Name
[Windows Manager]
Installation_folder\SVROR\Manager\bin\rcxadm authctl - user authentication directory service connection settings
[Linux Manager]
/opt/FJSVrcvmr/bin/rcxadm authctl - user authentication directory service connection settings
Format
rcxadm authctl register {-host hostname|-ip ip_address} [-port port] -base base_dn -bind bind_dn [-method {SSL|PLAIN}] {-passwd password|-passwd_file password_file} rcxadm authctl unregister rcxadm authctl show rcxadm authctl modify {[{-host hostname|-ip ip_address}] [-port port] [-base base_dn] [-bind bind_dn {-passwd password|-passwd_file password_file}] [-method {SSL|PLAIN}]} rcxadm authctl diffcert rcxadm authctl refreshcert -alias alias rcxadm authctl sync
Description
rcxadm authctl is the command to operate the connection information of the directory server that retains user authentication information.
Only OS administrators can execute this command.
When using the following subcommands, stop the manager prior to command execution:
register
unregister
modify
refreshcert
Subcommands
Registers directory server connection information. When executing this command, the directory server is not connected.
This command cannot be used when multiple sets of directory server connection information are registered.
Deletes the connection information of registered directory servers.
This command cannot be used when multiple sets of directory server connection information are registered.
The registered directory server connection information is displayed in the following format.
host1: Host name or IP address |
When directory server connection information for only one server is registered, only one host name (or IP address) is displayed.
Modifies the connection information of registered directory servers.
This command cannot be used when multiple sets of directory server connection information are registered.
Compares the certificates registered with ServerView Operations Manager and the Resource Orchestrator manager, and when the following difference exists, that certificate is displayed using a different name.
Certificates that exist in the ServerView Operations Manager keystore, but not in the Resource Orchestrator manager's keystore
Certificates that exist in the ServerView Operations Manager keystore and the Resource Orchestrator manager's keystore, but have conflicting fingerprints
This command cannot be used for the following configurations:
ServerView Operations Manager has not been installed.
Internal authentication is used as the authentication method
Difference of the CA certificate (keystore) is displayed using alias in the following format:
svs_cms |
Imports the certificate of ServerView Operations Manager corresponding to the specified alias into Resource Orchestrator.
Specify the alias displayed by the diffcert command.
This command cannot be used for the following configurations:
ServerView Operations Manager has not been installed.
Internal authentication is used as the authentication method
If a root CA certificate has been registered with ServerView Operations Manager, specify that root CA certificate.
To import the server certificate, specify the alias for the following certificate:
Server certificate of ServerView Operations Manager
Server certificate of the directory server to be used
This is unnecessary when using the directory service provided with ServerView Operations Manager.
Note
The certificate is imported using the specified alias. The existing certificate is deleted in the following cases:
There is a certificate which has the same alias
There is a certificate which has the same content as the certificate to be imported
Point
When executing the command, create a copy of the keystore (truststore-cacerts) file for Resource Orchestrator in the following format. When a file with the same name already exists, it will be overwritten.
[Windows Manager]
Source File
Installation_folder\SVROR\Manager\runtime\jre6\lib\security\cacerts
Destination File
Installation_folder\SVROR\Manager\runtime\jre6\lib\security\cacerts.org
[Linux Manager]
Source File
/opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts
Destination File
/opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts.org
Synchronizes the directory server connection settings of Resource Orchestrator with those of ServerView Operations Manager. When directory server configuration information is not already registered, it will be registered with Resource Orchestrator using the settings of ServerView Operations Manager.
This command cannot be used for the following configurations:
ServerView Operations Manager has not been installed.
Options
The following options can be specified when using the register and modify subcommands:
Specify the port number of the directory server. When omitted, the following port number is regarded as having been specified using the -method value.
SSL
636
PLAIN
389
Specify the communication encryption method for the directory server. Specify either one of the following:
When encrypted communication is enabled
SSL
When encrypted communication is not enabled
PLAIN
When this option is omitted, the -method SSL is regarded as being specified.
The following options can be specified when using the register subcommand:
Specify the host name for the directory server using an FQDN or an IP address.
Specify the IP address of the directory server. This option is for compatibility. Use the -host option.
Specify the search base of the directory server in DN format.
Specify administrative user name of the directory server in the DN format.
Specify the password for the administrative user name of the directory server.
Specify the password file for the administrative user name of the directory server. Enter the password file using the following format (remove the quotation marks).
"userdn,password"
Specify the following options when using the modify subcommand:
Specify the host name for the directory server using an FQDN or an IP address.
Specify the IP address of the directory server. This option is for compatibility. Use the -host option.
Specify the search base of the directory server in DN format.
Specify administrative user name of the directory server in the DN format.
Specify the password for the administrative user name of the directory server.
Specify the password file for the administrative user name of the directory server. Enter the password file using the following format (remove the quotation marks).
"userdn,password"
Specify the following options when using the refreshcert subcommand:
Specify the alias of the certificate to import into the CA certificate of Resource Orchestrator.
When using blank spaces or symbols in the specified string, enclose the whole string in double quotes ( " ).
An alias which contains double quotes ( " ) as character elements cannot be specified for this command. Remove any double quotes (") included in the alias before executing this command.
Note
Enter a string of 1 or more characters for the administrative user name.
Enter a string no longer than 128 characters for the password.
When changing the configuration of the administrative user name and password, specify both files.
When using blank spaces in the specified string, enclose the whole specified string in double quotes ( " ). Note that it is not necessary to use double quotations (") when specifying the character string in the password file.
Requirements
OS Administrator
Admin server
Exit Status
This command returns the following values:
The command executed successfully.
An error has occurred.
