etautil Control Statements

Provisioning Reference Guide › etautil Batch Utility › etautil Syntax › etautil Control Statements

etautil Control Statements

Control statements tell etautil the procedures to carry out; this is the request that is sent to the Provisioning Server. Use semicolons to delimit multiple control statements in a single etautil command.

Each statement must begin with a verb followed by a base distinguished name (base dn), an object's class name, and the object's operands.

verb  basedn  classname  operands

Note: For more information about control statements see the Provisioning Manager help. For endpoint type-specific details, see the Connectors Guide.

The following are examples of the etautil control statements:

ADD

The following example creates role-based accounts for a user:

add 'eTGlobalUserContainerName=Global  Users,eTNamespaceName=CommonObjects' 
    eTGlobalUser globalusername=denro01 in 'eTRoleContainerName=Roles,eTNamespaceName=CommonObjects'  eTRole  RoleName=TeamManager

The following example register a UNIX endpoint:

add  'eTNamespaceName=UNIX - etc' eTETCDirectory name=hpdevsrv eTETCHost=hpdevsrv  eTETCUnicenterSec=0  eTETCUnicenterUser=0

The following example creates a global user named HAAS14 and assigns the values of myvalue1 and myvalue2 to the custom fields with the IDs of 01 and 02.

etautil -u etaadmin -p super**s add 'eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects'
GlobalUserName=user14 eTCustomField01=myvalue1 eTCustomField02=myvalue2 eTPassword=super**s eTUserId=user14

Note: You cannot use the ADD statement to add mainframe endpoints to the Provisioning Server.

COPY/COPYALL

Copy creates a new global user with the same properties as an existing global user, including the same roles.

Copyall performs the same function as Copy but also copies the existing user's relationships (inclusions) to the new global user.

Syntax:

copy|copyall 'eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects'  eTGlobalUser globalusername=existing_user[.domain] to
globalusername=new_user eTFullName='new fullname'
  [property1=value property2=value … propertyn=value]

Example:

copyall  'eTGlobalUserContainerName=Global  Users,eTNamespaceName=CommonObjects' 
eTGlobalUser  globalusername=user01  to  globalusername=user12  FullName='John Doe' 
  Password=password  EmailAddress=JohnDoe@mycompany.com

DELETE

Deletes a global user and its relationships from an endpoint.To delete an object and its inclusion objects, the syntax is:

delete basedn classname namingattribute=value

To delete an inclusion object, the syntax is:

delete childbasedn childclass childnamingattribute=value in parentbasedn parentclass parentnamingattribute=value [relationship=rel]

Note: The deletion of a global user and its accounts can be done using the Update control statement described later in this chapter.

EXPLORE

Finds objects in a registered endpoint and stores them in the provisioning directory. Optionally, correlates or creates a global user in the Provisioning Server for the person associated with each account in the endpoint.

Syntax:

To explore an entire endpoint, the syntax is:

explore dirbasedn dirclassname dirnamingattribute=value list [explore options]

To explore only a specific container, the syntax is:

explore base_dn_container_class_name name=container_name [scope=value] list explore_options

The explore_options include the following:

ExploreUpdateEtrust-Retrieves all managed objects.
ExploreCorrelateUsers-Correlates accounts with global users using existing ones.
ExploreCreateUsers-Creates global users as needed during the correlation. ExploreUpdateUsers-Sets/refreshes the global user attributes using account attribute values.
Note: Combining explore, correlate, and update actions into a single request is not supported.

Examples:

To explore and correlate an entire UNIX endpoint using existing global users:

explore 'eTNamespaceName=UNIX - etc' eTETCDirectory
name= hpserv01 list eTExploreUpdateEtrust

explore 'eTNamespaceName=UNIX - etc' eTETCDirectory
name= hpserv01 list eTExploreCorrelateUsers

To explore a specific NDS container:

explore 'eTNDSOrganizationName=Org1,eTNDSTreeName=SampleTree,eTNamespaceName=NDS Servers' 
eTNDSOrgUnit name=OrgUnit1 scope=1 
list ExploreUpdateEtrust

MASSCHANGE

Sets the same attribute values on a set of objects or searches and replaces attribute values on a set of objects.

Syntax:

masschange basedn class criteria [scope=value] to property0=value [property1=value… propertyn=value]

where:

criteria-Is the filter for selected target objects.

Scope-Specifies the scope of the search operation (1 for 1-level, 2 for sub-tree level; the default is 1).

propertyn=value-Specifies the attribute to be updated and its new value.

Example:

This example replaces the string (310) with (424) in the eTTelephone value and sets the eTStreetAddress to 15 Software Street for the global users who have eTCity equal to Santa Monica and a name beginning with u:

masschange 'eTGlobalUserContainerName=Global Users, eTNamespaceName=CommonObjects' eTGlobalUser City='Santa Monica'  GlobalUserName=u* to Telephone=#sp(310)p(424) StreetAddress='15 Software Street'

REPORT

Use REPORT to check account or user synchronization. For more information, see Report Accounts that Do Not Comply with Account Templates.

Syntax:

report basedn class namingattr=value list reporting_attribute

reporting_attribute-Must be eTSyncAccounts, eTSyncUsers, or eTSyncDelete.

Example:

This example reports all existing accounts that do not comply with the account templates to which they are assigned for the global user ayrton02:

report  'eTGlobalUserContainerName=Global Users,
eTNamespaceName=CommonObjects'  eTGlobalUser  globalusername= user02 list  eTSyncAccounts

UPDATE

Use the Update control statement to do the following:

Synchronize accounts with account templates.
Suspend and resume a global user. You can specify that all accounts associated with the global user are also suspended or resumed.
Change the attributes of an account template and apply those changes to the associated accounts. To propagate those changes to each account assigned to the account template, specify the phrase eTSyncAccounts=1.
Delete a global user, its relationships, and its accounts.
Update the attributes values of an existing object.

Syntax:

update basedn class namingattribute=value to entries

Examples:

To synchronize an account synchronization for a role:

update  'eTRoleContainerName=Roles,
eTNamespaceName=CommonObjects' 
eTRole RoleName=F1Drivers to eTSyncAccounts=1

To delete a global user and its accounts:

update 'eTGlobalUserContainerName=Global  Users,eTNamespaceName=CommonObjects' 
eTGlobalUser  globalusername=user02  to  DeleteUserAndAccounts=1

To remove a value of a multivalued attribute such as eTRoleDN:

update 'eTGlobalUserContainerName=GlobalUsers,eTNamespaceName=CommonObjects' GlobalUser GlobalUserName=y272705 to -eTRoleDN=
'eTRoleName=LNDSuspended,eTRoleContainerName=Roles,eTNamespaceName= CommonObjects,yourdomainsuffix'

This command example uses a plus (+) or minus (-) sign operator in the update section to add or remove values of a multivalued attribute. In this example, there is a minus sign (-) operator before the eTRoleDN attribute to delete an association between Global User and Role.

Email CA Technologies about this topic