Name
[Windows Manager]
Installation_folder\SVROR\Manager\bin\rcxadm authctl - user authentication directory service connection settings
[Linux Manager]
/opt/FJSVrcvmr/bin/rcxadm authctl - user authentication directory service connection settings
Format
rcxadm authctl register {-host hostname|-ip ip_address} [-port port] -base base_dn -bind bind_dn [-method {SSL|PLAIN}] {-passwd password|-passwd_file password_file} [-auth {serverview|ldap}] rcxadm authctl unregister rcxadm authctl show rcxadm authctl modify {-host hostname|-ip ip_address} [-port port] -base base_dn -bind bind_dn [-method {SSL|PLAIN}] {-passwd password|-passwd_file password_file} [-auth {serverview|ldap}] rcxadm authctl export rcxadm authctl diffcert rcxadm authctl refreshcert -alias alias rcxadm authctl sync
Description
rcxadm authctl is the command to operate the connection information of the directory server that retains user authentication information.
Only OS administrators can execute this command.
When using the following subcommands, stop the manager prior to command execution:
register
unregister
modify
refreshcert
sync
Subcommands
Registers directory server connection information with Resource Orchestrator.
When directory server connection information is registered, user authentication is performed in the directory service. When executing this command, the directory server is not connected.
Deletes the connection information of directory servers registered with Resource Orchestrator. User information registered in the directory server is not deleted; the connection information is only deleted from Resource Orchestrator.
Modifies the connection information of directory servers registered with Resource Orchestrator.
The registered directory server connection information is displayed in the following format.
host: Host name or IP address |
Migrates the information from a directory server used with Resource Orchestrator V2.3.0, to the management information of Resource Orchestrator.
When user information is being managed using a directory service or Single Sign-On is performed with Resource Orchestrator V2.3.0, this task must be done before migration.
Migrate the following information to the management information:
User group information and the users belonging to it
Role definition
Scope and role of access
Resource information under the orchestration tree (the names and tree structure)
Displays difference between the CA certificate (keystore) registered with ServerView Operations Manager and the CA certificate (keystore) registered in Resource Orchestrator, using alias.
This command cannot be used for the following configurations:
ServerView Operations Manager has not been installed.
Difference of the CA certificate (keystore) is displayed using alias in the following format:
svs_cms |
Imports the certificate of ServerView Operations Manager corresponding to the specified alias into Resource Orchestrator.
Specify the alias displayed by the diffcert command.
This command cannot be used for the following configurations:
ServerView Operations Manager has not been installed
If a root CA certificate has been registered with ServerView Operations Manager, specify that root CA certificate.
To import the server certificate, specify the alias for the following certificate:
Server certificate of ServerView Operations Manager
Server certificate of the directory server to be used
It is unnecessary when using the OpenDS or OpenDJ provided with ServerView Operations Manager.
Note
The certificate is imported using the specified alias. The existing certificate is deleted in the following cases:
There is a certificate which has the same alias
There is a certificate which has the same content as the certificate to be imported
Point
When executing the command, create a copy of the keystore (truststore-cacerts) file for Resource Orchestrator in the following format. When a file with the same name already exists, it will be overwritten.
[Windows Manager]
Source File
Installation_folder\SVROR\Manager\runtime\jre6\lib\security\cacerts
Destination File
Installation_folder\SVROR\Manager\runtime\jre6\lib\security\cacerts.org
[Linux Manager]
Source File
/opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts
Destination File
/opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts.org
Synchronizes the directory server connection settings of Resource Orchestrator with those of ServerView Operations Manager.
This command cannot be used for the following configurations:
ServerView Operations Manager has not been installed.
Options
Specify the host name for the directory server to register using an FQDN or an IP address.
Specify the IP address of the directory server to register. This option is for compatibility. Use the -host option.
Specify the port number of the directory server to register. When omitted, the following port numbers are regarded as having been specified using the -method value.
SSL : 636 PLAIN : 389 |
Specify the search base of the directory server to register in DN format.
Specify the administrative privilege user name of the directory server to register in DN format.
Specify the encryption communication method to use with the directory server to register. Specify one of following.
If this option is omitted, "SSL" is specified. If PLAIN is specified, encryption is not performed.
SSL
PLAIN
Specify the password for the administrative privilege user of the directory server to register.
Specify the administrative privilege user name of the directory server to register.
This option is used in Basic mode.
Specify the method for user authentication. Specify one of following items.
If omitted, "serverview" is set.
serverview
Operation using ServerView Operations Manager and Single Sign-On is performed.
ldap
Only user authentication using directory service is performed. Operation is not performed using Single Sign-On.
Specify the alias of the certificate to import into the CA certificate of Resource Orchestrator.
When using blank spaces or symbols in the specified string, enclose the whole string in double quotes ( " ).
An alias which contains double quotes ( " ) as character elements cannot be specified for this command. Remove any double quotes (") included in the alias before executing this command.
Examples
To display the registered directory server connection information:
>rcxadm authctl show <RETURN>
host: myhost.fujitsu.com
port: 636
base: dc=fujitsu,dc=com
bind: cn=manager,dc=fujitsu,dc=com
method: SSL
auth: serverview |
