and default operational configurations.

Table 2-5 WLST Identity Directory Service Commands

Use this command... To... Use with WLST...

activateIDSConfigChanges

Reload the Identity Directory Service configuration.

Online

addAttributeInEntityConfig

Add a new attribute to the entity configuration.

Online

addAttributePropsInEntityConfig

Add new properties for an attribute in an entity configuration.

Online

addAttributeRefForEntity

Add a new attribute to the specified entity.

Online

addAttrrefPropsInEntityConfig

Add new properties for an attribute reference in an entity configuration.

Online

addCommonPropertyForOperationConfig

Add a new property for a specified operation configuration.

Online

addEntity

Add a new entity to the entity configuration.

Online

addEntityProps

Add new properties for an entity in an entity configuration.

Online

addEntityRelation

Add a new entity relation to the entity configuration.

Online

addIdentityDirectoryService

Add a new Identity Directory Service to the configuration.

Online

addOperationConfig

Add a new operation configuration to the entity configuration.

Online

addPropertyForOperationConfig

Add a new property to a specified operation configuration.

Online

deleteAttributeInEntityConfig

Delete an attribute from an entity configuration.

Online

deleteAttributePropsInEntityConfig

Delete attribute properties in an entity configuration.

Online

deleteAttrrefPropsInEntityConfig

Delete attribute reference properties in an entity configuration.

Online

deleteEntity

Delete an entity from an entity configuration.

Online

deleteEntityProps

Delete entity properties in an entity configuration.

Online

deleteEntityRelation

Delete the specified entity relation.

Online

deleteIdentityDirectoryService

Delete the specified Identity Directory Service in the configuration.

Online

deleteOperationConfig

Delete operation configuration in an entity configuration.

Online

listAllAttributeInEntityConfig

List all attributes in the entity configuration.

Online

listAllEntityInEntityConfig

List all entities defined in the specified entity configuration.

Online

listAllIdentityDirectoryService

List all Identity Directory Services in the configuration.

Online

removeAttributeRefForEntity

Remove an attribute from the specified entity.

Online

removeCommonPropertyForOperationConfig

Remove a property for the specified operation configuration.

Online

removePropertyForOperationConfig

Remove a property for the specified operation configuration.

Online

updateAttributeInEntityConfig

Update attributes in an entity configuration.

Online

updateAttributePropsInEntityConfig

Update attribute properties in an entity configuration.

Online

updateAttrrefPropsInEntityConfig

Update attribute reference properties in an entity configuration.

Online

updateEntity

Update an entity's properties in an entity configuration.

Online

updateEntityAttrs

Update an entity's properties in an entity configuration.

Online

updateEntityProps

Update the entity properties in an entity configuration.

Online

dumpConnectionPoolStatsForInMemoryConfig

Dumps the LDAP connection pool statistics for the associated in-memory IDS configuration for the current JVM into a specified file.

Online

dumpConnectionPoolStatsForAllInMemoryConfig

Dumps the LDAP connection pool statistics for all in-memory IDS configuration for the current JVM into a specified file.

Online

dumpConnectionPoolStatsForAllFileBasedConfig

Dumps the LDAP connection pool statistics for all file-based IDS configuration for the current JVM into a specified file.

Online

dumpConnectionPoolStatsForAllFileBasedConfig

Dumps the LDAP connection pool statistics for all file-based IDS configuration for the current JVM into a specified file.

Online


2.1.4.1 activateIDSConfigChanges

Online command that reloads the configuration for Identity Directory Service.

Description

Reloads the Identity Directory Service configuration.

Syntax

activateIDSConfigChanges()

This command has no arguments.

Example

The following command reloads the Identity Directory Service configuration:

activateIDSConfigChanges()

2.1.4.2 addAttributeInEntityConfig

Online command that adds an attribute to the entity configuration.

Description

Adds a new attribute to the entity configuration.

Syntax

addAttributeInEntityConfig(name, datatype, description, readOnly, pwdAttr, appName)

Table 2-6 addAttributeInEntityConfig Arguments

Argument Definition

name

Name of the attribute to be added.

datatype

The attribute's type is defined as one of the following:

  • binary

  • boolean

  • datetime

  • double

  • integer

  • rfc822name

  • string

  • x500name

description

Description of the attribute to be added.

readOnly

Flag to specify whether the attribute is read only or can be modified.

pwdAttr

Flag to specify whether the attribute defines a password or not.

appName

Name of the Identity Directory Service.


Example

The following command adds an attribute commonname of userrole entity:

addAttributeInEntityConfig('commonname','string','common name',false,false,'userrole')

2.1.4.3 addAttributePropsInEntityConfig

Online command that adds properties for an attribute in an entity configuration.

Description

Adds new properties for an attribute in an entity configuration.

Syntax

addAttributePropsInEntityConfig(name, propNames, propVals, appName)

Table 2-7 addAttributePropsInEntityConfig Arguments

Argument Definition

name

Name of the attribute to be added.

propNames

List of property names separated by "|".

The properties (propNames and propVals) are free key/value pairs. Applications can store any required metadata at the attribute level in these properties. The Identity Directory Service does not perform any validation for these property names and does not interpret or use these properties internally.

For configuration attributes, however, the Identity Directory Service performs a schema check and interprets the configuration names and their values.

propVals

List of corresponding property values separated by "|".

appName

Name of the Identity Directory Service.


Example

The following command adds an attribute orgunit of entity userrole:

addAttributePropsInEntityConfig('orgunit','labelname|multivalued','common name|true','userrole')

2.1.4.4 addAttributeRefForEntity

Online command that adds attribute to an entity.

Description

Adds a new attribute to the specified entity.

Syntax

addAttributeRefForEntity(name, attrRefName, attrRefFilter, attrRefDefaultFetch, appName)

Table 2-8 addAttributeRefForEntity Arguments

Argument Definition

name

Name of the entity to which the attribute will be added.

attrRefName

Name of the attribute to be added to the entity.

attrRefFilter

Type of filter to be used with the attribute, defined as one of the following:

  • beginswith

  • contains

  • doesnotcontain

  • dynamic

  • endswith

  • equals

  • greaterequal

  • greaterthan

  • lessequal

  • lessthan

  • none

  • notequals

attrRefDefaultFetch

Flag to specify whether the attribute is fetched by default.

appName

Name of the Identity Directory Service.


Example

The following command adds an attribute User to userrole entity:

addAttributeRefForEntity('User','givenname','none','true','userrole')

2.1.4.5 addAttrrefPropsInEntityConfig

Online command that adds property for an attribute reference.

Description

Adds new properties for an attribute reference in an entity configuration.

Syntax

addAttrrefPropsInEntityConfig(entityName, attrName, propNames, propVals, appName)

Table 2-9 addAttrrefPropsInEntityConfig Arguments

Argument Definition

entityName

Name of the entity.

attrName

Name of the attribute reference.

propNames

List of property names separated by "|".

The properties (propNames and propVals) are free key/value pairs. Applications can store any required metadata at the attribute level in these properties. The Identity Directory Service does not perform any validation for these property names and does not interpret or use these properties internally.

For configuration attributes, however, the Identity Directory Service performs a schema check and interprets the configuration names and their values.

propVals

List of corresponding property values separated by "|".

appName

Name of the Identity Directory Service.


Example

The following command adds a multivalued property labelname for org entity:

addAttrrefPropsInEntityConfig('org', 'orgunit','labelname|multivalued','common name|true','userrole')

2.1.4.6 addCommonPropertyForOperationConfig

Online command that adds a property for an operation configuration.

Description

Adds a new property for a specified operation configuration.

Syntax

addCommonPropertyForOperationConfig(entityName, propName, propValue, appName)

Table 2-10 addCommonPropertyForOperationConfig Arguments

Argument Definition

entityName

Name of the entity.

propName

Name of the property to be added for this operation configuration.

propValue

Value of the property to be added for this operation configuration.

appName

Name of the Identity Directory Service.


Example

The following command adds a new property member:

addCommonPropertyForOperationConfig('groupmember.attr', 'member', 'userrole')

2.1.4.7 addEntity

Online command that adds an entity to the configuration.

Description

Adds a new entity to the entity configuration.

Syntax

addEntity(name, type, idAttr, create, modify, delete, search, attrRefNames, attrRefFilters, attrRefDefaultFetches, appName)

Table 2-11 addEntity Arguments

Argument Definition

name

Name of the entity to which the attribute will be added.

type

Name of the attribute to be added to the entity.

idAttr

Identity attribute of the entity to be added.

create

Flag to specify the create is allowed.

modify

Flag to specify the modify is allowed.

delete

Flag to specify the delete is allowed.

search

Flag to specify the search is allowed.

attrRefNames

Array of attribute names.

attrRefFilters

An array of filter type values, defined as one of the following:

  • beginswith

  • contains

  • doesnotcontain

  • dynamic

  • endswith

  • equals

  • greaterequal

  • greaterthan

  • lessequal

  • lessthan

  • none

  • notequals

attrRefDefaultFetches

Array of boolean strings (true, false).

appName

Name of the Identity Directory Service.


Example

The following command adds an attribute group to the Group entity.

addEntity('Group','group','commonname',true,true,true,true,'name|commonname','none|none','true|false','userrole')

2.1.4.8 addEntityProps

Adds property for an entity.

Description

Online command that adds new properties for an entity in an entity configuration.

Syntax

addEntityProps(name, propNames, propVals, appName)

Table 2-12 addEntityProps Arguments

Argument Definition

name

Name of the entity.

propNames

List of property names separated by "|".

propValues

List of corresponding property values separated by "|".

appName

Name of the Identity Directory Service.


Example

The following command adds inclobjclasses and exclobjclasses properties:

addEntityProps('User','inclobjclasses|exclobjclasses','inetorgperson|orclidxperson','userrole')

2.1.4.9 addEntityRelation

Online command that adds entity relation to an entity.

Description

Add a new entity relation to the entity configuration for the specified attributes.

Syntax

addEntityRelation(name, type, fromEntity, fromAttr, toEntity, toAttr, recursive, appName)

Table 2-13 addEntityRelation Arguments

Argument Definition

name

Name of the relation between the entities for the given attributes.

type

Type of the entity relation ("ManyToMany", "ManyToOne", "OneToMany", "OneToOne").

fromEntity

Name of the from entity.

fromAttr

Name of the from attribute.

toEntity

Name of the to entity.

toAttr

Name of the to attribute.

recursive

Flag to set the entity relationship as recursive.

appName

Name of the Identity Directory Service.


Example

The following command adds the manager relation between the manager and User entities:

addEntityRelation('manager', 'ManyToOne', 'User', 'manager', 'User', 'principal', false, 'userrole')

2.1.4.10 addIdentityDirectoryService

Online command that adds an Identity Store Service.

Description

Adds a new IdentityStoreService to the Identity Directory Service configuration.

Syntax

addIdentityDirectoryService(name, description, propNames, propValues)

Table 2-14 addIdentityDirectoryService Arguments

Argument Definition

name

Name of the IdentityStoreService to be added.

description

Description of the IdentityStoreService.

propNames

An array of property names to be added to the IdentityStoreService configuration.

propValues

An array of values to be defined for the property names added to the IdentityStoreService configuration.


Example

The following command adds the userrole IdentityStoreService:

addIdentityDirectoryService('userrole', 'user role', 'ovd.context|entity.config', 'default|userrole')

2.1.4.11 addOperationConfig

Online command that adds operation configuration to an entity.

Description

Adds a new operation configuration to the entity configuration.

Syntax

addOperationConfig(entityName, propNames, propValues, appName)

Table 2-15 addOperationConfig Arguments

Argument Definition

entityName

Name of the entity to which the operation configuration will be added.

propNames

An array of property names to be added to the operation configuration.

propValues

An array of property values for the properties added to the operation configuration.

appName

Name of the Identity Directory Service.


Example

The following command adds the User entity to which the operation configuration will be added:

addOperationConfig('User', 'entity.searchbase', 'cn=users,dc=oracle,dc=com', 'userrole')

2.1.4.12 addPropertyForOperationConfig

Online command that adds a property to an operation configuration.

Description

Adds a new property to a specified operation configuration.

Syntax

addPropertyForOperationConfig(entityName, propName, propValue, appName)

Table 2-16 addPropertyForOperationConfig Arguments

Argument Definition

entityName

Name of the entity to which the operation configuration will be added.

propName

A property name to be added to the operation configuration.

propValue

A value for the property added to the operation configuration.

appName

Name of the Identity Directory Service.


Example

The following command adds the property to the operation configuration:

addPropertyForOperationConfig('User','entity.searchbase', 'cn=users,dc=oracle,dc=com', 'userrole')

2.1.4.13 deleteAttributeInEntityConfig

Online command that deletes attribute from an entity.

Description

Deletes an attribute from an entity configuration.

Syntax

deleteAttributeInEntityConfig(name, appName)

Table 2-17 deleteAttributeInEntityConfig Arguments

Argument Definition

name

Name of the attribute to be deleted.

appName

Name of the Identity Directory Service.


Example

The following command deletes the commonname attribute.

deleteAttributeInEntityConfig('commonname', 'userrole')

2.1.4.14 deleteAttributePropsInEntityConfig

Online command that deletes the properties of an attribute.

Description

Deletes attribute properties in an entity configuration.

Syntax

deleteAttributePropsInEntityConfig(name, propNames, appName)

Table 2-18 deleteAttributePropsInEntityConfig Arguments

Argument Definition

name

Name of the attribute.

propNames

List of property names separated by "|".

appName

Name of the Identity Directory Service.


Example

The following example deletes the property labelname from the userrole entity:

deleteAttributePropsInEntityConfig('orgunit','labelname|multivalued','userrole')

2.1.4.15 deleteAttrrefPropsInEntityConfig

Online command that deletes attribute reference properties in an entity.

Description

Deletes one or more attribute reference properties in an entity configuration.

Syntax

deleteAttrrefPropsInEntityConfig(entityName, attrName, propNames, appName)

Table 2-19 deleteAttrrefPropsInEntityConfig Arguments

Argument Definition

entityName

Name of the entity.

attrName

Name of the attribute reference.

propNames

List of property names to be deleted. If multiple properties are to be deleted, they should be separated by "|".

appName

Name of the Identity Directory Service.


Example

The following command deletes two properties from attribute reference orgunit of entity org:

deleteAttrrefPropsInEntityConfig('org', 'orgunit','labelname|multivalued','userrole')

2.1.4.16 deleteEntity

Online command that deletes an entity.

Description

Deletes an entity from an entity configuration.

Syntax

deleteEntity(name, appName)

Table 2-20 deleteEntity Arguments

Argument Definition

name

Name of the entity to be deleted.

appName

Name of the Identity Directory Service.


Example

The following command deletes the User entity.

deleteEntity('User', 'userrole')

2.1.4.17 deleteEntityProps

Online command that deletes the properties of an entity.

Description

Deletes entity properties in an entity configuration.

Syntax

deleteEntityProps(name, propNames, appName)

Table 2-21 deleteEntityProps Arguments

Argument Definition

name

Name of the entity.

propNames

List of property names separated by "|".

appName

Name of the Identity Directory Service.


Example

The following command deletes the two properties inclobjclasses and exclobjclasses of User entity:

deleteEntityProps('User','inclobjclasses|exclobjclasses','userrole')

2.1.4.18 deleteEntityRelation

Online command that deletes the relationship between entities.

Description

Deletes the specified entity relation between entities for the given attributes.

Syntax

deleteEntityRelation(name, appName)

Table 2-22 deleteEntityRelation Arguments

Argument Definition

name

Name of the relation between the entities for the given attributes.

appName

Name of the Identity Directory Service.


Example

The following command deletes the manager relation specified between entities:

deleteEntityRelation('manager', 'userrole')

2.1.4.19 deleteIdentityDirectoryService

Online command that deletes the specified IdentityStoreService.

Description

Deletes the specified IdentityStoreService in the Identity Directory Service configuration.

Syntax

deleteIdentityDirectoryService(name)

where name is the name of the IdentityStoreService configuration to be deleted.

Example

The following example deletes ids1 IdentityStoreService configuration.

deleteIdentityDirectoryService('ids1')

2.1.4.20 deleteOperationConfig

Online command that deletes an operation configuration.

Description

Deletes an operation configuration in an entity configuration.

Syntax

deleteOperationConfig(entityName, appName)

Table 2-23 deleteOperationConfig Arguments

Argument Definition

entityName

Name of the entity from which the operation configuration will be removed.

appName

Name of the Identity Directory Service.


Example

The following command deletes the operation configuration associated with entity User and application userrole:

deleteOperationConfig('User','userrole')

2.1.4.21 listAllAttributeInEntityConfig

Online command that lists all attributes.

Description

Lists all attributes in the entity configuration.

Syntax

listAllAttributeInEntityConfig(appName)

where appName is the name of the Identity Directory Service that contains the entity configuration from which the list of attributes is retrieved.

Example

The following command obtains the list of attributes from userrole entity:

listAllAttributeInEntityConfig('userrole')

2.1.4.22 listAllEntityInEntityConfig

Online command that lists all entities for an entity configuration.

Description

Lists all entities defined in the specified entity configuration.

Syntax

listAllEntityInEntityConfig(appName)

where appName is the name of the Identity Directory Service that contains the entity configuration from which the list of entities is retrieved.

Example

The following command obtains the list of entities associated with userrole entity:

listAllEntityInEntityConfig('userrole') 

2.1.4.23 listAllIdentityDirectoryService

Online command that lists all IdentityStoreService for an Identity Directory Service configuration.

Description

Lists all IdentityStoreService in Identity Directory Service configuration.

Syntax

listAllIdentityDirectoryService()

This command has no arguments.

Example

The following command lists all the IdentityStoreService for an Identity Directory Service configuration:

listAllIdentityDirectoryService()

2.1.4.24 removeAttributeRefForEntity

Online command that deletes an attribute from an entity.

Description

Removes an attribute from the specified entity.

Syntax

removeAttributeRefForEntity(name, attrRefName, appName)

Table 2-24 removeAttributeRefForEntity Arguments

Argument Definition

name

Name of the entity from which the attribute will be removed.

attrRefName

The name of the attribute to be removed.

appName

Name of the Identity Directory Service.


Example

The following command deletes the givenname attribute associated with User entity:

removeAttributeRefForEntity('User','givenname','userrole')

2.1.4.25 removeCommonPropertyForOperationConfig

Online command that deletes a property for an operation configuration.

Description

Removes a property for the specified operation configuration.

Syntax

removeCommonPropertyForOperationConfig(entityName, propName, appName)

Table 2-25 removeCommonPropertyForOperationConfig Arguments

Argument Definition

entityName

Name of the entity.

propName

Name of property to be removed for this operation configuration.

appName

Name of the Identity Directory Service.


Example

The following command removes groupmember.attr property associated with User entity:

removeCommonPropertyForOperationConfig('User','groupmember.attr','userrole')

2.1.4.26 removePropertyForOperationConfig

Online command that removes a property for an operation configuration.

Description

Removes a property for the specified operation configuration.

Syntax

removePropertyForOperationConfig(entityName, propName, appName)

Table 2-26 removePropertyForOperationConfig Arguments

Argument Definition

entityName

Name of the entity from which the operation configuration will be removed.

propName

A property name to be removed from the operation configuration.

appName

Name of the Identity Directory Service.


Example

The following command removes entity.searchbase property associated with User entity:

removePropertyForOperationConfig('User','entity.searchbase','userrole')

2.1.4.27 updateAttributeInEntityConfig

Online command that updates an attribute for an entity configuration.

Description

Updates attributes in an entity configuration.

Syntax

updateAttributeInEntityConfig(name, attrNames, attrVals, appName)

Table 2-27 updateAttributeInEntityConfig Arguments

Argument Definition

name

Name of the entity attribute to be updated.

attrNames

List of configuration attribute names separated by "|". Valid configuration attribute names are:

  • dataType

  • description

  • readOnly

  • pwdAttr

  • attrInUse

attrVals

List of corresponding attribute values separated by "|".

appName

Name of the Identity Directory Service.


Example

The following command updates the commonname attribute:

updateAttributeInEntityConfig('commonname','readOnly|pwdAttr|attrInUse','true|false|false','userrole')

2.1.4.28 updateAttributePropsInEntityConfig

Online command that updates the properties of an attribute for an entity.

Description

Updates attribute properties in an entity configuration.

Syntax

updateAttributePropsInEntityConfig(name, propNames, propVals, appName)

Table 2-28 updateAttributePropsInEntityConfig Arguments

Argument Definition

name

Name of the attribute to be updated.

propNames

List of property names separated by "|".

propVals

List of corresponding property values separated by "|".

appName

Name of the Identity Directory Service.


Example

The following command updates the properties for orgunit attribute associated with userrole application:

updateAttributePropsInEntityConfig('orgunit','multivalued','multivalued','userrole')

2.1.4.29 updateAttrrefPropsInEntityConfig

Online command that updates attribute reference properties for an entity.

Description

Updates attribute reference properties in an entity configuration.

Syntax

updateAttrrefPropsInEntityConfig(entityName, attrName, propNames, propVals, appName)

Table 2-29 updateAttrrefPropsInEntityConfig Arguments

Argument Definition

entityName

Name of the entity.

attrName

Name of the attribute reference.

propNames

List of property names separated by "|".

propVals

List of corresponding property values separated by "|".

appName

Name of the Identity Directory Service.


Example

The following command updates the attribute reference properties:

updateAttrrefPropsInEntityConfig('org', 'orgunit','entity.searchbase','multivalued','userrole')

2.1.4.30 updateEntity

Online command that updates properties of an entity.

Description

Updates an entity's properties in an entity configuration.

Syntax

updateEntity(name, type, idAttr, create, modify, delete, search, appName)

Table 2-30 updateEntity Arguments

Argument Definition

name

Name of the entity to be updated.

type

Type of the entity.

idAttr

Identity attribute of the entity.

create

Flag to specify the create is allowed.

modify

Flag to specify the modify is allowed.

delete

Flag to specify the delete is allowed.

search

Flag to specify the search is allowed.

appName

Name of the Identity Directory Service.


Example

The following command updates the properties associated with Group entity:

updateEntity('Group','group','commonname',true,true,true,true,'userrole')

2.1.4.31 updateEntityAttrs

Online command that updates the configuration attributes for an entity.

Description

Updates the configuration attributes for an entity attribute.

Syntax

updateEntityAttrs(name, attrNames, attrVals, appName)

Table 2-31 updateEntityAttrs Arguments

Argument Definition

name

Name of the entity attribute.

To update the properties of an entity attribute, see updateAttributePropsInEntityConfig.

attrNames

List of configuration attribute names. If multiple configuration attributes are to be updated, they should be separated by "|". Valid configuration attribute names are:

  • idAttr

  • pwdAttr

  • firstnameAttr

  • lastnameAttr

  • mailAttr

  • displaynameAttr

  • descriptionAttr

  • challengeQnAttr

  • challengeAnsAttr

  • commonIdAttr.

attrVals

List of corresponding configuration attribute values separated by "|".

appName

Name of the Identity Directory Service.


Example

The following command updates configuration attributes associated with User entity:

updateEntityAttrs('User','idAttr|firstnameAttr','uid|givenname','userrole')

2.1.4.32 updateEntityProps

Online command that updates the properties of an entity.

Description

Updates the entity properties in an entity configuration.

Syntax

updateEntityProps(name, propNames, propVals, appName)

Table 2-32 updateEntityProps Arguments

Argument Definition

name

Name of the attribute to be updated.

propNames

List of property names separated by "|".

propVals

List of corresponding property values separated by "|".

appName

Name of the Identity Directory Service.


Example

The following command updates the properties associated with User entity:

updateEntityProps('User','inclobjclasses|exclobjclasses','inetorgperson|orclidxperson','userrole')

2.1.4.33 deleteAttributePropsInEntityConfig

Online command that deletes the attribute properties in an entity configuration.

Description

Deletes the attribute properties in an entity configuration.

Syntax

deleteAttributePropsInEntityConfig(name, propNames, appName)

Table 2-33 deleteAttributePropsInEntityConfig

Argument Definition

name

Name of the attribute to be deleted.

propNames

List of property names separated by "|".

appName

Name of the Identity Directory Service.


Example

The following command deletes the attribute property, orgunit from the userrole.

deleteAttributePropsInEntityConfig('orgunit','labelname|validvalues','userrole')

2.1.4.34 dumpConnectionPoolStatsForInMemoryConfig

Online command that dumps the LDAP connection pool statistics for the associated in-memory IDS configuration for the current JVM on which WLS is configured into a specified file.

Description

Dumps the LDAP connection pool statistics for the associated in-memory IDS configuration for the current JVM on which WLS is configured into a specified file.

Syntax

dumpConnectionPoolStatsForInMemoryConfig(name, fileName)

Table 2-34 dumpConnectionPoolStatsForInMemoryConfig

Argument Definition

name

Name of the in-memory IDS configuration.

fileName

Refers to the full path of the file.


Example

The following example dumps the connection pool statistics for the in-memory IDS configuration ids1 into the specified file:

dumpConnectionPoolStatsForInMemoryConfig('ids1', '/tmp/dump.txt')

2.1.4.35 dumpConnectionPoolStatsForAllInMemoryConfig

Online command that dumps the LDAP connection pool statistics for all in-memory IDS configuration for the current JVM on which WLS is configured into a specified file.

Description

Dumps the LDAP connection pool statistics for all in-memory IDS configuration for the current JVM on which WLS is configured into a specified file.

Syntax

dumpConnectionPoolStatsForAllInMemoryConfig(fileName)

Table 2-35 dumpConnectionPoolStatsForAllInMemoryConfig

Argument Definition

fileName

Refers to the full path of the file.


Example

The following example dumps LDAP connection pool statistics for all in-memory IDS configuration into the specified file:

dumpConnectionPoolStatsForAllInMemoryConfig('/tmp/dump.txt')

2.1.4.36 dumpConnectionPoolStatsForAllFileBasedConfig

Online command that dumps the LDAP connection pool statistics for all file-based IDS configuration for the current JVM on which WLS is configured into a specified file.

Description

Dumps the LDAP connection pool statistics for all file-based IDS configuration for the current JVM on which WLS is configured into a specified file.

Syntax

dumpConnectionPoolStatsForAllFileBasedConfig(name, fileName)

Table 2-36 dumpConnectionPoolStatsForAllFileBasedConfig

Argument Definition

name

Name of the file-based IDS configuration.

fileName

Refers to the full path of the file.


Example

The following example dumps the connection pool statistics for ids file-based configuration into the specified file:

dumpConnectionPoolStatsForFileBasedConfig('ids1', '/tmp/dump.txt')

2.1.4.37 dumpConnectionPoolStatsForAllFileBasedConfig

Online command that dumps the LDAP connection pool statistics for all file-based IDS configuration in the current JVM on which WLS is configured into a specified file.

Description

Dumps the LDAP connection pool statistics for all file-based IDS configuration for the current JVM on which WLS is configured into a specified file.

Syntax

dumpConnectionPoolStatsForAllFileBasedConfig(fileName)

Table 2-37 dumpConnectionPoolStatsForAllFileBasedConfig

Argument Definition

fileName

Refers to the full path of the file.


Example

The following example dumps the connection pool statistics all file-based IDS configuration into the specified file:

dumpConnectionPoolStatsForFileBasedConfig('/tmp/dump.txt')

2.1.5 Library Oracle Virtual Directory (libOVD) Commands

Use the WLST commands listed in Table 2-38 to manage a libOVD configuration associated with a specific Oracle Platform Security Services (OPSS) context.

Table 2-38 WLST libOVD Commands

Use this command... To... Use with WLST...

addDNAttribute

Add an attribute to the DN attributes list for an existing adapter.

Online

activateLibOVDConfigChanges

Reload the libOVD configuration.

Online

addAttributeExclusionRule

Add a attribute exclusion rule.

Online

addAttributeRule

Add a new attribute mapping rule.

Online

addDomainExclusionRule

Add a domain exclusion rule.

Online

addDomainRule

Add a new domain mapping rule.

Online

addJoinRule

Add a join rule to an existing Join Adapter for a libOVD configuration.

Online

addLDAPHost

Add a new remote host to an existing LDAP adapter.

Online

addMappingContext

Create a new mapping context.

Online

addPlugin

Add a plug-in to an existing adapter or at the global level.

Online

addPluginParam

Add new parameter values to the existing adapter level plug-in or global plug-in.

Online

addToRequestControlExcludeList

Add a control to the Request Control Exclude List for an existing LDAP adapter configuration.

Online

addToRequestControlIncludeList

Add a control to the Request Control Include List for an existing LDAP adapter configuration.

Online

assignViewToAdapter

Assign the given view to an adapter.

Online

createJoinAdapter

Create a new Join Adapter for a libOVD configuration.

Online

createLDAPAdapter

Create a new LDAP adapter for a libOVD configuration.

Online

createLDAPAdapterWithDefaultPlugins

Create a new LDAP adapter with default plug-ins based on the specified directory type.

Online

createView

Create a new view.

Online

deleteAdapter

Delete an existing adapter for a libOVD configuration.

Online

deleteAttributeExclusionRule

Delete a attribute exclusion rule.

Online

deleteAttributeRule

Delete a attribute mapping rule.

Online

deleteDomainExclusionRule

Delete a domain exclusion rule.

Online

deleteDomainRule

Delete a domain mapping rule.

Online

deleteMappingContext

Delete the specified mapping context.

Online

deleteView

Delete the specified view.

Online

getAdapterDetails

Display the details of an existing adapter for a libOVD configuration.

Online

listAdapters

List the name and type of all adapters that are configured for a libOVD configuration.

Online

listAllMappingContextIds

List all the mapping contexts.

Online

listAttributeRules

List all the attribute rules.

Online

listDomainRules

List all the domain rules.

Online

listViews

List all views

Online

modifyLDAPAdapter

Modify the existing LDAP adapter configuration.

Online

modifySocketOptions

Modify the socket options for an existing LDAP adapter configuration.

Online

removeAllRequestControlExcludeList

Remove all controls from the Request Control Exclude List for an existing LDAP adapter configuration.

Online

removeAllRequestControlIncludeList

Remove all controls from a Request Control Include List for an existing LDAP adapter configuration.

Online

removeDNAttribute

Remove an attribute from the DN attributes list for an existing LDAP adapter configuration.

Online

removeFromRequestControlExcludeList

Remove a control from the Request Control Exclude List for an existing LDAP adapter configuration.

Online

removeFromRequestControlIncludeList

Removes a control from the Request Control Include List for an existing LDAP adapter configuration.

Online

removeJoinRule

Remove a join rule from a Join Adapter configured for a libOVD configuration.

Online

removeLDAPHost

Remove a remote host from an existing LDAP adapter configuration.

Online

removePlugin

Remove a plug-in from an existing adapter or at the global level.

Online

removePluginParam

Remove an existing parameter from a configured adapter level plug-in or global plug-in.

Online

replacePluginParam

Replace existing parameter values for an adapter level plug-in or global plug-in.

Online

unassignViewFromAdapter

Un-assign a view from an adapter.

Online

listSSLStoreType

List the type of SSL store in use for libOVD.

Online

enableKSSForSSL

Enable KSS for libOVD.

Online

enableJKSForSSL

Enable JKS for libOVD.

Online

createKeyStoreAndEnableJKSForSSL

Enable JKS for libOVD.

Online

importTrustedCertificateIntoSSLStore

Import given trusted certificate into SSL store.

Online

migrateAllTrustedCertificatesFromJKSToKSS

Migrate all trusted certificates from JKS to KSS store.

Online

migrateTrustedCertificatesFromJKSToKSS

Migrate given trusted certificates from JKS to KSS store.

Online

changeLDAPHostPort

Change given LDAP host and port in an existing LDAP adapter configuration to the new host and port.

Online

removeLDAPHostPort

Remove a remote host and a port from an existing LDAP adapter configuration.

Online

setReadOnlyForLDAPHost

Set the given host and port to read-only/writable in an existing LDAP adapter configuration.

Online

dumpLdapConnectionPoolStats

Dumps the current connection pool statistics for an adapter to a file for the given JVM.

Online


2.1.5.1 addDNAttribute

Online command that adds an attribute to the DN Attributes List.

Description

Adds an attribute to the DN Attributes List for an existing adapter configured for the libOVD configuration associated with an OPSS context.

Syntax

addDNAttribute(adapterName, attributeName, [contextName])

Table 2-39 addDNAttribute Arguments

Argument Definition

adapterName

Name of the adapter to be updated.

attributeName

Name of the new DN attribute to be added.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is default.


Example

The following example adds memberof attribute to ldap1 adapter:

addDNAttribute(adapterName='ldap1', attributeName='memberof', contextName='default')

2.1.5.2 activateLibOVDConfigChanges

Online command that reloads the libOVD configuration.

Description

Reloads the libOVD configuration associated with a specific OPSS context.

Syntax

activateLibOVDConfigChanges([contextName])

Table 2-40 activateLibOVDConfigChanges Arguments

Argument Definition

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is default.


Example

The following command reloads the default libOVD configuration for a specified OPSS context:

activateLibOVDConfigChanges('default')

2.1.5.3 addAttributeExclusionRule

Online command that adds an attribute exclusion rule.

Description

Adds an attribute exclusion rule to the exclusion list.

Syntax

addAttributeExclusionRule(attribute, mappingContextId, [contextName])

Table 2-41 addAttributeExclusionRule Arguments

Argument Definition

attribute

Name of the attribute to be added to the exclusion list.

mappingContextId

Name of the mapping context.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is default.


Example

The following command add objectsid to the exclusion list:

addAttributeExclusionRule('objectsid','userrole')

2.1.5.4 addAttributeRule

Online command that adds a new attribute mapping rule.

Description

Adds a new attribute mapping rule to the libOVD configuration associated with a specific OPSS context..

Syntax

addAttributeRule(srcAttrs, srcObjectClass, srcAttrType, dstAttr, dstObjectClass, dstAttrType, mappingExpression, direction, mappingContextId, [contextName])

Table 2-42 addAttributeRule Arguments

Argument Definition

mappingContextId

Name of the mapping context.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is default.


Example

The following command creates a mapping rule for the libOVD configuration. Here, the lastname is mapped to the cn.

addAttributeRule('lastname','','','sn','','','','Inbound','userrole')

2.1.5.5 addDomainExclusionRule

Online command that adds a domain exclusion rule.

Description

Adds a domain exclusion rule to the exclusion list.

Syntax

addDomainExclusionRule(domain, mappingContextId, [contextName])

Table 2-43 addDomainExclusionRule Arguments

Argument Definition

domain

Distinguished name (DN) of the attribute to be added to the exclusion list.

mappingContextId

Name of the mapping context.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command adds cn=group,dc=oracle,dc=com to the exclusion list:

addDomainExclusionRule('cn=group,dc=oracle,dc=com','userrole')

2.1.5.6 addDomainRule

Online command that adds a new domain mapping rule.

Description

Adds a new domain mapping rule.

Syntax

addDoma]inRule(srcDomain, destDomain, domainConstructRule, mappingContextId, [contextName])

Table 2-44 addDomainRule Arguments

Argument Definition

srcDomain

Source domain.

destDomain

Destination domain

domainConstructRule

Name of the attribute to be added to the exclusion list.

mappingContextId

Name of the mapping context.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is default.


Example

The following command creates a domain mapping rule:

addDomainRule('dc=oracle,dc=com', 'dc=oracle,dc=com', '', 'defaultContext', 'default')

2.1.5.7 addJoinRule

Online command that adds a join rule to a Join Adapter.

Description

Adds a join rule to an existing Join Adapter for the libOVD configuration associated with the specified OPSS context.

Syntax

addJoinRule(adapterName, secondary, condition, [joinerType], [contextName])

Table 2-45 addJoinRule Arguments

Argument Definition

adapterName

Name of the Join Adapter to be modified.

secondary

Name of the adapter to join to.

condition

The attribute(s) to join on.

joinerType

Optional. Defines the type of Join. Values can be Simple (default), Conditional, OneToMany, or Shadow.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is default.


Examples

The following commands create different join rules for an existing Join adapter:

addJoinRule('join1','secondaryldap','cn=cn', 'Simple', 'default')

addJoinRule('join1','secondaryldap','cn=cn', 'Conditional', 'default')

addJoinRule(adapterName='join1', secondary='LDAP3', condition='uid=cn', JoinerType='OneToMany')

addJoinRule(adapterName='join1', secondary='LDAP2',condition='uid=cn', contextName='myContext')

2.1.5.8 addLDAPHost

Online command that adds a new remote host.

Description

Adds a new remote host (host and port) to an existing LDAP adapter. By default, the new host is configured in Read-Write mode with percentage set to 100.

Syntax

addLDAPHost(adapterName, host, port, [contextName])

Table 2-46 addLDAPHost Arguments

Argument Definition

adapterName

Name of the Join Adapter to be modified.

host

Remote LDAP host to which the LDAP adapter will communicate.

port

Remote LDAP host port.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following commands add a host and a port to an existing LDAP adapter:

addLDAPHost(adapterName='ldap1', host='myhost.example.com', port=389)

addLDAPHost('ldap1', 'myhost.example.com','389', 'myContext')

2.1.5.9 addMappingContext

Online command that creates a new mapping context.

Description

Creates a new mapping context for the libOVD configuration associated with the specified OPSS context.

Syntax

addMappingContext(mappingContextId, [contextName])

Table 2-47 addMappingContext Arguments

Argument Definition

mappingContextId

Name of the mapping context.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command creates a mapping context for the libOVD configuration:

addMappingContext('defaultContext','context')

2.1.5.10 addPlugin

Online command that adds a plug-in to an existing adapter or at the global level.

Description

Adds a plug-in to an existing adapter or at the global level. The "i"th key corresponds to "i"th value. The plug-in is added to default chain.

Syntax

addPlugin(pluginName, pluginClass, paramKeys, paramValues, [adapterName], [contextName])

Table 2-48 addPlugin Arguments

Argument Definition

pluginName

Name of the plug-in to be created.

pluginClass

Class of the plug-in.

paramKeys

Init Param Keys separated by "|".

paramValues

Init Param Values separated by "|".

adapterName

Optional. Name of the adapter to be modified. If not specified, the plug-in is added at the global level.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Examples

The following commands add a plug-in to an existing adapter:

wls:/mydomain/serverConfig> addPlugin(adapterName='ldap1', pluginName='VirtualAttr',pluginClass='oracle.ods.virtualization.engine.chain.plugins.virtualattr.VirtualAttributePlugin', paramKeys='AddAttribute | MatchFilter | ContainerDN', paramValues='cn=%uid% | objectclass=person | dc=oracle,dc=com')

wls:/mydomain/serverConfig> addPlugin(pluginName='VirtualAttr',pluginClass='oracle.ods.virtualization.engine.chain.plugins.virtualattr.VirtualAttributePlugin', paramKeys='AddAttribute | MatchFilter | ContainerDN', paramValues='cn=%uid% | objectclass=person | dc=oracle,dc=com')
 
wls:/mydomain/serverConfig> addPlugin(pluginName='DMSMetrics',pluginClass='oracle.ods.virtualization.engine.chain.plugins.DMSMetrics.MonitorPerformance', paramKeys='None',paramValues='None',adapterName='ldap1',contextName='default')

2.1.5.11 addPluginParam

Online command that adds new parameter values to the existing adapter level plug-in or global plug-in.

Description

Adds new parameter values to the existing adapter level plug-in or the global plug-in. If the parameter already exists, the new value is added to the existing set of values. The "i"th key corresponds to "i"th value.

Syntax

addPluginParam(pluginName, paramKeys, paramValues, [adapterName], [contextName])

Table 2-49 addPluginParam Arguments

Argument Definition

pluginName

Name of the plug-in to be modified.

paramKeys

Init Param Keys separated by "|".

paramValues

Init Param Values separated by "|".

adapterName

Optional Name of the adapter to be modified. If not specified, the global plug-in is modified.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Examples

The following commands add a new plug-in parameter for an existing plug-in:

wls:/mydomain/serverConfig> addPluginParam(adapterName='ldap1', pluginName='VirtualAttr', paramKeys='ReplaceAttribute | MatchFilter', paramValues='cn=%uid% | objectclass=person')

wls:/mydomain/serverConfig> addPluginParam(pluginName='VirtualAttr', paramKeys='ReplaceAttribute | MatchFilter', par)

2.1.5.12 addToRequestControlExcludeList

Online command that adds a control to the Request Control Exclude List.

Description

Adds a control to the Request Control Exclude List for an existing LDAP adapter configuration.

Syntax

addToRequestControlExcludeList(adapterName, control, [contextName])

Table 2-50 addToRequestControlExcludeList Arguments

Argument Definition

adapterName

Name of the LDAP adapter to be modified.

control

LDAP control object identifier (OID).

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command adds 2.16.840.1.113894.1.8.31 control to ldap1 adapter's Request Control Exclude List:

addToRequestControlExcludeList(adapterName='ldap1', control='2.16.840.1.113894.1.8.31', contextName='default')

2.1.5.13 addToRequestControlIncludeList

Online command that adds a control to the Request Control Include List.

Description

Adds a control to the Request Control Include List for an existing LDAP adapter configuration.

Syntax

addToRequestControlIncludeList(adapterName, control, [contextName])

Table 2-51 addToRequestControlIncludeList Arguments

Argument Definition

adapterName

Name of the LDAP adapter to be modified.

control

LDAP control object identifier (OID).

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command adds 2.16.840.1.113894.1.8.31 control to ldap1 adapter's Request Control Include List:

addToRequestControlIncludeList(adapterName='ldap1', control='2.16.840.1.113894.1.8.31', contextName='default')

2.1.5.14 assignViewToAdapter

Online command that assigns a view to an LDAP adapter.

Description

Assigns a view to an LDAP adapter in the libOVD configuration associated with an OPSS context.

Syntax

assignViewToAdapter(viewName, adapterName, [contextName])

Table 2-52 assignViewToAdapter Arguments

Argument Definition

viewName

Name of the view.

adapterName

Name of the LDAP adapter.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command assigns userView to ldap1 adapter:

assignViewToAdapter('userView','ldap1', 'default')

2.1.5.15 createJoinAdapter

Online command that creates a new join adapter.

Description

Creates a new join adapter for the libOVD configuration associated with an OPSS context.

Syntax

createJoinAdapter(adapterName, root, primaryAdapter, [bindAdapter],[contextName])

Table 2-53 createJoinAdapter Arguments

Argument Definition

adapterName

Name of the Join Adapter to be created.

primaryAdapter

Specifies the identifier of the primary adapter, which is the adapter searched first in the join operation.

root

root

bindAdapter

Specifies identifier of the bind adapter(s), which are the adapter(s) whose proxy account is used to bind in the LDAP operation. By default, primaryAdapter is set as bindAdapter.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Examples

The following commands create a Join adapter:

createJoinAdapter('join1','dc=join','primaryldap','myldap', 'myContext')

createJoinAdapter(adapterName='join1', root='dc=join', primaryAdapter='myldap')

2.1.5.16 createLDAPAdapter

Online command that creates a new LDAP adapter.

Description

Creates a new LDAP adapter for the libOVD configuration associated with an OPSS context.

Syntax

createLDAPAdapter(adapterName, root, host, port, remoteBase, [isSecure], [bindDN], [bindPasswd], [passCred], [contextName])

Table 2-54 createLDAPAdapter Arguments

Argument Definition

adapterName

Name of the LDAP adapter to be created.

root

Virtual Namespace of the LDAP adapter.

host

Remote LDAP host with which the LDAP adapter will communicate.

port

Remote LDAP host port number.

remoteBase

Location in the remote DIT to which root corresponds.

isSecure

Optional. Boolean value that enables secure SSL/TLS connections to the remote hosts when set to true. The default is false.

bindDN

Optional. Proxy BindDN used to communicate with remote host. Default is "".

bindPasswd

Optional. Proxy BindPasswd used to communicate with the remote host. Default is "".

passCred

Optional. Controls the credentials, if any, the libOVD configuration will pass to the back-end (remote host) LDAP server. Values can be Always (default), None, or BindOnly.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Examples

The following commands create an LDAP adapter:

createLDAPAdapter("testLDAP", "dc=us,dc=oracle,dc=com", "myhost.example.com", 3060, "dc=uk,dc=oid", false, "cn=testuser", "welcome1", "Always", "myContext"

createLDAPAdapter(adapterName='ldap1', root='dc=com', host='myhost.example.com', port=5566, remoteBase='dc=oid')

2.1.5.17 createLDAPAdapterWithDefaultPlugins

Online command that creates a new LDAP adapter.

Description

Creates a new LDAP adapter with default plug-ins based on the directory type for the libOVD configuration associated with an OPSS context.

Syntax

createLDAPAdapterWithDefaultPlugins(adapterName, directoryType, root, host, port, remoteBase, [isSecure], [bindDN], [bindPasswd], [contextName])

Table 2-55 createLDAPAdapterWithDefaultPlugins Arguments

Argument Definition

adapterName

Name of the LDAP adapter to be created.

directoryType

Directory type. The value can be one of the following directories:

  • OID - Oracle Internet Directory

  • OUD - Oracle Unified Directory

  • SUNONE- Sun Java System Directory Server

  • OVD - Oracle Virtual Directory

  • ACTIVE_DIRECTORY - Microsoft Active Directory

  • EDIRECTORY - Novell eDirectory

  • OPEN_LDAP - Open LDAP

  • WLS_OVD - Oracle WebLogic Server OVD

  • TIVOLI - IBM Tivoli Directory Server

root

Virtual Namespace of the LDAP adapter.

host

Remote LDAP host to which LDAP adapter should communicate.

port

Remote host port.

remoteBase

Location in the remote DIT to which the root corresponds.

isSecure

Optional. Boolean value that enables secure SSL/TLS connections to the remote hosts when set to true. The Default is false.

bindDN

Optional. Proxy BindDN used to communicate with remote host. Default is "".

bindPasswd

Optional. Proxy BindPasswd used to communicate with the remote host. Default is "".

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Examples

The following commands create an LDAP adapter with default plug-ins based on the directory type:

wls:/mydomain/serverConfig> createLDAPAdapterWithDefaultPlugins("testLDAP", "OID", "dc=us,dc=oracle,dc=com", "myhost.example.domain.com", 3060, "dc=uk,dc=oid", false, "cn=testuser", "welcome1", "myContext")

wls:/mydomain/serverConfig> createLDAPAdapterWithDefaultPlugins(adapterName='ldap1', directoryType="OID", root='dc=com', host='myhost.example.domain.com', port=5566, remoteBase='dc=oid',bindDN="cn=testuser",bindPasswd="welcome1",contextName='default')

2.1.5.18 createView

Online command that creates a new view.

Description

Creates a new view for the libOVD configuration associated with an OPSS context.

Syntax

createView(viewName, [contextName])

Table 2-56 createView Arguments

Argument Definition

viewName

Name of the new view.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command create a view named, userView:

createView('userView','default')

2.1.5.19 deleteAdapter

Online command that deletes an existing adapter.

Description

Deletes an existing adapter for the libOVD configuration associated with an OPSS context.

Syntax

deleteAdapter(adapterName, [contextName])

Table 2-57 deleteAdapter Arguments

Argument Definition

adapterName

Name of the Join Adapter to be deleted.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command deletes join1 adapter:

deleteAdapter(adapterName='join1') deleteAdapter('join1', 'default'))

2.1.5.20 deleteAttributeExclusionRule

Online command that deletes an attribute exclusion rule.

Description

Deletes an attribute exclusion rule for the libOVD configuration associated with an OPSS context.

Syntax

deleteAttributeExclusionRule(attribute, mappingContextId, [contextName])

Table 2-58 deleteAttributeExclusionRule Arguments

Argument Definition

attribute

Name of the attribute to be removed from the exclusion list.

mappingContextId

Name of the mapping context.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command deletes the objectsid attribute exclusion rule for the associated libOVD configuration:

deleteAttributeExclusionRule('objectsid','userrole')

2.1.5.21 deleteAttributeRule

Online command that delete an attribute mapping rule.

Description

Deletes an attribute mapping rule for the libOVD configuration associated with an OPSS context.

Syntax

deleteAttributeRule(srcAttrs, dstAttr, mappingContextId, [contextName])

Table 2-59 deleteEntityRelation Arguments

Argument Definition

srcAttrs

Source attributes.

dstAttr

Destination attribute.

mappingContextId

Name of the mapping context.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command deletes the lastname attribute mapping rule from cn:

deleteAttributeRule('lastname','sn')

2.1.5.22 deleteDomainExclusionRule

Online command that deletes a domain exclusion rule.

Description

Deletes a domain exclusion rule for the libOVD configuration associated with an OPSS context.

Syntax

deleteDomainExclusionRule(domain, mappingContextId, [contextName])

Table 2-60 deleteEntityRelation Arguments

Argument Definition

domain

Distinguished Name of the container to be removed from the exclusion list.

mappingContextId

Name of the mapping context.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command deletes 'cn=group,dc=oracle,dc=com' domain exclusion rule:

deleteDomainExclusionRule('cn=group,dc=oracle,dc=com')

2.1.5.23 deleteDomainRule

Online command that deletes a domain mapping rule.

Description

Deletes a domain mapping rule for the libOVD configuration associated with an OPSS context.

Syntax

deleteDomainRule(srcDomain, destDomain, mappingContextId, [contextName])

Table 2-61 deleteDomainRule Arguments

Argument Definition

srcDomain

Source domain.

destDomain

Destination domain.

mappingContextId

Name of the mapping context.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command deletes 'dc=oracle,dc=com' domain mapping rule:

deleteDomainRule('dc=oracle,dc=com','dc=oracle,dc=com','userrole')

2.1.5.24 deleteDomainExclusionRule

Deletes a domain exclusion rule.

Description

Deletes a domain exclusion rule for the libOVD configuration associated with an OPSS context.

Syntax

deleteDomainExclusionRule(domain, mappingContextId, [contextName])

Table 2-62 deleteDomainExclusionRule Attributes

Argument Definition

domain

Distinguished Name of the container to be removed from the exclusion list.

mappingContextId

Name of the mapping context.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default value is default.


Example

deleteDomainExclusionRule('cn=group,dc=oracle,dc=com','userrole')

2.1.5.25 deleteMappingContext

Online command that deletes a mapping context.

Description

Deletes the specified mapping context for the libOVD configuration associated with an OPSS context.

Syntax

deleteMappingContext(mappingContextId, [contextName])

Table 2-63 deleteMappingContext Arguments

Argument Definition

mappingContextId

Name of the mapping context.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command deletes a mapping context for a libOVD configuration:

deleteMappingContext('defaultContext','context)

2.1.5.26 deleteView

Online command that deletes a view.

Description

Deletes a view for the libOVD configuration associated with an OPSS context.

Syntax

createView(viewName, [contextName])

Table 2-64 createView Arguments

Argument Definition

viewName

Name of the view to delete.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command deletes userView view:

deleteView('userView','default')

2.1.5.27 getAdapterDetails

Online command that displays the details of an existing adapter.

Description

Displays the details of an existing adapter configured for the libOVD configuration associated with an OPSS context.

Syntax

getAdapterDetails(adapterName, [contextName])

Table 2-65 getAdapterDetails Arguments

Argument Definition

adapterName

Name of the adapter that contains the details to be displayed.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Examples

The following commands display the details of ldap1 and join1 adapter respectively:

getAdapterDetails(adapterName='ldap1', contextName='default')

getAdapterDetails(adapterName='join1')

2.1.5.28 listAdapters

Online command that lists the name and type of all adapters.

Description

Lists the name and type of all adapters that are configured for the libOVD configuration associated with an OPSS context.

Syntax

listAdapters([contextName])

Table 2-66 listAdapters Arguments

Argument Definition

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command displays the name and type of all adapters configured for a libOVD configuration:

listAdapters()

listAdapters(contextName='myContext')

2.1.5.29 listAllMappingContextIds

Online command that lists all mapping contexts.

Description

Lists the mapping contexts associated with the specified OPSS context.

Syntax

listAllMappingContextIds([contextName])

Table 2-67 listAllMappingContextIds Arguments

Argument Definition

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command lists all the mapping contexts:

listAllMappingContextIds('default')

2.1.5.30 listAttributeRules

Online command that lists all the attribute rules.

Description

List all the attribute rules in the format SOURCE_ATTRIBUTE:DESTINATION_ATTRIBUTE:DIRECTION.

Syntax

listAttributeRules(mappingContextId, [contextName])

Table 2-68 listAttributeRules Arguments

Argument Definition

mappingContextId

Name of the mapping context.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command lists all the attribute rules:

listAttributeRules('defaultContext','default')

2.1.5.31 listDomainRules

Online command that lists all domain rules.

Description

Lists all the domain rules in the format of SOURCE_DOMAIN:DESTINATION_DOMAIN.

Syntax

listDomainRules(mappingContextId, [contextName])

Table 2-69 listDomainRules Arguments

Argument Definition

mappingContextId

Name of the mapping context.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command lists all domain rules:

listDomainRules('defaultContext','default')

2.1.5.32 listViews

Online command that lists all views

Description

Lists all views for a libOVD configuration associated with an OPSS context.

Syntax

listViews([contextName])

Table 2-70 listViews Arguments

Argument Definition

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command lists all views:

listViews('default')

2.1.5.33 modifyLDAPAdapter

Modifies parameters in an LDAP adapter.

Description

Modifies the following LDAP adapter parameters:

  • Remote Base

  • Root

  • Secure

  • BindDN

  • BindPassword

  • PassCredentials

  • MaxPoolSize

  • MaxPoolChecks

  • MaxPoolWait

  • InitialPoolSize

  • PoolCleanupInterval

  • MaxPoolConnectionIdleTime

  • Active

  • PingProtocol

  • PingBindDN

  • PingBindPassword

  • PageSize

  • HeartBeatInterval

  • OperationTimeout

  • SearchCountLimit

  • Visible

  • Critical

  • InclusionFilter

  • ExclusionFilter

  • DNPattern

  • RequestControlAllowServerSupported

  • MaxPoolConnectionReuseTime

  • ConnectTimeout

  • PoolConnectionReclaimTime

  • Protocols

Syntax

modifyLDAPAdapter(adapterName, attribute, value, [contextName])

Table 2-71 modifyLDAPAdapter Arguments

Argument Definition

adapterName

Name of the LDAP adapter to be modified.

attribute

Name of the attribute to be modified.

value

New value for the attribute.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Examples

The following examples illustrate how to set attributes in ldap1:

modifyLDAPAdapter(adapterName='ldap1', attribute='Root', value='dc=us, dc=oracle, dc=com', contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='RemoteBase', value='dc=org', contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='PassCredentials', value='BindOnly', contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='BindDN', value='cn=proxyuser,dc=com', contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='BindPassword', value='testwelcome123', contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='Secure', value=true, contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='MaxPoolSize', value=500, contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='MaxPoolChecks', value=10, contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='MaxPoolWait', value=120000, contextName='mydefault') [value is in milliseconds] 

modifyLDAPAdapter(adapterName='ldap1', attribute='InitialPoolSize', value=10, contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='PoolCleanupInterval', value=300, contextName='mydefault') [value is in seconds]

modifyLDAPAdapter(adapterName='ldap1', attribute='MaxPoolConnectionIdleTime', value=300, contextName='mydefault')  [value is in seconds]

modifyLDAPAdapter(adapterName='ldap1', attribute='Active', value=false, contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='PingProtocol', value='LDAP', contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='PingBindDN', value='cn=proxyuser', contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='PingBindPassword', value='welcome1', contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='PageSize', value=500, contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='HeartBeatInterval', value=120, contextName='mydefault') [value is in seconds]

modifyLDAPAdapter(adapterName='ldap1', attribute='OperationTimeout', value=120000, contextName='mydefault') [value is in milliseconds] 

modifyLDAPAdapter(adapterName='ldap1', attribute='SearchCountLimit', value=100, contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='Visible', value='Yes', contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='Critical', value='false', contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='InclusionFilter', value='objectclass=inetorgperson#base', contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='ExclusionFilter', value='uniquemember=*#base', contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='DNPattern', value='(.*)cn=[a-z0-9]*$', contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='RequestControlAllowServerSupported', value=false, contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='MaxPoolConnectionReuseTime', value=3600, contextName='mydefault') [value is in seconds]

modifyLDAPAdapter(adapterName='ldap1', attribute='ConnectTimeout', value=10000, contextName='mydefault') [value is in milli seconds]

modifyLDAPAdapter(adapterName='ldap1', attribute='PoolConnectionReclaimTime', value=180, contextName='mydefault')

modifyLDAPAdapter(adapterName='ldap1', attribute='Protocols', value='TLSv1.2', contextName='mydefault')

2.1.5.34 modifySocketOptions

Online command that modifies socket options.

Description

Modifies socket options for an existing LDAP adapter configuration.

Syntax

modifySocketOptions(adapterName, reuseAddress, keepAlive, tcpNoDelay, readTimeout, [contextName])

Table 2-72 modifySocketOptions Arguments

Argument Definition

adapterName

Name of the LDAP adapter to be modified.

reuseAddress

Value of reuseAddress.

keepAlive

Value of keepAlive.

tcpNoDelay

Value of tcpNoDelay.

readTimeout

Value of readTimeout in seconds.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command modifies the socket option for ldap1 adapter:

modifySocketOptions(adapterName='ldap1', reuseAddress=true, keepAlive=true, tcpNoDelay=true, readTimeout=180000, contextName='default')

2.1.5.35 removeAllRequestControlExcludeList

Online command that removes all controls from the Request Control Exclude List.

Description

Removes all controls from the Request Control Exclude List for an existing LDAP adapter configuration.

Syntax

removeAllRequestControlExcludeList(adapterName, [contextName])

Table 2-73 removeAllRequestControlExcludeList Arguments

Argument Definition

adapterName

Name of the adapter to be updated.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command removes all controls from ldap1 adapter's Request Control Exclude List:

removeAllRequestControlExcludeList(adapterName='ldap1', contextName='default')

2.1.5.36 removeAllRequestControlIncludeList

Online command that removes all controls from the Request Control Include List.

Description

Removes all controls from the Request Control Include List for an existing LDAP adapter configuration.

Syntax

removeAllRequestControlIncludeList(adapterName, [contextName])

Table 2-74 removeAllRequestControlIncludeList Arguments

Argument Definition

adapterName

Name of the adapter to be updated.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command removes all controls from ldap1 adapter's Request Control Include List:

removeAllRequestControlIncludeList(adapterName='ldap1', contextName='default')

2.1.5.37 removeFromRequestControlExcludeList

Online command that removes a control from the Request Control Exclude List.

Description

Removes a control from the Request Control Exclude List for an existing LDAP adapter configuration.

Syntax

removeFromRequestControlExcludeList(adapterName, control, [contextName])

Table 2-75 removeFromRequestControlExcludeList Arguments

Argument Definition

adapterName

Name of the LDAP adapter to be modified.

control

LDAP control object identifier (OID).

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command removes 2.16.840.1.113894.1.8.31 control from ldap1 adapter's Request Control Exclude List:

removeFromRequestControlExcludeList(adapterName='ldap1', control='2.16.840.1.113894.1.8.31', contextName='default')

2.1.5.38 removeDNAttribute

Online command that removes a attribute from the DN Attributes List.

Description

Removes a attribute from the DN Attributes List for an existing adapter that is configured for the libOVD associated with an OPSS context.

Syntax

removeDNAttribute(adapterName attributeName, [contextName])

Table 2-76 removeDNAttribute Arguments

Argument Definition

adapterName

Name of the adapter to be updated.

attributeName

Name of the new DN attribute to be removed.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command removes memberof attribute from ldap1 adapter's attribute list:

removeDNAttribute(adapterName='ldap1', attributeName='memberof', contextName='default')

2.1.5.39 removeFromRequestControlIncludeList

Online command that removes a control from the Request Control Include List.

Description

Removes a control from the Request Control Include List for an existing LDAP adapter configuration.

Syntax

removeFromRequestControlIncludeList(adapterName, control, [contextName])

Table 2-77 removeFromRequestControlIncludeList Arguments

Argument Definition

adapterName

Name of the LDAP adapter to be modified.

control

LDAP control object identifier (OID).

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command removes 2.16.840.1.113894.1.8.31 control from ldap1 adapter's Request Control Include List:

removeFromRequestControlIncludeList(adapterName='ldap1', control='2.16.840.1.113894.1.8.31', contextName='default')

2.1.5.40 removeJoinRule

Online command that removes a join rule from a Join Adapter.

Description

Removes a join rule from a Join Adapter configured for the libOVD configuration associated with the specified OPSS context.

Syntax

removeJoinRule(adapterName, secondary, [contextName])

Table 2-78 removeJoinRule Arguments

Argument Definition

adapterName

Name of the Join Adapter to be modified.

secondary

The join rules corresponding to this secondary adapter are removed from the Join Adapter.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Examples

The following command removes 2.16.840.1.113894.1.8.31 control from ldap1 adapter's Request Control Include List:

removeJoinRule('join1','secondaryldap1', 'default')

removeJoinRule(adapterName='join1', secondary='LDAP3')

2.1.5.41 removeLDAPHost

Online command that removes a remote host from an existing LDAP adapter.

Description

Removes a remote host (host:port) from an existing LDAP adapter.

Syntax

removeLDAPHost(adapterName, host, [contextName])

Table 2-79 removeLDAPHost Arguments

Argument Definition

adapterName

Name of the LDAP adapter to be modified.

host

Location of a remote LDAP host with which the LDAP adapter will communicate.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command removes the host and port from ldap1 adapter:

removeLDAPHost(adapterName='ldap1', host='myhost.example.com')

removeLDAPHost('ldap1', 'myhost.example.com', 'myContext')

2.1.5.42 removePlugin

Online command that removes a plug-in from an existing adapter.

Description

Removes a plug-in from an existing adapter or at the global level.

Syntax

removePlugin(pluginName, [adapterName], [contextName])

Table 2-80 removePlugin Arguments

Argument Definition

pluginName

Name of the plug-in to be removed.

adapterName

Optional. Name of the adapter to be modified. If not specified, the global plug-in is removed.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following commands remove VirtualAttr plug-in from ldap1 adapter:

removePlugin(adapterName='ldap1', pluginName='VirtualAttr')

removePlugin(pluginName='VirtualAttr')

2.1.5.43 removePluginParam

Online command that removes an existing parameter from a configured adapter level plug-in.

Description

Removes an existing parameter from a configured adapter level plug-in or a global plug-in. This command removes all values of a particular parameter from the plug-in.

Syntax

removePluginParam(pluginName, paramKey, [adapterName], [contextName])

Table 2-81 removePluginParam Arguments

Argument Definition

pluginName

Name of the plug-in to be modified.

paramKey

Parameter to be removed.

adapterName

Optional. Name of the adapter to be modified. If not specified, the global plug-in is modified.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following commands remove the plug-in parameter ReplaceAttribute from VirtualAttr plug-in:

removePluginParam(adapterName='ldap1', pluginName='VirtualAttr', paramKey='ReplaceAttribute')

removePluginParam(pluginName='VirtualAttr', paramKey='ReplaceAttribute')

2.1.5.44 replacePluginParam

Online command that replaces parameter values for a plug-in.

Description

Replaces existing parameter values for the specified adapter level plug-in or global plug-in.

Syntax

replacePluginParam(pluginName, paramName, paramValues, [adapterName,][contextName])

Table 2-82 replacePluginParam Arguments

Argument Description

pluginName

Name of the plug-in to be modified.

paramName

Name of the parameter to be replaced.

paramValues

New values of the parameter. For more than one new value, separate each new parameter value are by a "|".

adapterName

Optional. Name of the adapter to be modified. If not specified, the global plug-in is modified.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Examples

The following commands replace the parameter values for the associated plug-in for an adapter:

replacePluginParam(adapterName='ldap1', pluginName='VirtualAttr', paramName='ReplaceAttribute', paramValues='cn=%uid%')

replacePluginParam(adapterName='ldap1', pluginName='UserManagement', paramName='mapAttribute', paramValues='orclguid=objectGuid | uniquemember=member')

2.1.5.45 unassignViewFromAdapter

Online command that unassigns a view from an adapter.

Description

Unassigns a view from an LDAP adapter configuration.

Syntax

unassignViewFromAdapter(viewName, adapterName, [contextName])

Table 2-83 unassignViewFromAdapter Arguments

Argument Definition

viewName

Name of the view.

adapterName

Name of the LDAP adapter.

contextName

Optional. Name of the OPSS context with which the libOVD configuration is associated. Default is "default".


Example

The following command unassigns userView associated with ldap1 adapter:

unassignViewFromAdapter('userView','ldap1', 'default')

2.1.5.46 listSSLStoreType

Online command that lists the type of SSL store in use.

Description

This command lists the type of SSL store in use for libOVD (JKS or KSS).

Syntax

listSSLStoreType(contextName=[contextName])

Table 2-84 listSSLStoreType Arguments

Argument Definition

contextName

Name of the OPSS context with which libOVD configuration is associated. The default value is default.


Example

This following command list the SSL store types in use:

listSSLStoreType(contextName='default')

2.1.5.47 enableKSSForSSL

Online command to enable KSS for libOVD.

Description

This command enables KSS for SSL, and disables JKS if it was enabled before. For more information about KSS, see Oracle® Fusion Middleware Securing Applications with Oracle Platform Security Services.

Syntax

enableKSSForSSL(contextName=[contextName])

Table 2-85 enableKSSForSSL Arguments

Argument Definition

contextName

Optional. Name of the OPSS context with which libOVD configuration is associated. The default value is default.


Example

The following command enables KSS for SSL:

enableKSSForSSL(contextName='default')

2.1.5.48 enableJKSForSSL

Online command to enable JKS for libOVD.

Description

This command enables JKS for SSL, and disables KSS if it was enabled before. The command assumes that the libOVD adapters.jks file exists.

Syntax

enableJKSForSSL(contextName=[contextName])

Table 2-86 enableJKSForSSL Arguments

Argument Definition

contextName

Optional. Name of the OPSS context with which libOVD configuration is associated. The default value is default.


Example

The following command enables JKS for SSL:

enableJKSForSSL(contextName='default')

2.1.5.49 createKeyStoreAndEnableJKSForSSL

Online command to enable JKS for SSL.

Description

This command enables JKS for SSL, and disables KSS if it was enabled before. The command creates the libOVD adapters.jks file.

Syntax

createKeyStoreAndEnableJKSForSSL(keystorePassword=[password], contextName=[contextName])

Table 2-87 createKeyStoreAndEnableJKSForSSL Arguments

Argument Definition

keystorePassword

Password for libOVD adapters.jks file.

contextName

Optional. Name of the OPSS context with which libOVD configuration is associated. The default value is default.


Example

The following command enable JKS for SSL:

createKeyStoreAndEnableJKSForSSL(keystorePassword='welcome1', contextName='default')

2.1.5.50 importTrustedCertificateIntoSSLStore

Online command to import trusted certificate into SSL store.

Description

This command imports the provided trusted certificate into SSL store.

Syntax

importTrustedCertificateIntoSSLStore(certificateFileName=[cert_file],aliasName=[aliasName],contextName=[contextName])

Table 2-88 importTrustedCertificateIntoSSLStore Arguments

Argument Definition

certificateFileName

File name that contains the certificate.

aliasName

Alias name for the certificate.

contextName

Optional. Name of the OPSS context with which libOVD configuration is associated. The default value is default.


Example

The following command imports the provided trusted certificate into SSL store:

importTrustedCertificateIntoSSLStore(certificateFileName='/tmp/cert.txt',aliasName='myCert1',contextName='default')

2.1.5.51 migrateAllTrustedCertificatesFromJKSToKSS

Online command to migrate all trusted certificates from JKS-based libOVD truststore to KSS store.

Description

This command migrates all trusted certificates from JKS-based libOVD truststore to KSS store.

Syntax

migrateAllTrustedCertificatesFromJKSToKSS(contextName=[contextName])

Table 2-89 migrateAllTrustedCertificatesFromJKSToKSS Arguments

Argument Definition

contextName

Optional. Name of the OPSS context with which libOVD configuration is associated. The default value is default.


Example

The following command migrates all trusted certificates from JKS-based libOVD truststore to KSS store:

migrateAllTrustedCertificatesFromJKSToKSS(contextName='default')

2.1.5.52 migrateTrustedCertificatesFromJKSToKSS

Online command to migrate given trusted certificates from JKS-based libOVD truststore to KSS store.

Description

This command migrates the given trusted certificates from JKS-based libOVD truststore to KSS store.

Syntax

migrateTrustedCertificatesFromJKSToKSS(aliasNames=[alias_names], contextName=[contextName])

Table 2-90 migrateTrustedCertificatesFromJKSToKSS Arguments

Argument Definition

aliasNames

List of alias names to migrate separated by a comma.

contextName

Optional. Name of the OPSS context with which libOVD configuration is associated. The default value is default.


Example

The following command migrates the specified trusted certificates from JKS-based libOVD truststore to KSS store:

migrateTrustedCertificatesFromJKSToKSS (aliasNames='alias1,alias2', contextName='default')

2.1.5.53 changeLDAPHostPort

Online command to change given LDAP host and port in an existing LDAP adapter configuration to a new host and port.

Description

This command changes given LDAP host and port in an existing LDAP adapter configuration to a new host and port.

Syntax

changeLDAPHostPort(adapterName=[adapterName], oldHost=[oldHost], oldPort=[oldPort], newHost=[newHost], newPort=[newPort], contextName=[contextName])

Table 2-91 changeLDAPHostPort Arguments

Argument Definition

adapterName

Name of the LDAP adapter to be modified.

oldHost

Old LDAP host.

oldPort

Old LDAP port.

newHost

New LDAP host.

newPort

New LDAP port.

contextName

Optional. Name of the OPSS context with which libOVD configuration is associated. The default value is default.


Example

The following command changes given LDAP host and port in an existing LDAP adapter configuration to a new host and port:

changeLDAPHostPort(adapterName='ldap1', oldHost='oldhost.example.domain.com', oldPort=389, newHost='newhost.example.domain.com', newPort=389)

2.1.5.54 removeLDAPHostPort

Online command to remove a remote host and a port from an existing LDAP adapter configuration.

Description

This command removes a remote host and a port from an existing LDAP adapter configuration.

Syntax

removeLDAPHostPort(adapterName=[adapterName], host=[host], port=[port], contextName=[contextName])

Table 2-92 removeLDAPHostPort Arguments

Argument Definition

adapterName

Name of the LDAP adapter to be modified.

host

Remote LDAP host.

port

Remote LDAP port.

contextName

Optional. Name of the OPSS context with which libOVD configuration is associated. The default value is default.


Example

The following command removes a remote host and a port from an existing LDAP adapter configuration:

removeLDAPHostPort(adapterName='ldap1', host='myhost.example.domain.com', port=389)

2.1.5.55 setReadOnlyForLDAPHost

Online command to set the given host and port to read-only/writable in an existing LDAP adapter configuration.

Description

This command sets the given host and port to read-only/writable in an existing LDAP adapter configuration.

Syntax

setReadOnlyForLDAPHost(adapterName=[adapterName], host=[host], port=[port], readOnly=[true/false], contextName=[contextName])

Table 2-93 setReadOnlyForLDAPHost Arguments

Argument Definition

adapterName

Name of the LDAP adapter to be modified.

host

LDAP host.

port

LDAP port.

readOnly

It has values: true or false.

contextName

Optional. Name of the OPSS context with which libOVD configuration is associated. The default value is default.


Example

The following command sets the given host and port to read-only in an existing LDAP adapter configuration:

setReadOnlyForLDAPHost(adapterName='ldap1', host='myhost.example.domain.com', port=389, readOnly=true)

2.1.5.56 dumpLdapConnectionPoolStats

Online command that dumps the current connection pool statistics for an adapter to a file for the given JVM on which WLS is configured.

Description

This command dumps the current connection pool statistics for an adapter to a file for the given JVM on which WLS is configured.

Syntax

dumpLdapConnectionPoolStats(fileName=[fileName], adapterName=[adapterName], contextName=[contextName])

Table 2-94 dumpLdapConnectionPoolStats Arguments

Argument Definition

fileName

Refers to the full path of the file.

adapterName

Name of the LDAP adapter.

contextName

Optional. Name of the OPSS context with which libOVD configuration is associated. The default value is default.


Example

The following example dumps the connection pool statistics for ldap1 adapter into the specified file:

dumpLdapConnectionPoolStats('/tmp/poolstats1.txt','ldap1', 'default')